Linux命令 - netstat
netstat命令用来打印Linux中网络系统的状态信息,可让你得知整个Linux系统的网络情况。
(1)用法:
用法: netstat [选项参数]
(2)功能:
功能: netstat用于显示与IP、TCP、UDP和ICMP协议相关的统计数据,一般用于检验本机各端口的网络连接情况。
如果你的计算机有时候接收到的数据报导致出错数据或故障,你不必感到奇怪,TCP/IP可以容许这些类型的错误,并能够自动重发数据报。但如果累计的出错情况数目占到所接收的IP数据报相当大的百分比,或者它的数目正迅速增加,那么你就应该使用netstat查一查为什么会出现这些情况了。
(3)选项参数:
1) -a或–all 显示所有连线中的Socket。
2) -n或–numeric 直接使用IP地址,而不通过域名服务器。
3) -t或–tcp 显示TCP传输协议的连线状况。
4) -u或–udp 显示UDP传输协议的连线状况。
5) -v或–verbose 显示指令执行过程。
6) -p或–programs 显示正在使用Socket的程序识别码和程序名称。
7) -s或–statistice 显示网络工作信息统计表。
(4)实例:
1)[root@localhost ~]# netstat 无参数的使用
[root@localhost ~]# netstat
Active Internet connections (w/o servers) //有源TCP连接
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 268 192.168.120.204:ssh 10.2.0.68:62420 ESTABLISHED
udp 0 0 192.168.120.204:4371 10.58.119.119:domain ESTABLISHED
Active UNIX domain sockets (w/o servers) //有源Unix域套接口(和网络套接字一样,但是只能用于本机通信,性能可以提高一倍)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 1491 @/org/kernel/udev/udevd
unix 4 [ ] DGRAM 7337 /dev/log
unix 2 [ ] DGRAM 708823
unix 2 [ ] DGRAM 7539
unix 3 [ ] STREAM CONNECTED 7287
unix 3 [ ] STREAM CONNECTED 7286
[root@localhost ~]#
说明:
1."Recv-Q"和"Send-Q"指的是接收队列和发送队列。
2.Proto显示连接使用的协议;RefCnt表示连接到本套接口上的进程号;Types显示套接口的类型;State显示套接口当前的状态;Path表示连接到套接口的其它进程使用的路径名。
3.套接口类型:
-t :TCP
-u :UDP
-raw :RAW类型
--unix :UNIX域类型
--ax25 :AX25类型
--ipx :ipx类型
--netrom :netrom类型
4.状态说明:
LISTEN: 侦听来自远方的TCP端口的连接请求
SYN-SENT: 再发送连接请求后等待匹配的连接请求(如果有大量这样的状态包,检查是否中招了)
SYN-RECEIVED 再收到和发送一个连接请求后等待对方对连接请求的确认(如有大量此状态,估计被flood攻击了)
ESTABLISHED: 代表一个打开的连接
FIN-WAIT-1: 等待远程TCP连接中断请求,或先前的连接中断请求的确认
FIN-WAIT-2: 从远程TCP等待连接中断请求
CLOSE-WAIT: 等待从本地用户发来的连接中断请求
CLOSING: 等待远程TCP对连接中断的确认
LAST-ACK: 等待原来的发向远程TCP的连接中断请求的确认(不是什么好东西,此项出现,检查是否被攻击)
TIME-WAIT: 等待足够的时间以确保远程TCP接收到连接中断请求的确认
CLOSED: 没有任何连接状态
2)[sunjimeng@localhost ~]$ netstat -a 显示所有已监听或者没有监听的端口
[sunjimeng@localhost ~]$ netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:ipp 0.0.0.0:* LISTEN
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN
tcp 0 0 192.168.142.128:52328 115.28.122.210:http TIME_WAIT
tcp 0 0 192.168.142.128:52836 112.124.140.210:http TIME_WAIT
tcp 0 0 192.168.142.128:52334 115.28.122.210:http TIME_WAIT
tcp 0 0 192.168.142.128:52329 115.28.122.210:http TIME_WAIT
tcp 0 0 192.168.142.128:52839 112.124.140.210:http TIME_WAIT
tcp 0 0 192.168.142.128:52336 115.28.122.210:http TIME_WAIT
tcp 0 0 192.168.142.128:52844 112.124.140.210:http TIME_WAIT
tcp 0 0 192.168.142.128:54198 202.204.80.77:http TIME_WAIT
tcp 0 0 192.168.142.128:52326 115.28.122.210:http TIME_WAIT
tcp 0 0 192.168.142.128:52842 112.124.140.210:http TIME_WAIT
tcp 0 0 192.168.142.128:44060 ec2-52-27-123-81.:https ESTABLISHED
tcp 0 0 192.168.142.128:52847 112.124.140.210:http TIME_WAIT
tcp 0 0 192.168.142.128:54204 202.204.80.77:http TIME_WAIT
tcp 0 0 192.168.142.128:52332 115.28.122.210:http TIME_WAIT
tcp 0 0 192.168.142.128:54208 202.204.80.77:http TIME_WAIT
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 localhost:ipp [::]:* LISTEN
tcp6 0 0 localhost:smtp [::]:* LISTEN
udp 0 0 0.0.0.0:bootpc 0.0.0.0:*
udp 0 0 0.0.0.0:ntp 0.0.0.0:*
udp 0 0 localhost:323 0.0.0.0:*
udp 768 0 192.168.142.128:39404 192.168.142.2:domain ESTABLISHED
udp 0 0 0.0.0.0:27664 0.0.0.0:*
udp 0 0 0.0.0.0:mdns 0.0.0.0:*
udp 0 0 0.0.0.0:52525 0.0.0.0:*
udp 0 0 0.0.0.0:52525 0.0.0.0:*
udp6 0 0 [::]:ntp [::]:*
udp6 0 0 localhost:323 [::]:*
udp6 0 0 [::]:14031 [::]:*
raw6 0 0 [::]:ipv6-icmp [::]:* 7
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 26013 @/tmp/.ICE-unix/2850
unix 2 [ ACC ] STREAM LISTENING 23031 @/tmp/dbus-XARCfYJ4
unix 2 [ ACC ] STREAM LISTENING 18194 /var/run/abrt/abrt.socket
......
unix 3 [ ] STREAM CONNECTED 16906
3)[sunjimeng@localhost ~]$ netstat -nu 显示已建立的UDP连接
[sunjimeng@localhost ~]$ netstat -nu
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 768 0 192.168.142.128:39404 192.168.142.2:53 ESTABLISHED
[sunjimeng@localhost ~]$ netstat -anu
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 0.0.0.0:68 0.0.0.0:*
udp 0 0 0.0.0.0:123 0.0.0.0:*
udp 0 0 127.0.0.1:323 0.0.0.0:*
udp 768 0 192.168.142.128:39404 192.168.142.2:53 ESTABLISHED
udp 0 0 0.0.0.0:27664 0.0.0.0:*
udp 0 0 0.0.0.0:5353 0.0.0.0:*
udp 0 0 0.0.0.0:52525 0.0.0.0:*
udp6 0 0 :::123 :::*
udp6 0 0 ::1:323 :::*
udp6 0 0 :::14031 :::*
4)[sunjimeng@localhost ~]$ netstat -nt 显示所有已建立的TCP连接
[sunjimeng@localhost ~]$ netstat -nat
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 192.168.142.128:44060 52.27.123.81:443 ESTABLISHED
tcp 0 0 192.168.142.128:52438 115.28.122.210:80 ESTABLISHED
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
[sunjimeng@localhost ~]$ netstat -nt
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.142.128:44060 52.27.123.81:443 ESTABLISHED
tcp 0 0 192.168.142.128:52438 115.28.122.210:80 ESTABLISHED
5)[sunjimeng@localhost ~]$ netstat -nupa 显示UDP端口号的使用情况
[sunjimeng@localhost ~]$ netstat -nupa //没有root权限
(Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 0.0.0.0:68 0.0.0.0:* -
udp 0 0 0.0.0.0:123 0.0.0.0:* -
udp 0 0 127.0.0.1:323 0.0.0.0:* -
udp 768 0 192.168.142.128:39404 192.168.142.2:53 ESTABLISHED 18744/netstat
udp 0 0 0.0.0.0:27664 0.0.0.0:* -
udp 0 0 0.0.0.0:5353 0.0.0.0:* -
udp 0 0 0.0.0.0:52525 0.0.0.0:* -
udp6 0 0 :::123 :::* -
udp6 0 0 ::1:323 :::* -
udp6 0 0 :::14031 :::* -
[sunjimeng@localhost ~]$ su root
密码:
[root@localhost sunjimeng]# netstat -aunp //有root权限
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 0.0.0.0:68 0.0.0.0:* 14421/dhclient
udp 0 0 0.0.0.0:123 0.0.0.0:* 781/chronyd
udp 0 0 127.0.0.1:323 0.0.0.0:* 781/chronyd
udp 768 0 192.168.142.128:39404 192.168.142.2:53 ESTABLISHED 18744/netstat
udp 0 0 0.0.0.0:27664 0.0.0.0:* 14421/dhclient
udp 0 0 0.0.0.0:5353 0.0.0.0:* 797/avahi-daemon: r
udp 0 0 0.0.0.0:52525 0.0.0.0:* 797/avahi-daemon: r
udp 0 0 192.168.142.128:34639 192.168.142.2:53 ESTABLISHED 20626/python
udp6 0 0 :::123 :::* 781/chronyd
udp6 0 0 ::1:323 :::* 781/chronyd
udp6 0 0 :::14031 :::* 14421/dhclient
6)[root@localhost sunjimeng]# netstat -i 显示网卡列表
[root@localhost sunjimeng]# netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eno16777 1500 302197 0 1 0 90150 0 0 0 BMRU
lo 65536 2293 0 0 0 2293 0 0 0 LRU
7)[root@localhost sunjimeng]# netstat -s 显示网络统计信息
[root@localhost sunjimeng]# netstat -s
Ip:
132373 total packets received
0 forwarded
0 incoming packets discarded
130636 incoming packets delivered
93212 requests sent out
500 outgoing packets dropped
69 dropped because of missing route
Icmp:
1149 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
destination unreachable: 1044
timeout in transit: 28
echo requests: 26
echo replies: 51
1283 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 1066
echo request: 191
echo replies: 26
IcmpMsg:
InType0: 51
InType3: 1044
InType8: 26
InType11: 28
OutType0: 26
OutType3: 1066
OutType8: 191
Tcp:
1330 active connections openings
0 passive connection openings
75 failed connection attempts
9 connection resets received
2 connections established
125542 segments received
86517 segments send out
421 segments retransmited
3 bad segments received.
99 resets sent
Udp:
2894 packets received
1053 packets to unknown port received.
0 packet receive errors
4969 packets sent
0 receive buffer errors
0 send buffer errors
UdpLite:
TcpExt:
706 TCP sockets finished time wait in fast timer
508 delayed acks sent
9 delayed acks further delayed because of locked socket
Quick ack mode was activated 3 times
94581 packet headers predicted
2447 acknowledgments not containing data payload received
2473 predicted acknowledgments
22 congestion windows recovered without slow start after partial ack
174 other TCP timeouts
1 connections reset due to unexpected data
1 connections reset due to early user close
IPReversePathFilter: 1
TCPRcvCoalesce: 44130
TCPChallengeACK: 3
TCPSYNChallenge: 3
IpExt:
InNoRoutes: 382
InMcastPkts: 661
OutMcastPkts: 255
InBcastPkts: 15
OutBcastPkts: 15
InOctets: 420174480
OutOctets: 5078197
InMcastOctets: 101685
OutMcastOctets: 39453
InBcastOctets: 1170
OutBcastOctets: 1170
8)[root@localhost sunjimeng]# netstat -r 显示路由表的信息
[root@localhost sunjimeng]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default 192.168.142.2 0.0.0.0 UG 0 0 0 eno16777736
192.168.142.0 0.0.0.0 255.255.255.0 U 0 0 0 eno16777736
192.168.142.0 0.0.0.0 255.255.255.0 U 0 0 0 eno16777736
[root@localhost sunjimeng]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.142.2 0.0.0.0 UG 100 0 0 eno16777736
192.168.142.0 0.0.0.0 255.255.255.0 U 0 0 0 eno16777736
192.168.142.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777736
(5)其他:
Linux网络套接字:
套接字连接的过程如同(客户)打一个电话到一个大公司,接线员(服务器进程)接听电话并把它转接到你要找的部门,然后再从那里转到你要找的人(服务器套接字),然后接线员(服务器进程)再继续转接其它(客户)的电话。
套接字有本地套接字和网络套接字两种。本地套接字的名字是Linux文件系统中的文件名,一般放在/tmp或/usr/tmp目录中;网络套接字的名字是与客户连接的特定网络有关的服务标识符(端口号或访问点)。这个标识符允许Linux将进入的针对特定端口号的连接转到正确的服务器进程。
套接字的连接建立过程:http://blog.chinaunix.net/uid-25829053-id-3015832.html;
Java通信中的套接字连接过程:http://www.cnblogs.com/MenAngel/p/5317082.html;
