2024年运维最全Linux 网络之netstat_netstat包，2024年最新电子版已问世

最新推荐文章于 2024-05-22 14:13:06 发布

上官夏恋

最新推荐文章于 2024-05-22 14:13:06 发布

阅读量692

点赞数 29

分类专栏：程序员文章标签：运维 linux 网络

本文链接：https://blog.csdn.net/2301_76328475/article/details/138441180

版权

程序员专栏收录该内容

122 篇文章 0 订阅

订阅专栏

最后的话

最近很多小伙伴找我要Linux学习资料，于是我翻箱倒柜，整理了一些优质资源，涵盖视频、电子书、PPT等共享给大家！

资料预览

给大家整理的视频资料：

给大家整理的电子书资料：

如果本文对你有帮助，欢迎点赞、收藏、转发给朋友，让我有持续创作的动力！

网上学习资料一大堆，但如果学到的知识不成体系，遇到问题时只是浅尝辄止，不再深入研究，那么很难做到真正的技术提升。

需要这份系统化的资料的朋友，可以点击这里获取！

一个人可以走的很快，但一群人才能走的更远！不论你是正从事IT行业的老鸟或是对IT行业感兴趣的新人，都欢迎加入我们的的圈子（技术交流、学习资源、职场吐槽、大厂内推、面试辅导），让我们一起学习成长！

[......]

Tcp:
…
359286 active connection openings
9463980 passive connection openings
453673963 segments received
922299281 segments sent out
127247 segments retransmitted
…
Udp:
[…]

TcpExt:
…
12252 packets pruned from receive queue because of socket buffer overrun
11727438 delayed acks sent
28248 fast retransmits
805315 packets collapsed in receive queue due to low socket buffer
TCPAutoCorking: 13520259
TCPSynRetrans: 24816
…


输出列出了各种网络统计信息，主要来自 TCP，按协议分组。一些示例统计数据:  
 转发的数据包与接收的总数据包的比率很高：检查服务器是否应该在转发(路由)数据包。  
 被动连接打开：可以对其进行监控以显示客户端连接的负载。  
 重传段与发出段的比率很高：表明网络可能不可靠。  
 TCPSynRetrans：显示重新传输的 SYN，这可能是由于远程端点因负载而从the listen backlog中丢弃 SYN。  
 由于套接字缓冲区溢出而从接收队列中删除的数据包：这是网络饱和的标志，如果应用程序有足够的系统资源，可以通过增加套接字缓冲区来修复。


一些tcp配置参数都在该目录下：

ls -l /proc/sys/net/ipv4/


比如：


1. TCP 接收缓冲区的大小是受控制的。通常情况下，默认都是使用 net.ipv4.tcp\_rmem 来控制缓冲区的大小。可以适当地增大这几个值的默认值，来获取更好的网络性能。

[root@localhost ~]# cat /proc/sys/net/ipv4/tcp_rmem
4096 87380 6291456


rmem有3 个字段：min、default、max。TCP 接收缓冲区大小是在 min 和 max 之间动态调整。


2. TCP 发送缓冲区的大小默认是受 net.ipv4.tcp\_wmem 来控制：

[root@localhost ~]# cat /proc/sys/net/ipv4/tcp_wmem
4096 16384 4194304


tcp\_wmem 中这三个数字的含义分别为 min、default、max。TCP 发送缓冲区的大小会在 min 和 max 之间动态调整，初始的大小是 default，这个动态调整的过程是由内核自动来做的，应用程序无法干预。自动调整的目的，是为了在尽可能少的浪费内存的情况下来满足发包的需要。


(3)

–route , -r
Display the kernel routing tables
等价于：
route
show / manipulate the IP routing table

ip - show / manipulate routing, devices, policy routing and tunnels
route - routing table entry.
ip route

(4)

–groups , -g
Display multicast group membership information for IPv4 and IPv6.

(5)

–numeric , -n
Show numerical addresses instead of trying to determine symbolic host, port or user names.

(6)

–protocol=family , -A
Specifies the address families (perhaps better described as low level protocols) for which connections are to be shown. family is a comma (‘,’) separated list of address family keywords like
inet, inet6, unix, ipx, ax25, netrom, econet, and ddp. This has the same effect as using the --inet|-4, --inet6|-6, --unix|-x, --ipx, --ax25, --netrom, and --ddp options.
The address family inet (Iv4) includes raw, udp, udplite and tcp protocol sockets.

(7)

-p, --program
Show the PID and name of the program to which each socket belongs.

(8)

-l, --listening
Show only listening sockets. (These are omitted by default.)


## 二、netstat输出说明

[root@localhost ~]# netstat -tnp
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 xx.xx.xx.xxx:22 xx.xx.xx.xx:xxxxx ESTABLISHED 28440/sshd: root@no
tcp 0 0 xx.xx.xx.xxx:22 xx.xx.xx.xx:xxxxx ESTABLISHED 27357/sshd: root@pt
tcp 0 0 xx.xx.xx.xxx:22 xx.xx.xx.xx:xxxxx ESTABLISHED 27361/sshd: root@no
tcp 0 96 xx.xx.xx.xxx:22 xx.xx.xx.xx:xxxxx ESTABLISHED 28436/sshd: root@pt

Proto
The protocol (tcp, udp, udpl, raw) used by the socket.

Recv-Q
Established: The count of bytes not copied by the user program connected to this socket.

Send-Q
Established: The count of bytes not acknowledged by the remote host.

Local Address
Address and port number of the local end of the socket.

Foreign Address
Address and port number of the remote end of the socket.

State

   ESTABLISHED
          The socket has an established connection.

   SYN_SENT
          The socket is actively attempting to establish a connection.

   SYN_RECV
          A connection request has been received from the network.

   FIN_WAIT1
          The socket is closed, and the connection is shutting down.

   FIN_WAIT2
          Connection is closed, and the socket is waiting for a shutdown from the remote end.

   TIME_WAIT
          The socket is waiting after close to handle packets still in the network.

   CLOSE  The socket is not being used.

   CLOSE_WAIT
          The remote end has shut down, waiting for the socket to close.

   LAST_ACK
          The remote end has shut down, and the socket is closed. Waiting for acknowledgement.

   LISTEN The socket is listening for incoming connections.  

   CLOSING
          Both sockets are shut down but we still don't have all our data sent.

   UNKNOWN
          The state of the socket is unknown.


其中三次握手过程设计到的State：  
 ![在这里插入图片描述](https://img-blog.csdnimg.cn/cca4f6cec42f4c57a224dc1f688a254a.png)  
 其中四次挥手设计到state：  
 ![在这里插入图片描述](https://img-blog.csdnimg.cn/708c90cc25f64e4daf6af2df8bbfc51d.png)  
 图片来源于：[图解网络](https://bbs.csdn.net/topics/618542503)

User
The username or the user id (UID) of the owner of the socket.

PID/Program name
Slash-separated pair of the process id (PID) and process name of the process that owns the socket.


Linux内核关于state的定义：

// linux-3.10/include/net/tcp_states.h

/*
* INET An implementation of the TCP/IP protocol suite for the LINUX
* operating system. INET is implemented using the BSD Socket
* interface as the means of communication with the user level.
*
* Definitions for the TCP protocol sk_state field.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*/
#ifndef _LINUX_TCP_STATES_H
#define _LINUX_TCP_STATES_H

enum {
TCP_ESTABLISHED = 1,
TCP_SYN_SENT,
TCP_SYN_RECV,
TCP_FIN_WAIT1,
TCP_FIN_WAIT2,
TCP_TIME_WAIT,
TCP_CLOSE,
TCP_CLOSE_WAIT,
TCP_LAST_ACK,
TCP_LISTEN,
TCP_CLOSING, /* Now a valid state */

TCP_MAX_STATES	/\* Leave at the end! \*/

};

#define TCP_STATE_MASK 0xF

#define TCP_ACTION_FIN (1 << 7)

enum {
TCPF_ESTABLISHED = (1 << 1),
TCPF_SYN_SENT = (1 << 2),
TCPF_SYN_RECV = (1 << 3),
TCPF_FIN_WAIT1 = (1 << 4),
TCPF_FIN_WAIT2 = (1 << 5),
TCPF_TIME_WAIT = (1 << 6),
TCPF_CLOSE = (1 << 7),
TCPF_CLOSE_WAIT = (1 << 8),
TCPF_LAST_ACK = (1 << 9),
TCPF_LISTEN = (1 << 10),
TCPF_CLOSING = (1 << 11)
};

#endif /* _LINUX_TCP_STATES_H */


## 三、netstat数据来源


**先自我介绍一下，小编浙江大学毕业，去过华为、字节跳动等大厂，目前在阿里**

**深知大多数程序员，想要提升技能，往往是自己摸索成长，但自己不成体系的自学效果低效又漫长，而且极易碰到天花板技术停滞不前！**

**因此收集整理了一份《2024年最新Linux运维全套学习资料》，初衷也很简单，就是希望能够帮助到想自学提升又不知道该从何学起的朋友。**
![img](https://img-blog.csdnimg.cn/img_convert/1fd8eacc6109a9c61d2ed23f9caa5c69.png)
![img](https://img-blog.csdnimg.cn/img_convert/3e63005a4b32cb1397cb0237857a5682.png)
![img](https://img-blog.csdnimg.cn/img_convert/b0cbf9f1c6f4daf9e972ce4aee063dbc.png)
![img](https://img-blog.csdnimg.cn/img_convert/72c1532fb59e204405d53dfbf11ae1a9.png)
![img](https://img-blog.csdnimg.cn/img_convert/e497847632eb5b1a677534fa13e0c0e6.png)

**既有适合小白学习的零基础资料，也有适合3年以上经验的小伙伴深入学习提升的进阶课程，涵盖了95%以上运维知识点，真正体系化！**

**由于文件比较多，这里只是将部分目录截图出来，全套包含大厂面经、学习笔记、源码讲义、实战项目、大纲路线、讲解视频，并且后续会持续更新**

**[需要这份系统化的资料的朋友，可以点击这里获取！](https://bbs.csdn.net/topics/618542503)**

714803592978)]
[外链图片转存中...(img-KJcwEanb-1714803592978)]
[外链图片转存中...(img-tD698KkT-1714803592979)]
[外链图片转存中...(img-wstyxK5B-1714803592979)]

**既有适合小白学习的零基础资料，也有适合3年以上经验的小伙伴深入学习提升的进阶课程，涵盖了95%以上运维知识点，真正体系化！**

**由于文件比较多，这里只是将部分目录截图出来，全套包含大厂面经、学习笔记、源码讲义、实战项目、大纲路线、讲解视频，并且后续会持续更新**

**[需要这份系统化的资料的朋友，可以点击这里获取！](https://bbs.csdn.net/topics/618542503)**