netstat命令详解
一、命令简介
安装命令:
yum install net-tools
netstat命令主要用于显示网络相关的信息,网络连接、路由表、接口状态;
分为两部分:
第一部分为:Active Internet connections ,称为有源TCP连接,其中"Recv-Q"和"Send-Q"指%0A的是接收队列和发送队列。这些数字一般都应该是0。如果不是则表示软件包正在队列中堆积。这种情况只能在非常少的情况见到。
[root@master01 ~]# netstat | more Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 localhost:2379 localhost:48712 ESTABLISHED tcp 0 0 localhost:48840 localhost:2379 ESTABLISHED tcp 0 0 localhost:48770 localhost:2379 ESTABLISHED tcp 0 0 localhost:2379 localhost:48620 ESTABLISHED tcp 0 0 localhost:2379 localhost:48672 ESTABLISHED
第二部分为:Active UNIX domain sockets,称为有源Unix域套接口(和网络套接字一样,但是只能用于本机通信,性能可以提高一倍),Proto显示连接使用的协议,RefCnt表示连接到本套接口上的进程号,Types显示套接口的类型,State显示套接口当前的状态,Path表示连接到套接口的其它进程使用的路径名。
Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 3 [ ] DGRAM 9509 /run/systemd/notify unix 2 [ ] DGRAM 9511 /run/systemd/cgroups-agent unix 6 [ ] DGRAM 9523 /run/systemd/journal/socket unix 17 [ ] DGRAM 9525 /dev/log unix 2 [ ] DGRAM 63924 @0004f unix 2 [ ] DGRAM 62893 @0004e
二、常见用法
2.1 列出所有端口
[root@master01 ~]# netstat -a Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:31672 0.0.0.0:* LISTEN tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:32315 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:30300 0.0.0.0:* LISTEN tcp 0 0 localhost:39229 0.0.0.0:* LISTEN tcp 0 0 localhost:10248 0.0.0.0:* LISTEN tcp 0 0 localhost:10249 0.0.0.0:* LISTEN
参数详解:
Proto:连接协议的种类
Recv-Q:接收到的字节数
Send-Q:从本服务器发送出去的字节数
Local Address:本地的IP地址,可以IP地址,也可以是主机名
Foreign Address:远程主机的IP
State:网络连接状态
I-Node:
i代表index,i-node也叫索引节点。一个i-node存储一个文件的元数据,i-node实际上存储了关于所有权(用户、组),访问权限(可读可写可执行),数据的存储位置等等元数据,所以i-node就是一个文件的化身,一个文件对应一个i-node。
值得注意的是:i-node中并不存储文件名这一信息,关于这一点原因将在后面解释。
还有很重要的一点是所有的i-node组成一个线性结构,并且通过下标来标识,下标也叫做i-node号,这个和磁盘盘块号不一样,inode是建立在盘块上的。
网络连接状态的参数详解:
LISTEN:侦听状态,等待远程主机的连接
ESTABLISHED:完成TCP三次握手后,主动连接端进入ESTABLISHED状态。此时,TCP连接已经建立,可以进行通信
TIME_WAIT:在TCP四次挥手时,主动关闭端发送了ACK包之后,进入TIME_WAIT状态,等待最多MSL时间,让被动关闭端收到ACK包
CLOSED : 初始(无连接)状态
CLOSING:等待远程TCP对连接中断的确认
2.2 列出所有tcp连接
[root@master01 ~]# netstat -at
Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:31672 0.0.0.0:* LISTEN tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:32315 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:30300 0.0.0.0:* LISTEN tcp 0 0 localhost:39229 0.0.0.0:* LISTEN tcp 0 0 localhost:10248 0.0.0.0:* LISTEN tcp 0 0 localhost:10249 0.0.0.0:* LISTEN tcp 0 0 localhost:9099 0.0.0.0:* LISTEN
2.3 列出所有的udp端口
[root@master01 ~]# netstat -au Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 localhost:323 0.0.0.0:* udp6 0 0 localhost:323 [::]:*
2.4 只显示侦听的端口
[root@master01 ~]# netstat -l Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:31672 0.0.0.0:* LISTEN tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:32315 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:30300 0.0.0.0:* LISTEN
2.5 只显示侦听的tcp端口
[root@master01 ~]# netstat -lt Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:31672 0.0.0.0:* LISTEN tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:32315 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:30300 0.0.0.0:* LISTEN
2.6 显示进程号
[root@master01 ~]# netstat -tlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:31672 0.0.0.0:* LISTEN 2656/kube-proxy tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN 1202/master tcp 0 0 0.0.0.0:32315 0.0.0.0:* LISTEN 2656/kube-proxy tcp 0 0 0.0.0.0:30300 0.0.0.0:* LISTEN 2656/kube-proxy tcp 0 0 localhost:39229 0.0.0.0:* LISTEN 1688/kubelet
2.7 不想让主机名显示
[root@master01 ~]# netstat -ntlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:31672 0.0.0.0:* LISTEN 2656/kube-proxy tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1202/master tcp 0 0 0.0.0.0:32315 0.0.0.0:* LISTEN 2656/kube-proxy tcp 0 0 0.0.0.0:30300 0.0.0.0:* LISTEN 2656/kube-proxy tcp 0 0 127.0.0.1:39229 0.0.0.0:* LISTEN 1688/kubelet tcp 0 0 127.0.0.1:10248 0.0.0.0:* LISTEN 1688/kubelet
2.8 显示路由信息
[root@master01 ~]# netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface default 25B3NMRANG309PD 0.0.0.0 UG 0 0 0 ens33 10.224.241.64 0.0.0.0 255.255.255.192 U 0 0 0 * 10.224.241.113 0.0.0.0 255.255.255.255 UH 0 0 0 cali9dc6fea6df2 10.224.241.116 0.0.0.0 255.255.255.255 UH 0 0 0 calid6f431b787a 10.224.241.117 0.0.0.0 255.255.255.255 UH 0 0 0 cali2803fbf4e0f 10.224.241.119 0.0.0.0 255.255.255.255 UH 0 0 0 cali2440550b13d 10.224.241.121 0.0.0.0 255.255.255.255 UH 0 0 0 cali58ca2031e40 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 192.168.43.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33
2.9 显示网络接口列表
[root@master01 ~]# netstat -i Kernel Interface table Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg cali2440550b13d 1440 0 0 0 0 0 0 0 0 BMRU cali2803fbf4e0f 1440 0 0 0 0 0 0 0 0 BMRU cali58ca2031e40 1440 0 0 0 0 0 0 0 0 BMRU cali9dc6fea6df2 1440 752915 0 0 0 752915 0 0 0 BMRU calid6f431b787a 1440 0 0 0 0 0 0 0 0 BMRU docker0 1500 0 0 0 0 0 0 0 0 BMU ens33 1500 1812 0 0 0 1990 0 0 0 BMRU lo 65536 752915 0 0 0 752915 0 0 0 LRU tunl0 1440 0 0 0 0 0 0 0 0 ORU
三、其他高级应用
3.1 查看TIMEWAI连接的进程
[root@master01 ~]# netstat -atupn | grep TIME_WAI tcp 0 0 127.0.0.1:2381 127.0.0.1:45568 TIME_WAIT - tcp 0 0 127.0.0.1:2381 127.0.0.1:45820 TIME_WAIT - tcp 0 0 127.0.0.1:54142 127.0.0.1:9099 TIME_WAIT - tcp 0 0 127.0.0.1:45820 127.0.0.1:2381 TIME_WAIT - tcp 0 0 192.168.43.90:51194 10.224.241.116:8181 TIME_WAIT - tcp 0 0 127.0.0.1:2381 127.0.0.1:45632 TIME_WAIT - tcp 0 0 127.0.0.1:53938 127.0.0.1:9099 TIME_WAIT - tcp 0 0 127.0.0.1:54126 127.0.0.1:9099 TIME_WAIT -
如何修改 time_wait的时间来快速释放链接
[root@master01 ~]# cat /proc/sys/net/ipv4/tcp_fin_timeout 60
3.2 统计网络情况
[root@master01 ~]# netstat -s |head -n 5 Ip: 1016920 total packets received 68 forwarded 0 incoming packets discarded 1016852 incoming packets delivered
3.3 显示路由信息
[root@master01 ~]# netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface default 25B3NMRANG309PD 0.0.0.0 UG 0 0 0 ens33 10.224.241.64 0.0.0.0 255.255.255.192 U 0 0 0 * 10.224.241.113 0.0.0.0 255.255.255.255 UH 0 0 0 cali9dc6fea6df2 10.224.241.116 0.0.0.0 255.255.255.255 UH 0 0 0 calid6f431b787a 10.224.241.117 0.0.0.0 255.255.255.255 UH 0 0 0 cali2803fbf4e0f 10.224.241.119 0.0.0.0 255.255.255.255 UH 0 0 0 cali2440550b13d 10.224.241.121 0.0.0.0 255.255.255.255 UH 0 0 0 cali58ca2031e40 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 192.168.43.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33
另外一种方法
[root@master01 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.43.1 0.0.0.0 UG 100 0 0 ens33 10.224.241.64 0.0.0.0 255.255.255.192 U 0 0 0 * 10.224.241.113 0.0.0.0 255.255.255.255 UH 0 0 0 cali9dc6fea6df2 10.224.241.116 0.0.0.0 255.255.255.255 UH 0 0 0 calid6f431b787a 10.224.241.117 0.0.0.0 255.255.255.255 UH 0 0 0 cali2803fbf4e0f 10.224.241.119 0.0.0.0 255.255.255.255 UH 0 0 0 cali2440550b13d 10.224.241.121 0.0.0.0 255.255.255.255 UH 0 0 0 cali58ca2031e40 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 192.168.43.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
3.4 统计各种链接的个数
[root@master01 ~]# netstat -an | awk '/^tcp/ {++S[$NF]} END {for (a in S) print a,S[a]} ' LISTEN 26 ESTABLISHED 194 SYN_SENT 2 TIME_WAIT 17
