netstat [address_family_options] [--tcp|-t] [--udp|-u] [--raw|-w] [--listening|-l] [-all|-a] [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-ports] [--symbolic|-N] [--extend|-e[ --extend|-e]] [--timers|-o] [--program|-p] [--verbose|-v] [--continuous|-c] [delay]
netstat {--route|-r} [address_family_options] [--extend|-e[ --extend|-e]] [--verbose|-v] [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-ports] [--continuous|-c] [delay]
netstat {--interfaces|-I|-i} [iface] [--all|-a] [--extend|-e] [--verbose|-v] [--program|-p] [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-ports] [--continuous|-c] [delay]
netstat {--groups|-g} [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-ports] [--continuous|-c] [delay]
netstat {--masquerade|-M} [--extend|-e] [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-ports] [--continuous|-c] [delay]
netstat {--statistics|-s} [--tcp|-t] [--udp|-u] [--raw|-w] [delay]
netstat {--version|-V}
netstat {--help|-h}
address_family_option(地址族,协议族选项)
[--protocol={inet,inet6,unix,ipx,ax25,netrom,ddp,…}] [--unix|-x] [--inet|-ip] [--ax25] [--ipx] [--netrom] [--ddp]
netstat打印有关Linux网络子系统的信息,打印信息类型有第一个参数控制,如下:
none 默认情况下netstat显示打开的套接字列表。如果未指定任何地址族,则打印所有已配置的地址族的有效套接字。--route,-r 显示内核路由表--groups,-g 显示IPv4和IPv6的ICMP组播成员关系信息--interfaces=iface,-I=iface,-i 显示所有网络接口或指定iface的表-masquerade,-M 显示伪装连接列表--statistics,-s 显示每个协议的摘要统计信息
注意:这个程序已经过时了。netstat的替代是ss。netstat –r的替代是ip route。netstat –i的提到是ip –s link。netstat –g的替代是ip maddr。
(1).选项
--verbose,-v 详细模式运行。特别是打印一些有关未配置地址族的有用信息。--numeric,-n 显示数字形式地址,而不是试图解析主机、端口或用户名--numeric-hosts 显示数字形式的主机但不影响端口或用户名的解析--numeric-ports 显示数字端口号但不影响主机或用户名的解析--numeric-users 显示数字用户ID但不影响主机或端口名称注意:--numeric的四个选项是决定主机、端口名称和用户名是否使用数字形式,对应的是IP地址、端口号和用户ID。--protocol=family,-A 指定要显示连接的地址族(可能描述为底层协议更好)。family以逗号(’,’)分隔的地址族列表,如inet,inet6,unix,ipx,ax25,netrom和ddp。这与使用—inet,--inet6,--unix(-x),--ipx,--ax25,--netrom和—ddp选项具有相同的效果。地址族inet包括raw,udp和tcp协议套接字-c,--continuous 连续打印所选信息-e,--extend 显示附加信息。使用此选项两次获得所有细节-o,--timers 包含与网络计时器相关的信息-p,--program 显示每个套接字所属程序的PID和名称-l,--listening 仅显示监听套接字(默认)-a,-all 显示监听和非监听(对于TCP意味着已经建立连接)的套接字。和--interface选项一起使用,显示未标记的端口-F 打印来自FIB的路由信息(默认)。-C 从路由缓存中打印路由信息-Z,--context 如果SELinux启用了,打印SELinux上下文-T,--notrim 停止修剪长地址delay netstat每过delay秒循环打印一次。
(2).实例
1)netstat无参数使用
[xf@xuexi ~]$ netstatActive Internet connections (w/o servers)Proto Recv-Q Send-Q Local Address ??????????Foreign Address ????????State ?????Active UNIX domain sockets (w/o servers)Proto RefCnt Flags ??????Type ??????State ????????I-Node ??Pathunix ?2 ?????[ ] ????????DGRAM ???????????????????11048 ???/run/systemd/shutdowndunix ?3 ?????[ ] ????????DGRAM ???????????????????9559 ????/run/systemd/notifyunix ?2 ?????[ ] ????????DGRAM ???????????????????9561 ????/run/systemd/cgroups-agentunix ?5 ?????[ ] ????????DGRAM ???????????????????9578 ????/run/systemd/journal/socketunix ?24 ????[ ] ????????DGRAM ???????????????????9580 ????/dev/logunix ?2 ?????[ ] ????????DGRAM ???????????????????17135 ???/var/run/chrony/chronyd.sock
2)显示所有已监听和未监听的端口
netstat -aActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address ??????????Foreign Address ????????State ?????tcp ???????0 ?????0 localhost:smtp ?????????0.0.0.0:* ??????????????LISTEN ????tcp ???????0 ?????0 0.0.0.0:sunrpc ?????????0.0.0.0:* ??????????????LISTEN ????tcp ???????0 ?????0 xuexi:domain ???????????0.0.0.0:* ??????????????LISTEN ????tcp ???????0 ?????0 0.0.0.0:ssh ????????????0.0.0.0:* ??????????????LISTEN ????tcp ???????0 ?????0 localhost:ipp ??????????0.0.0.0:* ??????????????LISTEN ????tcp6 ??????0 ?????0 localhost:smtp ?????????[::]:* ?????????????????LISTEN ????tcp6 ??????0 ?????0 [::]:sunrpc ????????????[::]:* ?????????????????LISTEN ????tcp6 ??????0 ?????0 [::]:ssh ???????????????[::]:* ?????????????????LISTEN ????tcp6 ??????0 ?????0 localhost:ipp ??????????[::]:* ?????????????????LISTEN ????udp ???????0 ?????0 0.0.0.0:mdns ???????????0.0.0.0:* ?????????????????????????udp ???????0 ?????0 localhost:323 ??????????0.0.0.0:* ?????????????????????????udp ???????0 ?????0 0.0.0.0:53762 ??????????0.0.0.0:* ?????????????????????????udp ???????0 ?????0 0.0.0.0:856 ????????????0.0.0.0:* ?????????????????????????udp ???????0 ?????0 xuexi:domain ???????????0.0.0.0:* ?????????????????????????udp ???????0 ?????0 0.0.0.0:bootps ?????????0.0.0.0:* ?????????????????????????udp ???????0 ?????0 0.0.0.0:sunrpc ?????????0.0.0.0:* ?????????????????????????udp6 ??????0 ?????0 localhost:323 ??????????[::]:* ????????????????????????????udp6 ??????0 ?????0 [::]:856 ???????????????[::]:* ????????????????????????????udp6 ??????0 ?????0 [::]:sunrpc ????????????[::]:* ????????????????????????????raw6 ??????0 ?????0 [::]:ipv6-icmp ?????????[::]:* ?????????????????7 ?????????Active UNIX domain sockets (servers and established)Proto RefCnt Flags ??????Type ??????State ????????I-Node ??Pathunix ?2 ?????[ ACC ] ????STREAM ????LISTENING ????41923 ???@/tmp/dbus-sNY2JwlCunix ?2 ?????[ ACC ] ????STREAM ????LISTENING ????30567 ???@/tmp/.ICE-unix/1913unix ?2 ?????[ ACC ] ????STREAM ????LISTENING ????27850 ???/tmp/.X11-unix/X0unix ?2 ?????[ ACC ] ????STREAM ????LISTENING ????27849 ???@/tmp/.X11-unix/X0
说明:
1、Active Internet connections (servers and established)/活动的Internet网络连接(TCP,UDP,raw):
Proto 套接字使用的协议
Recv-Q 连接此套接字的用户程序未拷贝的字节数
Send-Q 远程主机未确认的字节数
Local Address 套接字的本地地址(本地主机名)和端口号。除非给定-n,--numeric选项,否则套接字地址按标准主机名(FQDN)进行解析,而端口到则转换到相应的服务名。
Foreign Address 套接字的远程地址(远程主机名)和端口号。
State 套接字的状态。因为在RAW协议中没有状态,而且UDP也不用状态信息,所以此行留空。通常为以下几个值之一:
ESTABLISHED 套接字有一个有效连接
SYN_SENT 套接字尝试建立一个连接
SYN_RECV 从网络上收到一个连接请求
FIN_WAIT1 套接字已关闭,连接正在断开
FIN_WAIT2 连接已关闭,套接字等待远程方中止。
TIME_WAIT 在关闭之后,套接字等待处理仍然在网络中的分组
CLOSED 套接字未用
CLOSE_WAIT 远程方已关闭,等待套接字关闭
LAST_ACK 远程方中止,套接字已关闭。等待确认
LISTEN 套接字监听进来的连接。如果不设置—listening(-l)或者—all(-a)选项,将不显示出来这些连接。
CLOSING 套接字都已关闭,而还未把所有输出发出
UNKNOWN 套接字状态未知
User 套接字属主的名称或UID
PID/Program name 以斜线分隔的处理套接字程序的PID及进程名。--program使此栏目被显示.你需要superuser权限来查看不是你拥有的套接字的信息。对于IPX套接字还无法获得此信息。
2、Active UNIX domain sockets (servers and established)/活动的Unix域套接字:
Proto 套接字使用的协议(通常是unix)
RefCnt 使用数量(也就是通过此套接字连接的进程数)
Flags 显示的标志为SO_ACCEPTON(显示为ACC),SO_WAITDATA(W)或SO_NOSPACE(N)。如果相应的进程等待一个连接请求,那么SO_ACCECPTON用于未连接的套接字。其他标志通常并不重要
Type 套接字使用的一些类型:
SOCK_DGRAM 此套接字用于数据报(无连接)模式
SOCK_STREAM 流模式(连接)套接字
SOCK_RAW 此套接字用于RAW模式
SOCK_RDM一种服务可靠性传递信息
SOCK_SEQPACKET连续分组套接字
SOCK_PACKETRAW接口使用套接字
UNKNOWN未知
State 此字段包含以下关键字之一:
FREE套接字未分配
LISTENING套接字正在监听一个连接请求。除非设置--listening(-l)或者--all(-a)选项,否则不显示。
CONNECTING套接字正要建立连接
CONNECTED套接字已连接
DISCONNECTING套接字已断开
(empty)套接字未连。
UNKNOWN!不应当出现这种状态
PID/Program name 处理此套接字的程序进程名和PID。
Path 当相应进程连入套接字时显示路径名
3)显示已建立的UDP连接
[xf@xuexi ~]$ netstat -nu //-n显示数字形式的主机地址,端口号和用户ID;-u是UDPActive Internet connections (w/o servers)Proto Recv-Q Send-Q Local Address ??????????Foreign Address ????????State ?????[xf@xuexi ~]$ netstat -anuActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address ??????????Foreign Address ????????State ?????udp ???????0 ?????0 0.0.0.0:5353 ???????????0.0.0.0:* ?????????????????????????udp ???????0 ?????0 127.0.0.1:323 ??????????0.0.0.0:* ?????????????????????????udp ???????0 ?????0 0.0.0.0:53762 ??????????0.0.0.0:* ?????????????????????????udp ???????0 ?????0 0.0.0.0:856 ????????????0.0.0.0:* ?????????????????????????udp ???????0 ?????0 192.168.122.1:53 ???????0.0.0.0:* ?????????????????????????udp ???????0 ?????0 0.0.0.0:67 ?????????????0.0.0.0:* ?????????????????????????udp ???????0 ?????0 0.0.0.0:111 ????????????0.0.0.0:* ?????????????????????????udp6 ??????0 ?????0 ::1:323 ????????????????:::* ??????????????????????????????udp6 ??????0 ?????0 :::856 ?????????????????:::* ??????????????????????????????udp6 ??????0 ?????0 :::111 ?????????????????:::* ?
4)显示已建立的TCP连接
[xf@xuexi ~]$ netstat -nt //-t是TCPActive Internet connections (w/o servers)Proto Recv-Q Send-Q Local Address ??????????Foreign Address ????????State ?????[xf@xuexi ~]$ netstat -antActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address ??????????Foreign Address ????????State ?????tcp ???????0 ?????0 127.0.0.1:25 ???????????0.0.0.0:* ??????????????LISTEN ????tcp ???????0 ?????0 0.0.0.0:111 ????????????0.0.0.0:* ??????????????LISTEN ????tcp ???????0 ?????0 192.168.122.1:53 ???????0.0.0.0:* ??????????????LISTEN ????tcp ???????0 ?????0 0.0.0.0:22 ?????????????0.0.0.0:* ??????????????LISTEN ????tcp ???????0 ?????0 127.0.0.1:631 ??????????0.0.0.0:* ??????????????LISTEN ????tcp6 ??????0 ?????0 ::1:25 ?????????????????:::* ???????????????????LISTEN ????tcp6 ??????0 ?????0 :::111 ?????????????????:::* ???????????????????LISTEN ????tcp6 ??????0 ?????0 :::22 ??????????????????:::* ???????????????????LISTEN ????tcp6 ??????0 ?????0 ::1:631 ????????????????:::* ???????????????????LISTEN ?
5)显示UDP端口使用情况
[xf@xuexi ~]$ netstat -nupa //没有root权限(Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.)Active Internet connections (servers and established)Proto Recv-Q Send-Q Local Address ??????????Foreign Address ????????State ??????PID/Program name ???udp ???????0 ?????0 0.0.0.0:5353 ???????????0.0.0.0:* ??????????????????????????- ??????????????????udp ???????0 ?????0 127.0.0.1:323 ??????????0.0.0.0:* ??????????????????????????- ??????????????????udp ???????0 ?????0 0.0.0.0:53762 ??????????0.0.0.0:* ??????????????????????????- ??????????????????udp ???????0 ?????0 0.0.0.0:856 ????????????0.0.0.0:* ??????????????????????????- ??????????????????udp ???????0 ?????0 192.168.122.1:53 ???????0.0.0.0:* ??????????????????????????- ??????????????????udp ???????0 ?????0 0.0.0.0:67 ?????????????0.0.0.0:* ??????????????????????????- ??????????????????udp ???????0 ?????0 0.0.0.0:111 ????????????0.0.0.0:* ??????????????????????????- ??????????????????udp6 ??????0 ?????0 ::1:323 ????????????????:::* ???????????????????????????????- ??????????????????udp6 ??????0 ?????0 :::856 ?????????????????:::* ???????????????????????????????- ??????????????????udp6 ??????0 ?????0 :::111 ?????????????????:::* ???????????????????????????????- ????????????????[xf@xuexi ~]$ su root密码:[root@xuexi xf]# netstat -nupa //有root权限Active Internet connections (servers and established)Proto Recv-Q Send-Q Local Address ??????????Foreign Address ????????State ??????PID/Program name ???udp ???????0 ?????0 0.0.0.0:5353 ???????????0.0.0.0:* ??????????????????????????727/avahi-daemon: r udp ???????0 ?????0 127.0.0.1:323 ??????????0.0.0.0:* ??????????????????????????708/chronyd ????????udp ???????0 ?????0 0.0.0.0:53762 ??????????0.0.0.0:* ??????????????????????????727/avahi-daemon: r udp ???????0 ?????0 0.0.0.0:856 ????????????0.0.0.0:* ??????????????????????????689/rpcbind ????????udp ???????0 ?????0 192.168.122.1:53 ???????0.0.0.0:* ??????????????????????????1441/dnsmasq ???????udp ???????0 ?????0 0.0.0.0:67 ?????????????0.0.0.0:* ??????????????????????????1441/dnsmasq ???????udp ???????0 ?????0 0.0.0.0:111 ????????????0.0.0.0:* ??????????????????????????689/rpcbind ????????udp6 ??????0 ?????0 ::1:323 ????????????????:::* ???????????????????????????????708/chronyd ????????udp6 ??????0 ?????0 :::856 ?????????????????:::* ???????????????????????????????689/rpcbind ????????udp6 ??????0 ?????0 :::111 ?????????????????:::* ???????????????????????????????689/rpcbind ????
6)显示网卡列表
[xf@xuexi ~]$ netstat -iKernel Interface tableIface ?????MTU ???RX-OK RX-ERR RX-DRP RX-OVR ???TX-OK TX-ERR TX-DRP TX-OVR Flgens33 ????1500 ??330372 ?????0 ?????0 0 ????????41459 ?????0 ?????0 ?????0 BMRUlo ??????65536 ??????32 ?????0 ?????0 0 ???????????32 ?????0 ?????0 ?????0 LRUvirbr0 ???1500 ???????0 ?????0 ?????0 0 ????????????0 ?????0 ?????0 ?????0 BMU
注意:从linux2.2内核开始netstat -i不再显示别名接口的统计信息。要获得每个别名接口的计数器,则需要使用ipchains命令。
7)显示路由表信息
[xf@xuexi ~]$ netstat -rKernel IP routing tableDestination ????Gateway ????????Genmask ????????Flags ??MSS Window ?irtt Ifacedefault ????????gateway ????????0.0.0.0 ????????UG ???????0 0 ?????????0 ens33192.168.122.0 ??0.0.0.0 ????????255.255.255.0 ??U ????????0 0 ?????????0 virbr0192.168.128.0 ??0.0.0.0 ????????255.255.255.0 ??U ????????0 0 ?????????0 ens33[xf@xuexi ~]$ routeKernel IP routing tableDestination ????Gateway ????????Genmask ????????Flags Metric Ref ???Use Ifacedefault ????????gateway ????????0.0.0.0 ????????UG ???100 ???0 ???????0 ens33192.168.122.0 ??0.0.0.0 ????????255.255.255.0 ??U ????0 ?????0 ???????0 virbr0192.168.128.0 ??0.0.0.0 ????????255.255.255.0 ??U ????100 ???0 ???????0 ens33
8)显示网络统计信息
[xf@xuexi ~]$ netstat -sIp: ???78191 total packets received ???0 forwarded ???0 incoming packets discarded ???69729 incoming packets delivered ???41276 requests sent out ???7 outgoing packets dropped ???130 dropped because of missing routeIcmp: ???21 ICMP messages received ???2 input ICMP message failed. ???ICMP input histogram: ???????destination unreachable: 16 ???????echo requests: 5 ???65 ICMP messages sent ???0 ICMP messages failed ???ICMP output histogram: ???????destination unreachable: 62 ???????echo replies: 3IcmpMsg: ???????InType3: 16 ???????InType8: 5 ???????OutType0: 3 ???????OutType3: 62Tcp: ???16 active connections openings ???0 passive connection openings ???0 failed connection attempts ???0 connection resets received ???0 connections established ???69351 segments received ???40743 segments send out ???17 segments retransmited ???0 bad segments received. ???0 resets sentUdp: ???341 packets received ???16 packets to unknown port received. ???0 packet receive errors ???444 packets sent ???0 receive buffer errors ???0 send buffer errorsUdpLite:TcpExt: ???11 TCP sockets finished time wait in fast timer ???43 delayed acks sent ???1 delayed acks further delayed because of locked socket ???Quick ack mode was activated 3 times ???59462 packet headers predicted ???15 acknowledgments not containing data payload received ???5 predicted acknowledgments ???2 other TCP timeouts ???TCPLossProbes: 2 ???3 DSACKs sent for old packets ???1 DSACKs sent for out of order packets ???2 connections aborted due to timeout ???TCPRcvCoalesce: 12110 ???TCPOFOQueue: 8637 ???TCPOFOMerge: 1 ???TCPAutoCorking: 1 ???TCPOrigDataSent: 46IpExt: ???InMcastPkts: 1130 ???OutMcastPkts: 61 ???InBcastPkts: 7252 ???InOctets: 108288305 ???OutOctets: 2372940 ???InMcastOctets: 176024 ???OutMcastOctets: 9051 ???InBcastOctets: 789592 ???InNoECTPkts: 80551
(3).相关文件
/etc/services 服务解释文件
/proc proc文件系统的挂载点。proc文件系统通过下列文件给出了内核状态信息。
/proc/net/dev 设备信息
/proc/net/raw RAW套接字信息
/proc/net/tcp TCP套接字信息
/proc/net/udp UDP套接字信息
/proc/net/igmp IGMP组播信息
/proc/net/unix Unix域套接字信息
/proc/net/ipx IPX套接字信息
/proc/net/ax25 AX25套接字信息
/proc/net/appletalk DDP(appletalk)套接字信息
/proc/net/nr NET/ROM套接字信息
/proc/net/route IP路由信息
/proc/net/ax25_route AX25路由信息
/proc/net/ipx_route IPX路由信息
/proc/net/nr_nodes NET/ROM节点列表
/proc/net/nr_neigh NET/ROM邻站
/proc/net/ip_masquerade 伪装连接
/proc/net/snmp 统计
Linux命令之netstat
原文地址:https://www.cnblogs.com/diantong/p/9669568.html