linux netstat
The Linux netstat command gives you a treasure-trove of information about your network connections, the ports that are in use, and the processes using them. Learn how to use it.
Linux netstat命令可为您提供有关网络连接,正在使用的端口以及使用它们的进程的信息宝库。 了解如何使用它。
端口,进程和协议 (Ports, Processes, and Protocols)
Network sockets can either be connected or waiting for a connection. The connections use networking protocols like Transport Control Protocol (TCP) or User Datagram Protocol UDP. They use Internet Protocol addresses and network ports to establish connections.
网络套接字可以连接,也可以等待连接。 这些连接使用网络协议,例如传输控制协议 (TCP)或用户数据报协议 UDP。 他们使用Internet协议地址和网络端口建立连接。
The word sockets might conjure up images of a physical connection point for a lead or cable, but in this context, a socket is a software construct used to handle one end of a network data connection.
套接字一词可以让人联想到导线或电缆的物理连接点,但是在这种情况下,套接字是一种用于处理网络数据连接一端的软件结构。
Sockets have two main states: They are either connected and facilitating an ongoing network communication, or they are waiting for an incoming connection to connect to them. There are other states, such as the state when a socket is midway through establishing a connection on a remote device, but putting transient states aside, you can think of a socket as either being connected or waiting (which is often called listening).
套接字有两种主要状态:它们已连接并促进正在进行的网络通信,或者它们正在等待传入连接以连接到它们。 还有其他状态,例如套接字在远程设备上建立连接的过程中途的状态,但是暂存瞬态状态时,您可以将套接字视为已连接或正在等待(通常称为侦听 )。
The listening socket is called the server, and the socket that requests a connection with the listening socket is called a client. These names have nothing to do with hardware or computer roles. They simply define the role of each socket at each end of the connection.
侦听套接字称为服务器 ,而请求与侦听套接字建立连接的套接字称为客户端 。 这些名称与硬件或计算机角色无关。 它们仅定义连接两端的每个套接字的角色。
The netstat command lets you discover which sockets are connected and which sockets are listening. Meaning, it tells you which ports are in use and which processes are using them. It can show you routing tables and statistics about your network interfaces and multicast connections.
netstat命令可让您发现连接了哪些套接字以及正在侦听哪些套接字。 意思是,它告诉您正在使用哪些端口以及正在使用哪些端口。 它可以显示有关网络接口和多播连接的路由表和统计信息。
The functionality of netstat has been replicated over time in different Linux utilities, such as ip and ss. It’s still worth knowing this granddaddy of all network analysis commands, because it is available on all Linux and Unix-like operating systems, and even on Windows and Mac.
随着时间的推移, netstat的功能已在不同的Linux实用程序(例如ip和ss)中复制。 仍然值得了解所有网络分析命令的祖父,因为它可用于所有类似Linux和Unix的操作系统,甚至适用于Windows和Mac。
Here’s how to use it, complete with example commands.
这是使用方法,并附有示例命令。
列出所有套接字 (Listing All Sockets)
The -a (all) option makes netstat show all the connected and waiting sockets. This command is liable to produce a long listing, so we pipe it into less.
-a (all)选项使netstat显示所有已连接和正在等待的套接字。 此命令可能会产生较长的清单,因此我们将其输送到less 。
netstat -a | less
The listing includes TCP (IP), TCP6 (IPv6), and UDP sockets.
该清单包括TCP(IP), TCP6 (IPv6)和UDP套接字。
The wrap-around in the terminal window makes it a little difficult to see what is going on. Here’s a couple of sections from that listing:
终端窗口中的回绕使得很难看到发生了什么。 这是该清单中的几个部分:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:domain 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:ipp 0.0.0.0:* LISTEN
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 ip6-localhost:ipp [::]:* LISTEN
.
.
.
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 24 [ ] DGRAM 12831 /run/systemd/journal/dev-log
unix 2 [ ACC ] STREAM LISTENING 24747 @/tmp/dbus-zH6clYmvw8
unix 2 [ ] DGRAM 26372 /run/user/1000/systemd/notify
unix 2 [ ] DGRAM 23382 /run/user/121/systemd/notify
unix 2 [ ACC ] SEQPACKET LISTENING 12839 /run/udev/control
The “Active Internet” section lists the connected external connections and local sockets listening for remote connection requests. That is, it lists the network connections that are (or will be) established to external devices.
“活动Internet”部分列出了已连接的外部连接和本地套接字,用于侦听远程连接请求。 也就是说,它列出了(或将要)建立到外部设备的网络连接。
The “UNIX domain” section lists the connected and listening internal connections. In other words, it lists the connections that have been established within your computer between different applications, processes, and elements of the operating system.
“ UNIX域”部分列出了已连接的和正在侦听的内部连接。 换句话说,它列出了计算机中不同应用程序,进程和操作系统元素之间已建立的连接。
The “Active Internet” columns are:
“活动的互联网”列为:
Proto: The protocol used by this socket (for example, TCP or UDP).
Proto:此套接字使用的协议(例如,TCP或UDP)。
Recv-Q: The receive queue. These are incoming bytes that have been received and are buffered, waiting for the local process that is using this connection to read and consume them.
Recv-Q:接收队列。 这些是已接收并已缓冲的传入字节,等待使用此连接的本地进程读取和使用它们。
Send-Q: The send queue. This shows the bytes that are ready to be sent from the send queue.
Send-Q:发送队列。 这显示了准备从发送队列发送的字节。
Local address: The address details of the local end of the connection. The default is for
netstatto show the local hostname for the address, and the name of the service for the port.本地地址:连接本地端的地址详细信息。
netstat的默认值是显示地址的本地主机名以及端口的服务名称。Foreign address: The address and port number of the remote end of the connection.
外部地址:连接远端的地址和端口号。
State: The state of the local socket. For UDP sockets, this is usually blank. See the state table, below.
状态:本地套接字的状态。 对于UDP套接字,通常为空白。 请参阅下面的状态表。
For TCP connections, the state value can be one of the following :
对于TCP连接, 状态值可以是以下之一:
LISTEN: Server-side only. The socket is waiting for a connection request.
LISTEN:仅服务器端。 套接字正在等待连接请求。
SYN-SENT: Client-side only. This socket has made a connection request and is waiting to see if it will be accepted.
SYN-SENT:仅客户端。 该套接字已发出连接请求,正在等待是否接受它。
SYN-RECEIVED: Server-side only. This socket is waiting for a connection acknowledgment after accepting a connection request.
SYN-RECEIVED:仅服务器端。 该套接字在接受连接请求后正在等待连接确认。
ESTABLISHED: Server and clients. A working connection has been established between the server and the client, allowing data to be transferred between the two.
成立:服务器和客户端。 服务器和客户端之间已建立工作连接,从而可以在两者之间传输数据。
FIN-WAIT-1: Server and clients. This socket is waiting for a connection termination request from the remote socket, or for an acknowledgment of a connection termination request that was previously sent from this socket.
FIN-WAIT-1:服务器和客户端。 该套接字正在等待来自远程套接字的连接终止请求,或者正在等待先前从该套接字发送的连接终止请求的确认。
FIN-WAIT-2: Server and clients. This socket is waiting for a connection termination request from the remote socket.
FIN-WAIT-2:服务器和客户端。 该套接字正在等待来自远程套接字的连接终止请求。
CLOSE-WAIT: Server and client. This socket is waiting for a connection termination request from the local user.
CLOSE-WAIT:服务器和客户端。 该套接字正在等待本地用户的连接终止请求。
CLOSING: Server and clients. This socket is waiting for a connection termination request acknowledgment from the remote socket.
关闭:服务器和客户端。 该套接字正在等待远程套接字的连接终止请求确认。
LAST-ACK: Server and client. This socket is waiting for an acknowledgment of the connection termination request it sent to the remote socket.
LAST-ACK:服务器和客户端。 该套接字正在等待对发送到远程套接字的连接终止请求的确认。
TIME-WAIT: Server and clients. This socket sent an acknowledgment to the remote socket to let it know that it received the remote socket’s termination request. It is now waiting to make sure that acknowledgment was received.
TIME-WAIT:服务器和客户端。 该套接字向远程套接字发送了一个确认,以使其知道已收到远程套接字的终止请求。 现在正在等待确保已收到确认。
CLOSED: There is no connection, so the socket has been terminated.
CLOSED:没有连接,因此套接字已终止。
The “Unix domain” columns are:
“ Unix域”列为:
Proto: The protocol used by this socket. It will be “unix.”
Proto:此套接字使用的协议。 它将是“ unix”。
RefCnt: Reference count. The number of attached processes connected to this socket.
RefCnt:参考计数。 连接到此套接字的附加进程数。
Flags: This is usually set to
ACC, which representsSO_ACCEPTON, meaning the socket is waiting for a connection request.SO_WAITDATA, shown asW, means there is data waiting to be read.SO_NOSPACE, shown asN, means there is no space to write data to the socket (i.e., the send buffer is full).标志:通常设置为
ACC,代表SO_ACCEPTON,表示套接字正在等待连接请求。 显示为WSO_WAITDATA表示有等待读取的数据。 显示为NSO_NOSPACE表示没有空间将数据写入套接字(即,发送缓冲区已满)。Type: The socket type. See the type table below.
类型:插座类型。 请参阅下面的类型表。
State: The state of the socket. See the state table below.
状态:套接字的状态。 请参阅下面的状态表。
I-Node: The file system inode associated with this socket.
节点:与此套接字关联的文件系统索引节点。
Path: The file system path to the socket.
路径 :套接字的文件系统路径。
The Unix domain socket type can be one of the following:
Unix域套接字类型可以是以下之一:
DGRAM: The socket is being used in datagram mode, using messages of fixed length. Datagrams are neither guaranteed to be reliable, sequenced, nor unduplicated.
DGRAM:套接字在数据报模式下使用,使用固定长度的消息。 数据报既不能保证可靠,无序又无重复。
STREAM: This socket is a stream socket. This is the commonplace “normal” type of socket connection. These sockets are designed to provide reliable sequenced (in-order) delivery of packets.
流:此套接字是流套接字。 这是普通的套接字连接“普通”类型。 这些套接字旨在提供可靠的数据包顺序(按顺序)传递。
RAW: This socket is being used as a raw socket. Raw sockets operate at the network level of the OSI Model and don’t reference TCP and UDP headers from the transport level.
RAW:此套接字被用作原始套接字。 原始套接字在OSI模型的网络级别上运行,并且不从传输级别引用TCP和UDP标头。
RDM: This socket is located on one end of a reliably delivered messages connection.
RDM:此套接字位于可靠传递的消息连接的一端。
SEQPACKET: This socket is operating as a sequential packet socket, which is another means of providing reliable, sequenced, and unduplicated packet delivery.
SEQPACKET:此套接字用作顺序数据包套接字,这是提供可靠,有序且无重复的数据包传递的另一种方法。
PACKET: Raw interface access socket. Packet sockets are used to receive or send raw packets at the device driver (i.e., data link layer) level of the OSI model.
程序包:原始接口访问套接字。 数据包套接字用于在OSI模型的设备驱动程序(即数据链路层)级别接收或发送原始数据包。
The Unix domain socket state can be one of the following:
Unix域套接字状态可以是以下之一:
FREE: This socket is unallocated.
FREE:未分配此套接字。
LISTENING: This socket is listening for incoming connection requests.
注意:此套接字正在侦听传入的连接请求。
CONNECTING: This socket is in the process of connecting.
CONNECTING:此套接字正在连接过程中。
CONNECTED: A connection has been established, and the socket is able to receive and transmit data.
已连接:已建立连接,并且套接字能够接收和传输数据。
DISCONNECTING: The connection is in the process of being terminated.
断开连接:连接正在终止中。
Wow, that’s a lot of information! Many of the netstat options refine the results in one way or another, but they don’t change the content too much. Let’s take a look.
哇,这是很多信息! 许多netstat选项以一种或另一种方式优化结果,但它们不会对内容进行太多更改。 让我们来看看。
按类型列出套接字 (Listing Sockets by Type)
The netstat -a command can provide more information than you need to see. If you only want or need to see the TCP sockets, you can use the -t (TCP) option to restrict the display to only show TCP sockets.
netstat -a命令可以提供比您需要看到的更多的信息。 如果只希望或需要查看TCP套接字,则可以使用-t (TCP)选项将显示限制为仅显示TCP套接字。
netstat -at | less
The display out is greatly reduced. The few sockets that are listed are all TCP sockets.
显示量大大减少。 列出的几个套接字都是TCP套接字。
The -u (UDP) and -x (UNIX) options behave in a similar way, restricting the results to the type of socket specified on the command line. Here’s the -u (UDP) option in use:
-u (UDP)和-x (UNIX)选项的行为类似,将结果限制为在命令行上指定的套接字类型。 这是正在使用的-u(UDP)选项:
netstat -au | less
Only UDP sockets are listed.
仅列出UDP套接字。
按状态列出套接字 (Listing Sockets by State)
To see the sockets that are in the listening or waiting state, use the -l (listening) option.
要查看处于侦听或等待状态的套接字,请使用-l (侦听)选项。
netstat -l | less
The sockets that are listed are those that are in the listening state.
列出的套接字是处于侦听状态的套接字。
This can be combined with the -t (TCP, -u (UDP) and -x (UNIX) options to further home in on the sockets of interest. Let’s look for listening TCP sockets:
可以将其与-t(TCP,-u(UDP)和-x(UNIX)选项结合使用,以进一步置入感兴趣的套接字中。让我们寻找侦听TCP套接字:
netstat -lt | less
Now, we see only TCP listening sockets.
现在,我们仅看到TCP侦听套接字。
协议网络统计 (Network Statistics by Protocol)
To see statistics for a protocol, use the -s (statistics) option and pass in the -t (TCP), -u (UDP), or -x (UNIX) options. If you just use the -s (statistics) option on its own, you’ll see statistics for all protocols. Let’s check the statistics for the TCP protocol.
要查看协议的统计信息,请使用-s (统计信息)选项,并传入-t (TCP), -u (UDP)或-x (UNIX)选项。 如果仅-s使用-s (统计信息)选项,则将看到所有协议的统计信息。 让我们检查一下TCP协议的统计信息。
netstat -st | less
A collection of statistics for the TCP connections is displayed in less.
TCP连接的统计信息集合显示在less 。
显示进程名称和PID (Showing Process Names and PIDs)
It can be useful to see the process ID (PID) of the process using a socket, together with the name of that process. The -p (program) option does just that. Let’s see what the PIDs and process names are for the processes using a TCP socket that is in the listening state. We use sudo to make sure we receive all of the information that is available, including any information that would normally require root permissions.
使用套接字查看进程的进程ID (PID)以及该进程的名称可能会很有用。 -p (程序)选项正是这样做的。 让我们看看使用处于侦听状态的TCP套接字的进程的PID和进程名是什么。 我们使用sudo来确保我们收到所有可用的信息,包括通常需要root权限的所有信息。
sudo netstat -p -at
Here’s that output in a formatted table:
这是格式化表格中的输出:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost:domain 0.0.0.0:* LISTEN 6927/systemd-resolv
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 751/sshd
tcp 0 0 localhost:ipp 0.0.0.0:* LISTEN 7687/cupsd
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN 1176/master
tcp6 0 0 [::]:ssh [::]:* LISTEN 751/sshd
tcp6 0 0 ip6-localhost:ipp [::]:* LISTEN 7687/cupsd
tcp6 0 0 ip6-localhost:smtp [::]:* LISTEN 1176/master
We’ve got an extra column called “PID/program name.” This column lists the PID and name of the process using each of the sockets.
我们还有一个名为“ PID /程序名称”的列。 此列列出了使用每个套接字的PID和进程名称。
列出数字地址 (Listing Numeric Addresses)
Another step we can take to remove some ambiguity is to display the local and remote addresses as IP addresses instead of their resolved domain and hostnames. If we use the -n (numeric) option, the IPv4 addresses are shown in dotted-decimal format:
我们可以采取的消除歧义的另一步骤是将本地和远程地址显示为IP地址,而不是其解析的域和主机名。 如果我们使用-n (数字)选项,则IPv4地址以点分十进制格式显示:
sudo netstat -an | less
The IP addresses are shown as numeric values. The port numbers are also shown, separated by a colon ” : ” from the IP Address.
IP地址显示为数值。 还显示了端口号,并在IP地址中用冒号“ : ”分隔。
An IP address of 127.0.0.1 shows that the socket is bound to the loopback address of the local computer. You can think of an IP address of 0.0.0.0 as meaning the “default route” for local addresses, and “any IP address” for foreign addresses. IPv6 addresses shown as “::” are also all zero addresses.
IP地址127.0.0.1表明套接字已绑定到本地计算机的环回地址 。 您可以将IP地址0.0.0.0理解为本地地址的“默认路由”和外部地址的“任何IP地址”。 显示为“ :: ”的IPv6地址也都是零地址。
The ports that are listed can be easily checked to see what their usual purpose is:
22: This is the Secure Shell (SSH) listening port.
22:这是安全外壳 (SSH)侦听端口。
25: This the Simple Mail Transfer Protocol (SMTP) listening port.
25:这是简单邮件传输协议 (SMTP)侦听端口。
53: This is the Domain Name System (DNS) listening port.
53:这是域名系统 (DNS)侦听端口。
68: This is the Dynamic Host Configuration Protocol (DHCP) listening port.
68:这是动态主机配置协议 (DHCP)侦听端口。
631: This is the Common UNIX Printing System (CUPS) listening port.
631:这是通用UNIX打印系统 (CUPS)侦听端口。
显示路由表 (Displaying the Routing Table)
The -r (route) option displays the kernel routing table.
-r (路由)选项显示内核路由表。
sudo netstat -r
Here’s that output in a neat table:
这是一个整洁的表中的输出:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default Vigor.router 0.0.0.0 UG 0 0 0 enp0s3
link-local 0.0.0.0 255.255.0.0 U 0 0 0 enp0s3
192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s3
And, here’s what the columns mean:
并且,这是各列的含义:
Destination: The destination network or destination host device (if the destination is not a network).
目标:目标网络或目标主机设备(如果目标不是网络)。
Gateway: The gateway address. An asterisk “
*” appears here if a gateway address is not set.网关:网关地址。 如果未设置网关地址,则在此处显示星号“
*”。Genmask: The subnet mask for the route.
Genmask:路由的子网掩码。
Flags: See the flags table, below.
标志:请参阅下面的标志表。
MSS: Default Maximum Segment Size for TCP connections over this route—this is the largest amount of data that can be received in one TCP segment.
MSS:此路由上TCP连接的默认最大段大小 -这是一个TCP段中可以接收的最大数据量。
Window: The default window size for TCP connections over this route, indicating the number of packets that can be transferred and received before the receiving buffer is full. In practice, the packets are consumed by the receiving application.
窗口:此路由上TCP连接的默认窗口大小 ,指示在接收缓冲区已满之前可以传输和接收的数据包数。 实际上,数据包由接收应用程序使用。
irtt: The Initial Round Trip Time. This value is referenced by the kernel to make dynamic adjustments to TCP parameters for remote connections that are slow to respond.
irtt:初始往返时间 。 内核引用该值以对响应较慢的远程连接的TCP参数进行动态调整。
Iface: The network interface from which the packets sent over this route are transmitted.
Iface:网络接口,通过该接口传输通过此路由发送的数据包。
The flags value can be one of:
标志值可以是以下之一:
U: The route is up.
U:路线已上。
H: Target is a host and the only destination possible on this route.
H:目标是主机,并且是此路由上可能的唯一目的地。
G: Use the gateway.
G:使用网关。
R: Reinstate the route for dynamic routing.
R:恢复动态路由。
D: Dynamically installed by the routing daemon.
D:由路由守护程序动态安装。
M: Modified by the routing daemon when it received an Internet Control Message Protocol (ICMP) packet.
M:由路由守护程序在收到Internet控制消息协议 (ICMP)数据包时进行修改。
A: Installed by
addrconf, the automated DNS and DHCP config file generator.答:由自动DNS和DHCP配置文件生成器
addrconf安装。C: Cache entry.
C:缓存条目。
!: Reject route.
!:拒绝路线。
查找进程使用的端口 (Finding the Port Used by a Process)
If we pipe the output of netstat through grep, we can search for a process by name and identify the port it is using. We use the -a (all), -n (numeric) and -p (program) options used previously, and search for “sshd.”
如果我们通过grep传递netstat的输出,则可以按名称搜索进程并标识其使用的端口。 我们使用先前使用的-a (所有), -n (数字)和-p (程序)选项,并搜索“ sshd”。
sudo netstat -anp | grep "sshd"
grep finds the target string, and we see that the sshd daemon is using port 22.
grep找到目标字符串,我们看到sshd守护程序正在使用端口22。
Of course, we can also do this in reverse. If we search for “:22”, we can find out which process is using that port, if any.
当然,我们也可以相反地这样做。 如果我们搜索“:22”,我们可以找出哪个进程正在使用该端口(如果有)。
sudo netstat -anp | grep ":22"
This time grep finds the “:22” target string, and we see that the process using this port is the sshd daemon, process ID 751.
这次grep找到了“:22”目标字符串,我们看到使用此端口的进程是sshd守护程序,进程ID 751。
列出网络接口 (List the Network Interfaces)
The -i (interfaces) option will display a table of the network interfaces that netstat can discover.
-i (接口)选项将显示netstat可以发现的网络接口的表。
sudo netstat -i
Here’s the output in a more legible fashion:
这是更清晰易懂的输出:
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
enp0s3 1500 4520671 0 0 0 4779773 0 0 0 BMRU
lo 65536 30175 0 0 0 30175 0 0 0 LRU
This is what the columns mean:
这是列的含义:
Iface: The name of the interface. The
enp0s3interface is the network interface to the outside world, and thelointerface is the loopback interface. The loopback interface enables processes to intercommunicate within the computer using networking protocols, even if the computer is not connected to a network.Iface:接口的名称。
enp0s3接口是与外界的网络接口,而lo接口是回送接口。 使用环回接口,即使计算机未连接到网络,进程也可以使用网络协议在计算机内进行相互通信。MTU: The Maximum Transmission Unit (MTU). This is the largest “packet” that can be sent. It consists of a header containing routing and protocol flags, and other metadata, plus the data that is actually being transported.
MTU: 最大传输单位 (MTU)。 这是可以发送的最大“数据包”。 它由包含路由和协议标志的标头以及其他元数据以及实际传输的数据组成。
RX-OK: The number of packets received, with no errors.
RX-OK:接收的数据包数量,无错误。
RX-ERR: The number of packets received, with errors. We want this to be as low as possible.
RX-ERR:收到的有错误的数据包数。 我们希望它尽可能低。
RX-DRP: The number of packets dropped (i.e., lost). We also want this to be as low as possible.
RX-DRP:丢弃(即丢失)的数据包数量。 我们还希望该值尽可能低。
RX-OVR: Number of packets lost due to overflows when receiving. This usually means that the receiving buffer was full and could not accept any more data, but more data was received and had to be discarded. The lower this figure, the better, and zero is perfect.
RX-OVR:接收时由于溢出而丢失的包数。 这通常意味着接收缓冲区已满,无法再接收任何数据,但是接收到更多数据,必须将其丢弃。 该数字越低越好,零是完美的。
TX-OK: The number of packets transmitted, with no errors.
TX-OK:传输的数据包数量,无错误。
RX-ERR: The number of packets transmitted, with errors. We want this to be zero.
RX-ERR:传输的包数,有错误。 我们希望它为零。
RX-DRP: The number of packets dropped when transmitting. Ideally, this should be zero.
RX-DRP:传输时丢弃的数据包数。 理想情况下,该值为零。
RX-OVR: The number of packets lost due to overflows when transmitting. This usually means the send buffer was full and could not accept any more data, but more data was was ready to be transmitted and had to be discarded.
RX-OVR:传输时由于溢出而丢失的数据包数。 这通常意味着发送缓冲区已满,无法再接受任何数据,但是更多数据已准备好传输,必须丢弃。
Flg: Flags. See the flags table below.
Flg:旗帜。 请参阅下面的标志表。
The flags represent the following:
这些标志表示以下内容:
B: A broadcast address is in use.
B:正在使用广播地址。
L: This interface is a loopback device.
L:此接口是回送设备。
M: All packets are being received (i.e., in promiscuous mode). Nothing is filtered or discarded.
M:正在接收所有分组(即,处于混杂模式)。 没有任何东西被过滤或丢弃。
O: Address Resolution Protocol (ARP) is turned off for this interface.
O:此接口的地址解析协议 (ARP)已关闭。
P: This is a Point-to-Point (PPP) connection.
P:这是点对点 (PPP)连接。
R: The interface is running.
R:接口正在运行。
U: The interface is up.
U:接口打开。
列出多播组成员资格 (List Multicast Group Memberships)
Simply put, a multicast transmission enables a packet to be sent only once, regardless of the number of recipients. For services such as video streaming, for example, this increases the efficiency from the sender’s point of view by a tremendous amount.
简而言之,无论接收者有多少, 多播传输都使数据包只能发送一次。 例如,对于视频流之类的服务,这从发送者的角度来看极大地提高了效率。
The -g (groups) option makes netstat list the multicast group membership of sockets on each interface.
-g (组)选项使netstat列出每个接口上套接字的多播组成员身份。
sudo netstat -g
The columns are quite simple:
这些列非常简单:
Interface: The name of the interface over which the socket is transmitting.
接口:套接字传输所经过的接口的名称。
RefCnt: The reference count, which is the number of processes attached to the socket.
RefCnt:引用计数,即连接到套接字的进程数。
Group: The name or identifier of the multicast group.
组:组播组的名称或标识符。
街上的新孩子 (The New Kids on the Block)
The route, ip, ifconfig, and ss commands can provide a lot of what netstat is capable of showing you. They’re all great commands and worth checking out.
route , ip , ifconfig和ss命令可以提供netstat可以向您显示的内容。 它们都是很棒的命令,值得一试。
We’ve focused on netstat because it is universally available, regardless of which Unix-like operating system you’re working on, even the obscure ones.
我们一直专注于netstat因为它是通用的,而不管您使用的是哪种类Unix操作系统,甚至是晦涩的操作系统。
翻译自: https://www.howtogeek.com/513003/how-to-use-netstat-on-linux/
linux netstat
2447
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
