本文详细解析了netstat命令中Recv-Q与Send-Q的含义及其可能的问题指示,帮助读者理解网络连接的状态,并提供了诊断网络问题的方法。
通过netstat -anp可以查看机器的当前连接状态:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8139 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:26837 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:1046 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN -
tcp6 0 910 10.100.83.145:57142 10.100.83.140:80 ESTABLISHED 7072/java
tcp6 0 0 10.100.83.145:57114 10.100.83.140:80 ESTABLISHED 7072/java
tcp6 0 914 10.100.83.145:57117 10.100.83.140:80 ESTABLISHED 7072/java
tcp6 0 910 10.100.83.145:57126 10.100.83.140:80 ESTABLISHED 7072/java
tcp6 0 0 10.100.83.145:57159 10.100.83.140:80 ESTABLISHED 7072/java
tcp6 0 0 10.100.83.145:57128 10.100.83.140:80 ESTABLISHED 7072/java
对proto,localAddress等都比较好理解,其中
Recv-Q Send-Q具体是什么含义呢?为什么
Send-Q时长不为0呢?不为0是不是表示网络出口阻塞了呢?针对这个问题查了下相关资料。
一个较详细的解释是:
What It Means
"Proto" is short for protocol, which is either TCP or UDP. "Recv-Q" and "Send-Q" mean receiving queue and sending queue. These should always be zero; if they're not you might have a problem. Packets should not be piling up in either queue, except briefly, as this example shows:
tcp 0 593 192.168.1.5:34321 venus.euao.com:smtp ESTABLISHED
That happened when I hit the "check mail" button in KMail; a brief queuing of outgoing packets is normal behavior. If the receiving queue is consistently jamming up, you might be experiencing a denial-of-service attack. If the sending queue does not clear quickly, you might have an application that is sending them out too fast, or the receiver cannot accept them quickly enough.
"Local address" is either your IP and port number, or IP and the name of a service. "Foreign address" is the hostname and service you are connected to. The asterisk is a placeholder for IP addresses, which of course cannot be known until a remote host connects. "State" is the current status of the connection. Any TCP state can be displayed here, but these three are the ones you want to see。
"Proto" is short for protocol, which is either TCP or UDP. "Recv-Q" and "Send-Q" mean receiving queue and sending queue. These should always be zero; if they're not you might have a problem. Packets should not be piling up in either queue, except briefly, as this example shows:
tcp 0 593 192.168.1.5:34321 venus.euao.com:smtp ESTABLISHED
That happened when I hit the "check mail" button in KMail; a brief queuing of outgoing packets is normal behavior. If the receiving queue is consistently jamming up, you might be experiencing a denial-of-service attack. If the sending queue does not clear quickly, you might have an application that is sending them out too fast, or the receiver cannot accept them quickly enough.
"Local address" is either your IP and port number, or IP and the name of a service. "Foreign address" is the hostname and service you are connected to. The asterisk is a placeholder for IP addresses, which of course cannot be known until a remote host connects. "State" is the current status of the connection. Any TCP state can be displayed here, but these three are the ones you want to see。
大致的意思是:
Recv-Q Send-Q分别表示网络接收队列,发送队列。Q是Queue的缩写。
这两个值通常应该为0,如果不为0可能是有问题的。packets在两个队列里都不应该有堆积状态。可接受短暂的非0情况。如文中的示例,短暂的Send-Q队列发送pakets非0是正常状态。
如果接收队列
Recv-Q
一直处于阻塞状态,可能是遭受了拒绝
服务
denial-of-service
攻击。
如果发送队列
Send-Q
不能很快的清零,可能是有应用向外发送数据包过快,或者是对方接收数据包不够快。
Recv-Q:表示收到的数据已经在本地接收缓冲,但是还有多少没有被进程取走,recv()
Send-Q:对方没有收到的数据或者说没有Ack的,还是本地缓冲区.
通过netstat的这两个值就可以简单判断程序收不到包到底是包没到还是包没有被进程recv。
扫一扫
8347
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
