The term “netstat” stands for Network Statistics. In layman’s terms, netstat command displays the current network connections, networking protocol statistics, and a variety of other interfaces.
术语“ netstat”代表网络统计信息。 用外行术语来说,netstat命令显示当前的网络连接,网络协议统计信息以及各种其他接口。
If we enter netstat in the terminal, without any background knowledge of computer networking, the system throws a wide range of networking jargon at us. It is the responsibility of the programmer to extract important information while flushing out the rest.
如果我们在终端中输入netstat ,而没有任何计算机联网的背景知识,则系统会向我们抛出各种各样的网络术语。 程序员有责任在清除其余信息的同时提取重要信息。
In this article, we will answer some of the queries related to computer networking using the netstat command.
在本文中,我们将使用netstat命令回答一些与计算机网络相关的查询。
使用Netstat命令识别活动的网络连接 (Identify Active Network Connections Using the Netstat Command)
To display all the active network connections in Linux, we use
要显示Linux中所有活动的网络连接,我们使用
netstat -a
Output:
输出:
The standard output contains six columns:
标准输出包含六列:
- Proto (Protocol) – The type of protocol used for the network connection, like TCP, UDP, etc. 协议(Protocol) –用于网络连接的协议类型,例如TCP,UDP等。
- Recv-Q (Receiving Queue) – The amount of data (in bytes) in the waiting queue for the socket. Recv-Q(接收队列) –等待套接字的套接字中的数据量(以字节为单位)。
- Send-Q (Sending Queue) – The amount of data (in bytes) in the sending queue for the socket. Send-Q(发送队列) –套接字的发送队列中的数据量(以字节为单位)。
- Addresses – Each address contains the name of the host followed by ‘:’ and a port number
- Local Address – The address of the computer in which
netstatcommand is running. - Foreign Address – The address of the computer which is on the other end of the network.
- 本地地址 –运行
netstat命令的计算机的地址。 - 外部地址 –位于网络另一端的计算机的地址。
- Local Address – The address of the computer in which
- State – The state of each network connection. 状态 –每个网络连接的状态。
To understand this better, suppose we open a website www.lookip.net. On running the command:
为了更好地理解这一点,假设我们打开一个网站www.lookip.net 。 运行命令时:
netstat -a | grep lookip.net
We will get the following output:
我们将得到以下输出:
As it quite clear that, we extracted all the network connections in progress with a particular foreign address. In the command, ‘|‘ is used to pass the output of one sub-command to another, whereas grep is a searching tool in Linux.
显然,我们使用特定的外部地址提取了所有正在进行的网络连接。 在命令中,' | '用于将一个子命令的输出传递给另一个子命令,而grep是Linux中的搜索工具。
Note: This technique cannot be applied for all kinds of websites since not every website has a foreign address matching the URL.
注意:由于并非每个网站都有与URL匹配的外部地址,因此该技术无法应用于所有类型的网站。
To further experiment with the data provided by the netstat command, we can write commands focusing on protocols, addresses, or states:
为了进一步试验netstat命令提供的数据,我们可以编写针对协议,地址或状态的命令:
Display all established connections
显示所有已建立的连接
netstat -a | grep ESTABLISHED
Display all TCP connections in listening state
显示所有处于侦听状态的TCP连接
netstat -a | grep tcp | grep LISTEN
Instead of creating custom commands, Linux provides some in-built options for fetching specific information.
Linux提供了一些内置选项来获取特定信息,而不是创建自定义命令。
基于协议过滤 (Filtering based on Protocols)
For TCP specific queries, -t option is used. To display only the TCP connections:
对于TCP特定查询,使用-t选项。 要仅显示TCP连接:
netstat -at
Note: To apply multiple filters in a single netstat command, the options are appended.
注意:要在单个netstat命令中应用多个过滤器,将附加这些选项。
For UDP specific queries, -u option is used. To display all the sockets following UDP :
对于UDP特定查询,使用 -u 选项。 要显示所有遵循UDP的套接字:
netstat -au
基于状态的选项: (State-based option:)
To display all listening sockets:
要显示所有监听套接字:
netstat -l
使用Netstat使用网络连接识别程序 (Identify the programs using network connections using Netstat)
To fetch the programs and their process IDs, we use:
要获取程序及其进程ID,我们使用:
netstat -p
For TCP specific programs:
对于TCP特定程序:
netstat -pt
Output :
输出:
As we can notice, Chrome is accessing the internet with the process id as 16648. This information can be used to kill or stop any program accessing some network without the knowledge of the user.
我们可以注意到,Chrome正在使用进程ID为16648的Internet进行访问。这些信息可用于杀死或阻止任何程序在不知情的情况下访问某个网络。
Note: It may happen that some program information might be hidden if the current user is not the root user. To become a root user in Linux, the command sudo su and entering the password can help. For further information, refer to this.
注意:如果当前用户不是root用户,则可能会隐藏某些程序信息。 要成为Linux的root用户,可以使用sudo su命令并输入密码。 欲了解更多信息,请参阅此 。
使用Netstat命令列出每个网络连接的IP地址 (Using the Netstat Command to List IP Addresses of Each Network Connection)
For fetching all the data related to IP addresses and ports numerically, we use:
为了以数字方式获取与IP地址和端口有关的所有数据,我们使用:
netstat -n
We can display addresses numerically for programs following TCP by:
我们可以通过以下方式以数字方式显示遵循TCP的程序的地址:
netstat -ptn
Output:
输出:
The difference is very vivid as we can see the IP addresses as well as port numbers for each connection.
区别非常明显,因为我们可以看到每个连接的IP地址和端口号。
每个协议的统计数据是什么? (What are the statistics for each protocol?)
To access the summary statistics for each type of protocol using the netstat command, we run:
要使用netstat命令访问每种协议的摘要统计信息,我们运行:
netstat -s
Output:
输出:
使用Netstat命令显示路由表 (Using the Netstat Command to Display the Routing Table)
Any device on a network needs to decide where to route the data packets. The routing table contains information to make these decisions. To acquire the contents of the routing table in numerics, we use the following command option:
网络上的任何设备都需要决定将数据包路由到何处。 路由表包含做出这些决定的信息。 要获取数字形式的路由表的内容,我们使用以下命令选项:
netstat -rn
Output:
输出:
The kernel routing table consists of the following columns:
内核路由表由以下几列组成:
- Destination – The address of the destination computer. 目标 –目标计算机的地址。
- Gateway – The intermediate gateway address. 网关 –中间网关地址。
- Genmask – The netmask which used to specify available hosts in a network. Genmask –网络掩码,用于指定网络中的可用主机。
- Flags – Specifies which kind of routing. 标志 –指定哪种路由。
- MSS – Default Maximum Segment Size MSS –默认最大段大小
- Window – Default Window Size 窗口 –默认窗口大小
- irtt (Initial Round Trip Time) – Total time to send a signal and receive its acknowledgment. irtt (初始往返时间) –发送信号并接收其确认的总时间。
- Iface (Interface) – The interface through which the packets will be routed. Iface (接口) –数据包将通过其路由的接口。
Note: The columns having zero value means that the default size is being used.
注意:具有零值的列表示正在使用默认大小。
列出活动的网络接口 (List out the active network interfaces)
To access any information from the internet, there has to be some link between the system and the network. That point of interconnection is provided by a network interface. We run the command:
要从Internet访问任何信息,系统与网络之间必须存在某些链接。 互连点由网络接口提供。 我们运行命令:
netstat -i
Output:
输出:
The kernel interface table comprises of:
内核接口表包括:
- Iface (Interface) – The kind of interface Iface(接口) –界面类型
- MTU – Maximum Transmission Unit MTU –最大传输单位
- RX – Received packets RX –收到的数据包
- TX – Transmitted packets TX –发送的数据包
- OK – Error-free packets OK –无错误的数据包
- ERR – Packets with some error ERR –数据包有一些错误
- DRP – Dropped packets DRP –丢包
- OVR – Packets lost due to overflow OVR –数据包由于溢出而丢失
- Flg – Flags defining interface configuration Flg –定义接口配置的标志
The command netstat features a wide range of knowledge which makes it impossible, to sum up in just one article. We can always refer man pages in Linux by:
netstat具有广泛的知识,仅凭一篇文章就无法总结。 我们总是可以通过以下方式引用Linux中的手册页:
man netstat
and to learn more about netstat options we can ask help in terminal by:
要了解有关netstat选项的更多信息,我们可以通过以下方式在终端中寻求帮助:
netstat -h
参考文献: (References:)
翻译自: https://www.journaldev.com/41196/netstat-command-in-linux
1771
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
