说明
netstat命令主要是显示系统的网络信息,如网络连接,路由表,接口统计信息,masquerade连接和多播成员。
基本使用
直接执行netstat输出
$netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 120.25.237.144:https 119.79.225.226:14343 ESTABLISHED
tcp 0 0 localhost:us-cli localhost:38421 TIME_WAIT
tcp 0 0 localhost:us-cli localhost:38432 TIME_WAIT
tcp 0 0 localhost:us-cli localhost:38419 TIME_WAIT
tcp 401 0 120.25.237.144:51391 106.11.68.13:http CLOSE_WAIT
tcp 0 0 localhost:us-cli localhost:38418 TIME_WAIT
tcp 0 0 120.25.237.144:60707 110.75.102.62:http CLOSE_WAIT
tcp 0 0 localhost:us-cli localhost:38425 TIME_WAIT
tcp 0 0 localhost:us-cli localhost:38433 TIME_WAIT
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 46626 @/org/kernel/udev/udevd
unix 6 [ ] DGRAM 80332 /dev/log
unix 3 [ ] STREAM CONNECTED 100326689
unix 3 [ ] STREAM CONNECTED 100326688
unix 2 [ ] DGRAM 100326685
unix 2 [ ] STREAM CONNECTED 100164983
netstat的基本输出分为两部分:
- Active Internet connections:有源的TCP链接
- Active UNIX domain sockets:有源的Unix域socket
常用选项:
- -a:所有的,包括处于监听状态和非监听状态的端口
- -l:处于监听状态的端口
- -p:显示进程的pid和名称
- -s:端口的统计
- -c:动态显示netstat结果
- -r:显示路由信息
- -i:显示网络接口信息
- -t:只显示tcp相关信息
- -u:只显示udp相关信息
- -x:只显示unix socket的相关信息
示例
1、列出所有端口
使用-a可以列出所有的端口,包括处于监听和非监听状态的端口
$ netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:http *:* LISTEN
tcp 0 0 *:webcache *:* LISTEN
tcp 0 0 localhost:mysql localhost:48860 ESTABLISHED
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 80659 /var/run/nscd/socket
只列出所有tcp端口
使用-t可以只列出tcp相关的端口
$netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:http *:* LISTEN
tcp 0 0 *:webcache *:* LISTEN
tcp 0 0 localhost:mysql localhost:48860 ESTABLISHED
列出所有 udp 端口
$ netstat -au
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 localhost:ntp *:*
udp 0 0 *:ntp *:*
2、列出处于监听状态的端口
$ netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:http *:* LISTEN
tcp 0 0 *:webcache *:* LISTEN
tcp 0 0 localhost:us-cli *:* LISTEN
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 80659 /var/run/nscd/socket
unix 2 [ ACC ] STREAM LISTENING 6667 @/com/ubuntu/upstart
unix 2 [ ACC ] STREAM LISTENING 80089 /var/lib/mysql/mysql.sock
unix 2 [ ACC ] STREAM LISTENING 91733 /var/run/docker.sock
列出处于监听状态的tcp端口
$ netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:http *:* LISTEN
tcp 0 0 *:webcache *:* LISTEN
tcp 0 0 localhost:us-cli *:* LISTEN
列出处于监听状态的udp端口
$ netstat -lu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 localhost:ntp *:*
udp 0 0 *:ntp *:*
列出处于监听状态的unix端口
$ netstat -lx
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 80659 /var/run/nscd/socket
unix 2 [ ACC ] STREAM LISTENING 6667 @/com/ubuntu/upstart
unix 2 [ ACC ] STREAM LISTENING 80089 /var/lib/mysql/mysql.sock
unix 2 [ ACC ] STREAM LISTENING 91733 /var/run/docker.sock
3、显示协议的统计信息
$ netstat -s
Ip:
114561218 total packets received
2 with invalid addresses
0 forwarded
20 with unknown protocol
0 incoming packets discarded
114561130 incoming packets delivered
111150276 requests sent out
112 reassemblies required
46 packets reassembled ok
Icmp:
205545 ICMP messages received
34720 input ICMP message failed.
ICMP input histogram:
destination unreachable: 58882
分别显示tcp和udp
$netstat -st //显示tcp端口的统计信息
$netstat -su //显示udp端口的统计信息
4、显示进程的pid和名称
$ netstat -p
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost:webcache localhost:33327 TIME_WAIT -
tcp 0 0 localhost:mysql localhost:47676 ESTABLISHED -
tcp 0 0 localhost:48562 localhost:mysql ESTABLISHED 3345/java
tcp 0 0 localhost:46556 localhost:mysql ESTABLISHED 3345/java
-
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ] STREAM CONNECTED 100164983 4926/java
unix 2 [ ] STREAM CONNECTED 100163900 4926/java
unix 3 [ ] STREAM CONNECTED 100163897 4926/java
unix 3 [ ] STREAM CONNECTED 100163896 4926/java
只显示tcp或udp或unix socket的进程pid和名称
$netstat -pt //只显示tcp
$netstat -pu //只显示udp
$netstat -px //只显示unix
5、持续输出netstat信息
每个一秒输出netstat信息
$netstat -c
6、显示路由信息
$ netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.42.0 * 255.255.255.0 U 0 0 0 docker0
120.25.236.0 * 255.255.252.0 U 0 0 0 eth1
7、显示网络接口列表
$ netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
docker0 1500 0 0 0 0 0 0 0 0 0 BMRU
eth0 1500 0 6409579 0 0 0 7244180 0 0 0 BMRU
eth1 1500 0 42085323 0 0 0 37840979 0 0 0 BMRU
lo 16436 0 66511169 0 0 0 66511169 0 0 0 LRU
更加详细的网络接口列表使用
$netstat -ie
8、其他
统计连接某服务端口的IP地址
$netstat -nat | grep "127.0.0.1:51391" |awk '{print $5}'|awk -F: '{print $1}'|sort|uniq -c|sort -nr|head -20
统计连接状态情况
$ netstat -nat |awk '{print $6}'|sort|uniq -c|sort -rn
14 ESTABLISHED
11 LISTEN
11 CLOSE_WAIT
6 TIME_WAIT
1 Foreign
1 FIN_WAIT2
1 established)