netstat是linux下用于顯示網(wǎng)絡(luò)狀態(tài)的命令。通過(guò)它能統(tǒng)計(jì)端口情況蔗崎,網(wǎng)絡(luò)連接狀態(tài)酵幕,路由表等信息。在網(wǎng)絡(luò)開(kāi)發(fā)或運(yùn)維中缓苛,經(jīng)常會(huì)使用netstat來(lái)查看網(wǎng)絡(luò)狀態(tài)芳撒。
參數(shù)含義
-a,--all
顯示所有套接字的連接狀態(tài)未桥,默認(rèn)只顯示已建立連接的套接字笔刹,加上此參數(shù)后,也會(huì)顯示Listen狀態(tài)的套接字冬耿。
默認(rèn):
[root ~]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 iZ135ux6u63Z:42584 121.58.13.94:mysql ESTABLISHED
tcp 0 0 iZ135ux6u63Z:6379 62.48.69.16:54744 ESTABLISHED
tcp 0 0 localhost:40940 localhost:metasys ESTABLISHED
tcp 0 0 iZ235ux6u63Z:ssh 128.56.16.10:34353 ESTABLISHED
加-a后舌菜, State下會(huì)顯示“LISTEN”狀態(tài)的套接字
[root ~]# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:tproxy 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:https 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:40400 0.0.0.0:* LISTEN
......
tcp 0 0 iZ135ux8u13Z:42584 121.58.13.94:mysql ESTABLISHED
tcp 0 0 iZ135ux8u13Z:6379 62.48.69.16:54744 ESTABLISHED
tcp 0 0 localhost:40940 localhost:metasys ESTABLISHED
tcp 0 0 iZ135ux8u13Z:ssh 128.56.16.10:34353 ESTABLISHED
-n,--numeric
以數(shù)字形式顯示ip地址淆党。默認(rèn)會(huì)顯示解析過(guò)的host酷师,prot,或用戶(hù)名染乌。
默認(rèn):
[root ~]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 iZ135ux8u13Z:42584 121.58.13.94:mysql ESTABLISHED
tcp 0 0 iZ135ux8u13Z:6379 62.48.69.16:54744 ESTABLISHED
tcp 0 0 localhost:40940 localhost:metasys ESTABLISHED
tcp 0 0 iZ135ux8u13Z:ssh 128.56.16.10:34353 ESTABLISHED
加-n后山孔,mysql,ssh荷憋,localhost等都以ip或者端口形式顯示
[root ~]# netstat -n
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 123.40.125.228:42584 121.58.13.94:3306 ESTABLISHED
tcp 0 0 123.40.125.228:6379 62.48.69.16:54744 ESTABLISHED
tcp 0 0 127.0.0.1:40940 127.0.0.1:11001 ESTABLISHED
tcp 0 0 123.40.125.228:ssh 128.56.16.10:34353 ESTABLISHED
-l台颠,--listening
只顯示LISTEN狀態(tài)的套接字
[root ~]# netstat -l
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:tproxy 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:https 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:40400 0.0.0.0:* LISTEN
-t,--tcp 和 -u,--udp
只顯示tcp(udp)連接串前。
-p瘫里,--program
顯示進(jìn)程PID和進(jìn)程名稱(chēng)
[root ~]# netstat -p
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 iZ135ux8u13Z:42584 121.58.13.94:mysql ESTABLISHED 4815/java
tcp 0 0 iZ135ux8u13Z:6379 62.48.69.16:54744 ESTABLISHED 840/redis-server *:
tcp 0 0 localhost:40940 localhost:metasys ESTABLISHED 5109/java
tcp 0 0 iZ135ux8u13Z:6379 128.56.16.10:65097 ESTABLISHED 840/redis-server *:
-i,--interfaces
顯示網(wǎng)絡(luò)接口
[root ~]# netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
docker0 1500 2560782 0 0 0 4151415 0 0 0 BMU
eth0 1500 23379381 0 0 0 34455532 0 0 0 BMRU
eth1 1500 217716581 0 0 0 202343360 0 0 0 BMRU
lo 65536 240937752 0 0 0 240937752 0 0 0 LRU
-r荡碾,--route
顯示路由表
[root ~]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default gateway 0.0.0.0 UG 0 0 0 eth1
10.0.0.0 10.165.21.247 255.0.0.0 UG 0 0 0 eth0
10.168.64.0 0.0.0.0 255.255.248.0 U 0 0 0 eth0
100.64.0.0 10.165.21.247 255.192.0.0 UG 0 0 0 eth0
121.40.180.0 0.0.0.0 255.255.252.0 U 0 0 0 eth1
link-local 0.0.0.0 255.255.0.0 U 0 0 0 eth0
link-local 0.0.0.0 255.255.0.0 U 0 0 0 eth1
172.16.0.0 10.165.21.247 255.240.0.0 UG 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.240.0 U 0 0 0 docker0
-e谨读,--extend
顯示額外信息
-ie能顯示網(wǎng)絡(luò)接口的詳細(xì)信息,和ifconfig命令的顯示內(nèi)容一致
-pe會(huì)顯示進(jìn)程名和用戶(hù)名
[root ~]# netstat -pe
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 iZ135ux8u13Z:42584 121.58.13.94:mysql ESTABLISHED root 70731166 4815/java
tcp 0 0 iZ135ux8u13Z:6379 62.48.69.16:54744 ESTABLISHED redis 35176559 840/redis-server *:
tcp 0 0 localhost:40940 localhost:metasys ESTABLISHED root 74749821 5109/java
tcp 0 0 iZ135ux8u13Z:6379 128.56.16.10:65097 ESTABLISHED redis 25990225 840/redis-server *:
-ne坛吁,User一列會(huì)顯示id而非用戶(hù)名
-s劳殖,--statistics
顯示每個(gè)協(xié)議的統(tǒng)計(jì)信息
[root ~]# netstat -s
Ip:
484627137 total packets received
6705287 forwarded
501 with unknown protocol
0 incoming packets discarded
477921341 incoming packets delivered
481921712 requests sent out
72 dropped because of missing route
Icmp:
25322 ICMP messages received
7175 input ICMP message failed.
InCsumErrors: 9
ICMP input histogram:
destination unreachable: 9616
timeout in transit: 427
redirects: 94
echo requests: 15165
echo replies: 10
timestamp request: 1
190825 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 175649
echo request: 10
echo replies: 15165
timestamp replies: 1
.......
用法示例
打印所有監(jiān)聽(tīng)端口及對(duì)應(yīng)的進(jìn)程id和名稱(chēng)
[root ~]# netstat -nlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN 840/redis-server *:
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 5109/java
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 989/nginx: master p
tcp 0 0 0.0.0.0:14001 0.0.0.0:* LISTEN 26902/java
tcp 0 0 0.0.0.0:8081 0.0.0.0:* LISTEN 28705/java
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 836/sshd
查看tcp端口
[root ~]# netstat -tnp
tcp 0 4080 182.92.221.114:22 123.122.21.121:17350 ESTABLISHED 18909/sshd
tcp 0 0 10.172.248.114:6379 10.171.86.96:56562 ESTABLISHED 18441/redis-server
tcp 0 0 10.172.248.114:6379 10.171.86.96:56496 ESTABLISHED 18441/redis-server
tcp 0 0 10.172.248.114:27017 10.171.86.96:46927 ESTABLISHED 21380/mongod
查看端口是否正常監(jiān)聽(tīng)
查看是否處于監(jiān)聽(tīng)狀態(tài)
[root ~]# netstat -nlp | grep ":80 "
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 989/nginx: master p
另外可以使用telnet
測(cè)試遠(yuǎn)程服務(wù)器的端口是否打開(kāi):
telnet reomte-ip 80
如果本地正常監(jiān)聽(tīng),但telent不通拨脉,原因可能是防火墻沒(méi)有屏蔽的端口哆姻,需檢查防火墻設(shè)置。
各個(gè)監(jiān)聽(tīng)狀態(tài)的含義
轉(zhuǎn)自:http://www.cnblogs.com/peida/archive/2013/03/08/2949194.html
LISTEN:偵聽(tīng)來(lái)自遠(yuǎn)方的TCP端口的連接請(qǐng)求
SYN-SENT:再發(fā)送連接請(qǐng)求后等待匹配的連接請(qǐng)求(如果有大量這樣的狀態(tài)包玫膀,檢查是否中招了)
SYN-RECEIVED:再收到和發(fā)送一個(gè)連接請(qǐng)求后等待對(duì)方對(duì)連接請(qǐng)求的確認(rèn)(如有大量此狀態(tài)矛缨,估計(jì)被flood攻擊了)
ESTABLISHED:代表一個(gè)打開(kāi)的連接
FIN-WAIT-1:等待遠(yuǎn)程TCP連接中斷請(qǐng)求,或先前的連接中斷請(qǐng)求的確認(rèn)
FIN-WAIT-2:從遠(yuǎn)程TCP等待連接中斷請(qǐng)求
CLOSE-WAIT:等待從本地用戶(hù)發(fā)來(lái)的連接中斷請(qǐng)求
CLOSING:等待遠(yuǎn)程TCP對(duì)連接中斷的確認(rèn)
LAST-ACK:等待原來(lái)的發(fā)向遠(yuǎn)程TCP的連接中斷請(qǐng)求的確認(rèn)(不是什么好東西帖旨,此項(xiàng)出現(xiàn)箕昭,檢查是否被攻擊)
TIME-WAIT:等待足夠的時(shí)間以確保遠(yuǎn)程TCP接收到連接中斷請(qǐng)求的確認(rèn)
CLOSED:沒(méi)有任何連接狀態(tài)
參考: linux man:man netstat