Linux 之 netstat

1.netstat

usage: netstat [-veenNcCF] [] -r         netstat {-V|--version|-h|--help}
       netstat [-vnNcaeol] [ ...]
       netstat { [-veenNac] -I[] | [-veenNac] -i | [-cnNe] -M | -s } [delay]
 
        -r, --route                display routing table   #显示路由表
        -I, --interfaces=   display interface table for   #显示网络接口表
        -i, --interfaces           display interface table  #显示网络接口表
        -g, --groups               display multicast group memberships  #显示多播组成员
        -s, --statistics           display networking statistics (like SNMP) #显示网络统计数据,如IP/ICMP/SNMP/..各协议统计。
        -M, --masquerade           display masqueraded connections  #显示伪装的连接
 
        -v, --verbose              be verbose   #详细信息
        -n, --numeric              don't resolve names   #不做名字解析
        --numeric-hosts            don't resolve host names  #不做主机名解析
        --numeric-ports            don't resolve port names  #不做端口名解析
        --numeric-users            don't resolve user names  #不做用户名解析
        -N, --symbolic             resolve hardware names   
        -e, --extend               display other/more information   #显示更多信息,用户名,inode
        -p, --programs             display PID/Program name for sockets     #显示pid和程序名字
        -c, --continuous           continuous listing   #持续的列出相关信息
 
        -l, --listening            display listening server sockets  #显示处于监听状态的套接字
        -a, --all, --listening     display all sockets (default: connected)   #显示所有的套接字
        -o, --timers               display timers   #显示计时器
        -F, --fib                  display Forwarding Information Base (default)   #使用-rF查看路由表时,显示转发信息
        -C, --cache                display routing cache instead of FIB     #使用-rC查看路由表时,显示详细的路由缓存
        -T, --notrim               stop trimming long addresses   #停止修剪长地址
        -Z, --context              display SELinux security context for sockets   #显示套接字的SELINUX上下文
 
  : Name of interface to monitor/list.
  ={-t|--tcp} {-u|--udp} {-S|--sctp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom
  =Use '-A ' or '--'; default: inet
  List of possible address families (which support routing):
    inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25) 
    netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP) 
    x25 (CCITT X.25) 

举例:
1 . 查看网络链接状态

    -a 显示所有状态的socket  
    -n 不做名字解析,不加此参数,80端口会显示成http,127.0.0.1显示成localhost,uid为0显示成root等等    
    -e 显示更多信息如用户,inode
    -p 显示pid和程序名字
    -t 显示tcp链接
    -u 显示udp链接
    -x 显示unix套接字    
- netstat -anpte #查看tcp链接
[root@jia1-LinuxPerformance ~]# netstat -anpte
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       User       Inode      PID/Program name   
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      0          10294      1821/sshd           
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      0          10594      1923/master         
tcp        0     52 172.16.2.106:22             124.65.173.246:50809        ESTABLISHED 0          10826      1967/sshd           
tcp        0      0 172.16.2.106:54076          100.100.100.200:80          TIME_WAIT   0          0          -                   
tcp        0      0 172.16.2.106:60382          140.205.140.205:80          ESTABLISHED 0          9273       1471/AliYunDun      
tcp        0      0 172.16.2.106:54070          100.100.100.200:80          TIME_WAIT   0          0          -     
- netstat -anpue #查看udp链接
[root@jia1-LinuxPerformance ~]# netstat -anpue
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       User       Inode      PID/Program name   
udp        0      0 0.0.0.0:68                  0.0.0.0:*                               0          9200       1678/dhclient       
udp        0      0 0.0.0.0:68                  0.0.0.0:*                               0          8655       1069/dhclient       
udp        0      0 172.16.2.107:123            0.0.0.0:*                               0          10366      1832/ntpd           
udp        0      0 172.16.2.106:123            0.0.0.0:*                               0          10365      1832/ntpd           
udp        0      0 127.0.0.1:123               0.0.0.0:*                               0          10364      1832/ntpd           
- netstat -anpxe #查看unix套接字链接
[root@jia1-LinuxPerformance ~]# netstat -anpxe
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node PID/Program name    Path
unix  2      [ ACC ]     STREAM     LISTENING     9249   1471/AliYunDun      /tmp/Aegis-
unix  2      [ ACC ]     STREAM     LISTENING     9251   1471/AliYunDun      /usr/local/aegis/Aegis-
unix  2      [ ACC ]     STREAM     LISTENING     7047   1/init              @/com/ubuntu/upstart
unix  10     [ ]         DGRAM                    8814   1140/rsyslogd       /dev/log
unix  2      [ ACC ]     STREAM     LISTENING     10600  1923/master         public/cleanup
unix  2      [ ACC ]     STREAM     LISTENING     10607  1923/master         private/tlsmgr
unix  2      [ ACC ]     STREAM     LISTENING     10611  1923/master         private/rewrite
unix  2      [ ACC ]     STREAM     LISTENING     10615  1923/master         private/bounce
unix  2      [ ACC ]     STREAM     LISTENING     10667  1923/master         private/local
unix  2      [ ACC ]     STREAM     LISTENING     10671  1923/master         private/virtual
unix  2      [ ]         DGRAM                    7622   483/udevd           @/org/kernel/udev/udevd
unix  2      [ ACC ]     STREAM     LISTENING     10675  1923/master         private/lmtp
unix  2      [ ACC ]     STREAM     LISTENING     10679  1923/master         private/anvil
unix  2      [ ACC ]     STREAM     LISTENING     10683  1923/master         private/scache
unix  2      [ ]         DGRAM                    13412  2216/anacron        
unix  2      [ ]         DGRAM                    10874  1967/sshd           
unix  2      [ ]         DGRAM                    10719  1940/qmgr           
unix  2      [ ]         DGRAM                    10693  1939/pickup         
unix  2      [ ]         DGRAM                    10690  1941/crond          
unix  3      [ ]         STREAM     CONNECTED     10686  1923/master         
unix  3      [ ]         STREAM     CONNECTED     10685  1923/master         
unix  3      [ ]         STREAM     CONNECTED     10682  1923/master         
unix  3      [ ]         STREAM     CONNECTED     10681  1923/master         
unix  3      [ ]         STREAM     CONNECTED     10678  1923/master         
unix  3      [ ]         STREAM     CONNECTED     10677  1923/master         
unix  3      [ ]         STREAM     CONNECTED     10674  1923/master      

2 . 查看路由表

netstat -r和route命令输出是差不多的.
  
[root@jia1-LinuxPerformance ~]# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
172.16.2.0      *               255.255.255.0   U         0 0          0 eth0
172.16.2.0      *               255.255.255.0   U         0 0          0 eth1
link-local      *               255.255.0.0     U         0 0          0 eth0
link-local      *               255.255.0.0     U         0 0          0 eth1
default         172.16.2.253    0.0.0.0         UG        0 0          0 eth0
default         172.16.2.253    0.0.0.0         UG        0 0          0 eth1
[root@jia1-LinuxPerformance ~]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
172.16.2.0      *               255.255.255.0   U     0      0        0 eth0
172.16.2.0      *               255.255.255.0   U     0      0        0 eth1
link-local      *               255.255.0.0     U     1002   0        0 eth0
link-local      *               255.255.0.0     U     1003   0        0 eth1
default         172.16.2.253    0.0.0.0         UG    0      0        0 eth0
default         172.16.2.253    0.0.0.0         UG    1001   0        0 eth1
netstat -rF和netstat -rC两个命令的区别是一个输出的是路由表,一个输出的是路由缓存。 默认netstat -r输出的是netstat -rF结果。-F为默认参数

[root@jia1-LinuxPerformance ~]# netstat -rF
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
172.16.2.0      *               255.255.255.0   U         0 0          0 eth0
172.16.2.0      *               255.255.255.0   U         0 0          0 eth1
link-local      *               255.255.0.0     U         0 0          0 eth0
link-local      *               255.255.0.0     U         0 0          0 eth1
default         172.16.2.253    0.0.0.0         UG        0 0          0 eth0
default         172.16.2.253    0.0.0.0         UG        0 0          0 eth1

[root@jia1-LinuxPerformance ~]# netstat -rC
Kernel IP routing cache
Source          Destination     Gateway         Flags   MSS Window  irtt Iface
140.205.140.205 172.16.2.106    172.16.2.106    l     65535 0          0 lo
172.16.2.106    10.143.0.46     172.16.2.253           1500 0          0 eth0
172.16.2.106    100.100.3.2     172.16.2.253           1500 0          0 eth0
172.16.2.106    10.143.0.45     172.16.2.253           1500 0          0 eth0
172.16.2.106    100.100.5.3     172.16.2.253           1500 0          0 eth0
100.100.5.2     172.16.2.106    172.16.2.106    l     65535 0          0 lo
172.16.2.106    10.143.33.51    172.16.2.253           1500 0          0 eth0
172.16.2.106    100.100.2.136   172.16.2.253           1500 0          0 eth0

3 . 查看网络统计数据,netstat -s展示各协议的统计信息

[root@jia1-LinuxPerformance ~]# netstat -s
Ip:
    4440 total packets received
    4 with invalid addresses
    0 forwarded
    0 incoming packets discarded
    4436 incoming packets delivered
    4269 requests sent out
Icmp:
    806 ICMP messages received
    0 input ICMP message failed.
    ICMP input histogram:
        echo requests: 804
        echo replies: 2
    806 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        echo request: 2
        echo replies: 804
IcmpMsg:
        InType0: 2
        InType8: 804
        OutType0: 804
        OutType8: 2
Tcp:
    79 active connections openings
    1 passive connection openings
    3 failed connection attempts
    0 connection resets received
    2 connections established
    2840 segments received
    2494 segments send out
    16 segments retransmited
    0 bad segments received.
    5 resets sent
Udp:
    790 packets received
    0 packets to unknown port received.
    0 packet receive errors
    953 packets sent
UdpLite:
TcpExt:
    3 resets received for embryonic SYN_RECV sockets
    71 TCP sockets finished time wait in fast timer
    44 delayed acks sent
    Quick ack mode was activated 1 times
    652 packets header predicted
    516 acknowledgments not containing data received
    1283 predicted acknowledgments
    1 congestion windows recovered after partial ack
    0 TCP data loss events
    10 other TCP timeouts
    1 DSACKs sent for old packets
    1 DSACKs received
IpExt:
    InOctets: 329641
    OutOctets: 1297221

4 . 查看网络接口信息

[root@jia1-LinuxPerformance ~]# netstat -i
Kernel Interface table
Iface       MTU Met    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500   0     4502      0      0      0     4353      0      0      0 BMRU
eth1       1500   0        2      0      0      0        3      0      0      0 BMRU
lo        65536   0        0      0      0      0        0      0      0      0 LRU
点赞

发表评论

电子邮件地址不会被公开。必填项已用 * 标注