onlylove@ubuntu:~$ netstat -help
usage: netstat[-vWeenNcCF][<Af>] -r netstat{-V|--version|-h|--help}netstat[-vWnNcaeol][<Socket>...]netstat{[-vWeenNac] -i |[-cnNe] -M | -s [-6tuw]}
-r, --route display routing table
-i, --interfaces display interface table
-g, --groups display multicast group memberships
-s, --statistics display networking statistics (like SNMP)
-M, --masquerade display masqueraded connections
-v, --verbose be verbose
-W, --wide don't truncate IP addresses
-n, --numeric don't resolve names
--numeric-hosts don't resolve host names
--numeric-ports don't resolve port names
--numeric-users don't resolve user names
-N, --symbolic resolve hardware names
-e, --extend display other/more information
-p, --programs display PID/Program name for sockets
-o, --timers display timers
-c, --continuous continuous listing
-l, --listening display listening server sockets
-a, --all display all sockets (default: connected)
-F, --fib display Forwarding Information Base (default)
-C, --cache display routing cache instead of FIB
-Z, --context display SELinux security context for sockets
<Socket>={-t|--tcp} {-u|--udp} {-U|--udplite} {-S|--sctp} {-w|--raw}
{-x|--unix} --ax25 --ipx --netrom
<AF>=Use '-6|-4' or '-A <af>' or '--<af>'; default: inet
List of possible address families (which support routing):
inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25)
netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP)
x25 (CCITT X.25)
onlylove@ubuntu:~$
二、参数说明
参数
说明
-r, --route
显示路由表
-i, --interfaces
显示接口表
-g, --groups
显示组播组成员
-s, --statistics
显示网络统计信息(如SNMP)
-M, --masquerade
显示伪装的连接
-v, --verbose
详细
-W, --wide
不要截断IP地址
-n, --numeric
不解析名称
–numeric-hosts
不解析主机名
–numeric-ports
不解析端口名称
–numeric-users
不解析用户名
-N, --symbolic
解析硬件名称
-e, --extend
显示其他/更多信息
-p, --programs
显示套接字的 PID/程序名称
-o, --timers
显示计时器
-c, --continuous
连续的清单
-l, --listening
显示侦听服务器套接字
-a, --all
显示所有套接字(默认:已连接)
-F, --fib
显示转发信息库(默认)
-C, --cache
显示路由缓存而不是 FIB
-Z, --context
显示套接字的 SELinux 安全上下文
-t, --tcp
-u, --udp
-U, --udplite
-S, --sctp
-w, --raw
-x, --unix
–ax25
–ipx
–netrom
三、man netstat
NETSTAT(8) Linux System Administrator's Manual NETSTAT(8)
NAME
netstat - Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships
打印网络连接、路由表、接口统计信息、伪装程序连接和多播成员身份
SYNOPSIS
netstat [address_family_options] [--tcp|-t] [--udp|-u] [--udplite|-U] [--sctp|-S] [--raw|-w] [--l2cap|-2] [--rfcomm|-f] [--listening|-l] [--all|-a] [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--symbolic|-N] [--extend|-e[--extend|-e]] [--timers|-o] [--program|-p] [--verbose|-v] [--continuous|-c] [--wide|-W]
netstat {--route|-r} [address_family_options] [--extend|-e[--extend|-e]] [--verbose|-v] [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--continuous|-c]
netstat {--interfaces|-i} [--all|-a] [--extend|-e[--extend|-e]] [--verbose|-v] [--program|-p] [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--continuous|-c]
netstat {--groups|-g} [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--continuous|-c]
netstat {--masquerade|-M} [--extend|-e] [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--continuous|-c]
netstat {--statistics|-s} [--tcp|-t] [--udp|-u] [--udplite|-U] [--sctp|-S] [--raw|-w]
netstat {--version|-V}
netstat {--help|-h}
address_family_options:
[-4|--inet] [-6|--inet6] [--protocol={inet,inet6,unix,ipx,ax25,netrom,ddp,bluetooth, ... } ] [--unix|-x]
[--inet|--ip|--tcpip] [--ax25] [--x25] [--rose] [--ash] [--bluetooth] [--ipx] [--netrom] [--ddp|--appletalk]
[--econet|--ec]
NOTES
This program is mostly obsolete. Replacement for netstat is ss. Replacement for netstat -r is ip route. Replacement for netstat -i is ip -s link. Replacement for netstat -g is ip maddr.
这个程序基本上已经过时了。netstat的替代品是ss。netstat -r 的替代是 ip 路由。netstat -i 的替代者是 ip -s 链接。 netstat -g 的替代品是 ip maddr。
DESCRIPTION
Netstat prints information about the Linux networking subsystem. The type of information printed is controlled by the first argument, as follows:
Netstat 打印有关 Linux 网络子系统的信息。 打印的信息类型由第一个参数控制,如下所示:
(none)
By default, netstat displays a list of open sockets. If you don't specify any address families, then the active sockets of all configured address families will be printed.
默认情况下,netstat 显示打开的套接字列表。如果未指定任何地址系列,则将打印所有已配置地址系列的活动套接字。
--route, -r
Display the kernel routing tables. See the description in route(8) for details. netstat -r and route -e produce the same output.
显示内核路由表。有关详细信息,请参阅 route(8) 中的说明。 netstat -r 和 route -e 产生相同的输出。
--groups, -g
Display multicast group membership information for IPv4 and IPv6.
显示 IPv4 和 IPv6 的多播组成员身份信息。
--interfaces, -i
Display a table of all network interfaces.
显示所有网络接口的表。
--masquerade, -M
Display a list of masqueraded connections.
显示伪装连接的列表。
--statistics, -s
Display summary statistics for each protocol.
显示每个协议的汇总统计信息。
OPTIONS
--verbose, -v
Tell the user what is going on by being verbose. Especially print some useful information about unconfigured address families.
通过详细地告诉用户正在发生什么。特别是打印一些关于未配置地址族的有用信息。
--wide, -W
Do not truncate IP addresses by using output as wide as needed. This is optional for now to not break existing scripts.
不要使用所需的输出宽度来截断IP地址。为了不破坏现有的脚本,这是可选的。
--numeric, -n
Show numerical addresses instead of trying to determine symbolic host, port or user names.
显示数字地址,而不是试图确定符号主机、端口或用户名。
--numeric-hosts
shows numerical host addresses but does not affect the resolution of port or user names.
显示数字主机地址,但不影响端口或用户名的解析。
--numeric-ports
shows numerical port numbers but does not affect the resolution of host or user names.
示数字端口号,但不影响主机或用户名的解析。
--numeric-users
shows numerical user IDs but does not affect the resolution of host or port names.
显示数字用户id,但不影响主机或端口名的解析。
--protocol=family, -A
Specifies the address families (perhaps better described as low level protocols) for which connections are to be shown. family is a comma (',') separated list of address family keywords like inet, inet6, unix, ipx, ax25, netrom, econet, ddp, and bluetooth. This has the same effect as using the --inet|-4, --inet6|-6, --unix|-x, --ipx, --ax25, --netrom, --ddp, and --bluetooth options.
The address family inet (Iv4) includes raw, udp, udplite and tcp protocol sockets.
The address family bluetooth (Iv4) includes l2cap and rfcomm protocol sockets.
指定要显示连接的地址族(最好描述为低级别协议)。Family是由逗号(',')分隔的地址族关键字列表,如inet、inet6、unix、ipx、ax25、netrom、econet、ddp和bluetooth。这与使用 --inet|-4、--inet6|-6、--unix|-x、--ipx、--ax25、--netrom、--ddp 和 --bluetooth 选项具有相同的效果。
地址族inet (Iv4)包括raw、udp、udplite和tcp协议套接字。
地址系列蓝牙 (Iv4) 包括 l2cap 和 rfcomm 协议插座。
-c, --continuous
This will cause netstat to print the selected information every second continuously.
这将导致netstat每秒钟连续打印选定的信息。
-e, --extend
Display additional information. Use this option twice for maximum detail.
显示额外的信息。使用此选项两次以获得最大详细信息。
-o, --timers
Include information related to networking timers.
包括与联网计时器相关的信息。
-p, --program
Show the PID and name of the program to which each socket belongs.
显示每个套接字所属程序的 PID 和名称。
-l, --listening
Show only listening sockets. (These are omitted by default.)
只显示监听套接字。(这些默认省略。)
-a, --all
Show both listening and non-listening sockets. With the --interfaces option, show interfaces that are not up
同时显示侦听和非侦听套接字。使用 --interfaces 选项,显示未启动的接口。
-F
Print routing information from the FIB. (This is the default.)
从FIB中打印路由信息。(这是默认值。)
-C
Print routing information from the route cache.
从路由缓存打印路由信息。
OUTPUT
Active Internet connections (TCP, UDP, UDPLite, raw) 活跃的互联网连接(TCP, UDP, UDPLite,raw)
Proto
The protocol (tcp, udp, udpl, raw) used by the socket.
套接字使用的协议(tcp, udp, udpl, raw)。
Recv-Q
Established: The count of bytes not copied by the user program connected to this socket. Listening: Since Kernel 2.6.18 this column contains the current syn backlog.
已建立:连接到此套接字的用户程序未复制的字节数。 侦听:从内核 2.6.18 开始,此列包含当前的 syn 积压工作。
Send-Q
Established: The count of bytes not acknowledged by the remote host. Listening: Since Kernel 2.6.18 this column contains the maximum size of the syn backlog.
已建立:远程主机未确认的字节数。 侦听:从内核 2.6.18 开始,此列包含 syn 积压工作的最大大小。
Local Address
Address and port number of the local end of the socket. Unless the --numeric (-n) option is specified, the socket address is resolved to its canonical host name (FQDN), and the port number is translated into the corresponding service name.
套接字本地端的地址和端口号。除非指定了 --numeric (-n) 选项,否则套接字地址将解析为其规范主机名 (FQDN),并将端口号转换为相应的服务名称。
Foreign Address
Address and port number of the remote end of the socket. Analogous to "Local Address".
套接字的远程端的地址和端口号。 类似于"本地地址"。
State
The state of the socket. Since there are no states in raw mode and usually no states used in UDP and UDPLite,this column may be left blank. Normally this can be one of several values:
套接字的状态。由于原始模式下没有状态,并且通常没有在UDP和UDPLite中使用的状态,因此此列可能留空。通常,这可以是以下几个值之一:
ESTABLISHED
The socket has an established connection.
套接字已建立连接。
SYN_SENT
The socket is actively attempting to establish a connection.
套接字正在主动尝试建立连接。
SYN_RECV
A connection request has been received from the network.
已从网络收到连接请求。
FIN_WAIT1
The socket is closed, and the connection is shutting down.
套接字已关闭,并且连接正在关闭。
FIN_WAIT2
Connection is closed, and the socket is waiting for a shutdown from the remote end.
连接已关闭,并且套接字正在等待从远程端关闭。
TIME_WAIT
The socket is waiting after close to handle packets still in the network.
套接字在关闭后正在等待处理仍在网络中的数据包。
CLOSE The socket is not being used. 未使用套接字。
CLOSE_WAIT
The remote end has shut down, waiting for the socket to close.
远程端已关闭,等待套接字关闭。
LAST_ACK
The remote end has shut down, and the socket is closed. Waiting for acknowledgement.
远程端已关闭,套接字已关闭。正在等待确认。
LISTEN
The socket is listening for incoming connections. Such sockets are not included in the output unless you specify the --listening (-l) or --all (-a) option.
套接字正在侦听传入连接。 除非指定 --listening(-l) 或 --all(-a) 选项,否则此类套接字不包括在输出中。
CLOSING
Both sockets are shut down but we still don't have all our data sent.
两个套接字都已关闭,但我们仍然没有发送所有数据。
UNKNOWN
The state of the socket is unknown.
套接字的状态未知。
User
The username or the user id (UID) of the owner of the socket.
套接字所有者的用户名或用户 ID (UID)。
PID/Program name
Slash-separated pair of the process id (PID) and process name of the process that owns the socket. --program causes this column to be included. You will also need superuser privileges to see this information on sockets you don't own. This identification information is not yet available for IPX sockets.
拥有套接字的进程的进程 ID (PID) 和进程名称的斜杠分隔对。--program使此列被包括在内。您还需要超级用户权限才能在不属于您的套接字上查看此信息。此标识信息尚不可用于 IPX 套接字。
Timer
(this needs to be written)
Active UNIX domain Sockets 活动 UNIX 域套接字
Proto
The protocol (usually unix) used by the socket.
套接字使用的协议(通常是 unix)。
RefCnt
The reference count (i.e. attached processes via this socket).
引用计数(即通过这个套接字连接的进程)。
Flags
The flags displayed is SO_ACCEPTON (displayed as ACC), SO_WAITDATA (W) or SO_NOSPACE (N). SO_ACCECPTON is used on unconnected sockets if their corresponding processes are waiting for a connect request. The other flags are not of normal interest.
显示的标志为SO_ACCEPTON(显示为 ACC)、SO_WAITDATA (W) 或 SO_NOSPACE (N)。如果未连接的套接字的相应进程正在等待连接请求,则在未连接的套接字上使用SO_ACCECPTON。其他标志不是正常的兴趣。
Type
There are several types of socket access:
有几种类型的套接字访问:
SOCK_DGRAM
The socket is used in Datagram (connectionless) mode.
套接字在数据报(无连接)模式下使用。
SOCK_STREAM
This is a stream (connection) socket.
这是一个流(连接)套接字。
SOCK_RAW
The socket is used as a raw socket.
套接字用作raw套接字。
SOCK_RDM
This one serves reliably-delivered messages.
这个提供可靠传递的消息。
SOCK_SEQPACKET
This is a sequential packet socket.
这是一个顺序数据包套接字。
SOCK_PACKET
Raw interface access socket.
Raw 接口访问套接字。
UNKNOWN
Who ever knows what the future will bring us - just fill in here :-)
State
This field will contain one of the following Keywords:
此字段将包含以下关键字之一:
FREE The socket is not allocated 未分配套接字
LISTENING
The socket is listening for a connection request. Such sockets are only included in the output if you specify the --listening (-l) or --all (-a) option.
套接字正在侦听连接请求。仅当指定 --listening (-l) 或 --all (-a) 选项时,此类套接字才会包含在输出中。
CONNECTING
The socket is about to establish a connection.
套接字即将建立连接。
CONNECTED
The socket is connected.
套接字已连接
DISCONNECTING
The socket is disconnecting.
套接字未连接。
(empty)
The socket is not connected to another one.
套接字未连接其他套接字。
UNKNOWN
This state should never happen.
这种状态永远不应该发生。
PID/Program name
Process ID (PID) and process name of the process that has the socket open. More info available in Active Internet connections section written above.
已打开套接字的进程的进程 ID (PID) 和进程名称。有关详细信息,请参阅上面的"活动互联网连接"部分。
Path
This is the path name as which the corresponding processes attached to the socket.
这是连接到套接字的相应进程的路径名。
Active IPX sockets
(this needs to be done by somebody who knows it)
Active NET/ROM sockets
(this needs to be done by somebody who knows it)
Active AX.25 sockets
(this needs to be done by somebody who knows it)
FILES
/etc/services -- The services translation file 服务翻译文件
/proc -- Mount point for the proc filesystem, which gives access to kernel status information via the following files.
proc 文件系统的挂载点,它允许通过以下文件访问内核状态信息。
/proc/net/dev -- device information 设备信息
/proc/net/raw -- raw socket information raw 套接字信息
/proc/net/tcp -- TCP socket information TCP 套接字信息
/proc/net/udp -- UDP socket information UDP 套接字信息
/proc/net/udplite -- UDPLite socket information UDPLite 套接字信息
/proc/net/igmp -- IGMP multicast information IGMP 多播信息
/proc/net/unix -- Unix domain socket information Unix 域套接字信息
/proc/net/ipx -- IPX socket information IPX套接字信息
/proc/net/ax25 -- AX25 socket information AX25套接字信息
/proc/net/appletalk -- DDP (appletalk) socket information DDP 套接字信息
/proc/net/nr -- NET/ROM socket information NET/ROM 套接字信息
/proc/net/route -- IP routing information IP 路由信息
/proc/net/ax25_route -- AX25 routing information AX25 路由信息
/proc/net/ipx_route -- IPX routing information IPX 路由信息
/proc/net/nr_nodes -- NET/ROM nodelist NET/ROM 节点列表
/proc/net/nr_neigh -- NET/ROM neighbours NET/ROM 邻居
/proc/net/ip_masquerade -- masqueraded connections
/sys/kernel/debug/bluetooth/l2cap -- Bluetooth L2CAP information
/sys/kernel/debug/bluetooth/rfcomm -- Bluetooth serial connections
/proc/net/snmp -- statistics
SEE ALSO
route(8), ifconfig(8), iptables(8), proc(5) ss(8) ip(8)
BUGS
Occasionally strange information may appear if a socket changes as it is viewed. This is unlikely to occur.
AUTHORS
The netstat user interface was written by Fred Baumgarten <dc6iq@insu1.etec.uni-karlsruhe.de>, the man page basi‐
cally by Matt Welsh <mdw@tc.cornell.edu>. It was updated by Alan Cox <Alan.Cox@linux.org>, updated again by Tuan
Hoang <tqhoang@bigfoot.com>. The man page and the command included in the net-tools package is totally rewritten
by Bernd Eckenfels <ecki@linux.de>. UDPLite options were added by Brian Micek <bmicek@gmail.com>
net-tools 2014-10-07 NETSTAT(8)