读书人
栏目

Linux netstat 下令详解

发布时间: 2013-04-05 10:24:33 作者: rapoo

Linux netstat 命令详解
?引自:http://blog.sina.com.cn/s/blog_799361540100z24h.htmlNetstat命令用于显示与IP、TCP、UDP和ICMP协议相关的统计数据,一般用于检验本机各端口的网络连接情况。

?????? 在Internet RFC标准中,Netstat的定义是: Netstat是在内核中访问网络及相关信息的程序,它能提供TCP连接,TCP和UDP监听,进程内存管理的相关报告。

?

检查2222 端口的相关信息:

[root@singledb ~]# netstat -an |grep 2222

tcp??????? 0????? 0 :::2222???????????????????? :::*??????????????????????? LISTEN?????

tcp??????? 0????? 0 ::ffff:192.168.3.200:2222?? ::ffff:192.168.3.115:53516? ESTABLISHED

??????

?

该命令的帮助文档如下:

[root@singledb ~]# netstat -h

usage: netstat [-veenNcCF] [<Af>] -r???????? netstat {-V|--version|-h|--help}

?????? netstat [-vnNcaeol] [<Socket> ...]

?????? netstat { [-veenNac] -I[<Iface>] | [-veenNac] -i | [-cnNe] -M | -s } [delay]

?

??????? -r, --route??????????????? display routing table

??????? -I, --interfaces=[<Iface>] display interface table for <Iface>

??????? -i, --interfaces?????????? display interface table

??????? -g, --groups?????????????? display multicast group memberships

??????? -s, --statistics?????????? display networking statistics (like SNMP)

??????? -M, --masquerade ??????????display masqueraded connections

??????? -v, --verbose????????????? be verbose

??????? -n, --numeric????????????? don't resolve names

??????? --numeric-hosts??????????? don't resolve host names

??????? --numeric-ports??????????? don't resolve port names

??????? --numeric-users??????????? don't resolve user names

??????? -N, --symbolic???????????? resolve hardware names

??????? -e, --extend?????????????? display other/more information

??????? -p, --programs???????????? display PID/Program name for sockets

??????? -c, --continuous?????????? continuous listing

??????? -l, --listening??????????? display listening server sockets

??????? -a, --all, --listening???? display all sockets (default: connected)

??????? -o, --timers?????????????? display timers

??????? -F, --fib??????????? display Forwarding Information Base (default)

??????? -C, --cache??????????????? display routing cache instead of FIB

??????? -T, --notrim?????????????? stop trimming long addresses

??????? -Z, --context????????????? display SELinux security context for sockets

?

? <Iface>: Name of interface to monitor/list.

? <Socket>={-t|--tcp} {-u|--udp} {-S|--sctp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom

? <AF>=Use '-A <af>' or '--<af>'; default: inet

? List of possible address families (which support routing):

??? inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25)

??? netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP)

??? x25 (CCITT X.25)

??????

?????? 在上面的命令里讲了一个参数的意思。 如果想查看更详细的内容,可以使用man命令。 这个可以显示的更详细。

?

?

Netstat的一些常用选项?:

?????? netstat -s: 按照各个协议分别显示其统计数据。

?????? netstat -r: 显示关于路由表的信息。

netstat -a: 显示一个所有的有效连接信息列表.

?????? netstat -n: 显示所有已建立的有效连接。

?

?

[root@singledb ~]# netstat -a

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address?????????????? Foreign Address???????????? State?????

tcp??????? 0????? 0 localhost.localdomain:2208? *:*???????????????????????? LISTEN????????

tcp??????? 0????? 0 192.168.122.1:domain??????? *:*???????? ????????????????LISTEN??????

tcp??????? 0????? 0 ::ffff:192.168.3.200:ssh??? ::ffff:192.168.3.115:51710? ESTABLISHED

tcp??????? 0????? 0 ::ffff:192.16:rockwell-csp2 ::ffff:192.168.3.115:53516? ESTABLISHED

udp??????? 0????? 0 *:48902???????????????????? *:*????????????????????????????????????

udp??????? 0????? 0 192.168.122.1:domain??????? *:*??????????????????????????????????????????????????????????????????????

udp??????? 0????? 0 *:mdns????????????????????? *:*????????????????????????????????????

Active UNIX domain sockets (servers and established)

Proto RefCnt Flags?????? Type?????? State???????? I-Node Path

unix? 2????? [ ACC ]???? STREAM???? LISTENING???? 6166?? @ISCSIADM_ABSTRACT_NAMESPACE

unix? 28???? [ ]???????? DGRAM??????????????????? 6709?? /dev/log

unix? 2????? [ ACC ]???? STREAM???? LISTENING???? 9022?? /dev/gpmctl

unix? 2????? [ ACC ]???? STREAM???? LISTENING???? 6702?? /var/run/audispd_events

?

以其中一条做说明:

tcp??????? 0????? 0 ::ffff:192.168.3.200:ssh??? ::ffff:192.168.3.115:51710? ESTABLISHED

?

协议(Proto):TCP,指是传输层通讯协议。

有关TCP, 可以参考Blog:

?????? 网络七层协议 说明

?????? http://blog.csdn.net/tianlesoftware/archive/2010/11/16/6012976.aspx

?

Local??Address:::ffff:192.168.3.200:ssh,本地的IP地址,和用于连接的端口, 这里写成ssh了。 指的是SSH 端口。??

Foreign Address: ffff:192.168.3.115:51710, 远程机器的的IP地址和连接的端口。

State:ESTABLISHED。 连接状态。可有一下几种状态:

???????????????????? LISTEN??:在监听状态中。??

???????????????????? ESTABLISHED:已建立联机的联机情况。

???????????????????? TIME_WAIT:该联机在目前已经是等待的状态。?

?

?

?[root@singledb ~]# netstat -n

Active Internet connections (w/o servers)

Proto Recv-Q Send-Q Local Address?????????????? Foreign Address???????????? State?????

tcp??????? 0??? 132 ::ffff:192.168.3.200:22 ????::ffff:192.168.3.115:51710? ESTABLISHED

tcp??????? 0????? 0 ::ffff:192.168.3.200:2222?? ::ffff:192.168.3.115:53516? ESTABLISHED

--刚才这里显示的SSH。 现在显示成对应的端口了。

Active UNIX domain sockets (w/o servers)

Proto RefCnt Flags?????? Type?????? State???????? I-Node Path

unix? 28???? [ ]???????? DGRAM??????????????????? 6709?? /dev/log

unix? 2????? [ ]???????? DGRAM??????????????????? 1413?? @/org/kernel/udev/udevd

unix? 2????? [ ]???????? DGRAM??????????????????? 7379?? @/org/freedesktop/hal/udev_event

unix? 2????? [ ]???????? DGRAM??????????????????? 15309?

unix? 2????? [ ]???????? DGRAM??????????????????? 13877?

unix? 2????? [ ]???????? DGRAM ???????????????????13005?

unix? 3????? [ ]???????? STREAM???? CONNECTED???? 12935?

unix? 3????? [ ]???????? STREAM???? CONNECTED???? 12934?

unix? 2????? [ ]???????? DGRAM??????????????????? 12930?

?

?

?Netstat -n基本上是-a参数的数字形式,-a?和 -n?是最常用的两个,其中

?????? (1)-n 显示用数字化主机名,即IP地址

?????? (2)-n?只显示TCP连接

?

??

[root@singledb ~]# netstat -r

Kernel IP routing table

Destination???? Gateway???????? Genmask???????? Flags?? MSS Window? irtt Iface

192.168.3.0???? *?????????????? 255.255.255.0?? U???????? 0 0????????? 0 bond0

192.168.122.0?? *?????????????? 255.255.255.0?? U???????? 0 0????????? 0 virbr0

169.254.0.0???? *?????????????? 255.255.0.0???? U???????? 0 0????????? 0 bond0

default???????? 192.168.3.1???? 0.0.0.0???????? UG??? ????0 0????????? 0 bond0???

?

?

[root@singledb ~]# netstat -s

Ip:

??? 63105 total packets received

??? 0 forwarded

??? 0 incoming packets discarded

??? 41834 incoming packets delivered

??? 33322 requests sent out

Icmp:

??? 1377 ICMP messages received

??? 0 input ICMP message failed.

??? ICMP input histogram:

??????? destination unreachable: 1377

??? 1377 ICMP messages sent

??? 0 ICMP messages failed

??? ICMP output histogram:

??????? destination unreachable: 1377

IcmpMsg:

??????? InType3: 1377

??????? OutType3: 1377

Tcp:

??? 147 active connections openings

??? 33 passive connection openings

??? 0 failed connection attempts

??? 0 connection resets received

??? 2 connections established

??? 31684 segments received

??? 31347 segments send out

??? 393 segments retransmited

??? 0 bad segments received.

??? 0 resets sent

Udp:

??? 132 packets received

??? 1 packets to unknown port received.

??? 0 packet receive errors

??? 201 packets sent

TcpExt:

??? 23 TCP sockets finished time wait in fast timer

??? 7032 delayed acks sent

??? 10 delayed acks further delayed because of locked socket

??? Quick ack mode was activated 8137 times

??? 2 packets directly queued to recvmsg prequeue.

??? 2 packets directly received from prequeue

??? 3496 packets header predicted

??? 2325 acknowledgments not containing data received

??? 7805 predicted acknowledgments

??? 6 times recovered from packet loss due to SACK data

??? TCPDSACKUndo: 3

??? 12 congestion windows recovered after partial ack

??? 3 TCP data loss events

??? 5 fast retransmits

??? 3 retransmits in slow start

??? 137 other TCP timeouts

??? 2 sack retransmits failed

??? 8137 DSACKs sent for old packets

??? 24 DSACKs received

IpExt:

??? InMcastPkts: 36

??? OutMcastPkts: 40

??? InBcastPkts: 8617

[root@singledb ~]#

读书人网 >UNIXLINUX

热点推荐

触屏版 | 电脑版

读书人网 m.reader8.net