关于 netstat
netstat命令用于打印网络连接、路由表、接口统计、masqueradeconnections, and multicastmemberships.
命令描述
netstat("network statistics") is acommand-linetool that displays network connections (both incoming and outgoing),routing tables, and a number of network interface (network interfacecontroller or software-defined network interface) and networkprotocol statistics.、
Itis used for finding problems in the network and to determine theamount of traffic on the network as a performance measurement.
命令使用
SYNOPSIS netstat [-venaoc] [--tcp|-t] [--udp|-u] [--raw|-w] [--groups|-g] [--unix|-x] [--inet|--ip] [--ax25] [--ipx] [--netrom] netstat [-veenc] [--inet] [--ipx] [--netrom] [--ddp] [--ax25] {--route|-r} netstat [-veenpac] {--interfaces|-i} [iface] netstat [-enc] {--masquerade|-M} netstat [-cn] {--netlink|-N} netstat {-V|--version} {-h|--help} DESCRIPTION Netstat displays information of the Linux networking sub- system. (no option) You can view the status of network connections by listing the open sockets. This is the default operation: If you don't specify any address families, then the active sock- ets of all configured address families will be printed. With -e you get some additional informations (userid). With the -v switch you can make netstat complain about known address families which are not supported by the ker- nel. The -o option displays some additional information on networking timers. Enabling the -p will show you the pro- cess PID and name of the program holding the socket. -a print all sockets, including the listening server sockets. The address family inet will display raw, udp and tcp sockets. -r, --route With the -r, --route option, you get the kernel routing tables in the same format as route -e use. netstat -er will use the output format of route. Please see route(8) for details. -g, --groups With the .BR -g ", " --groups option, multicast group mem- bership information for IPv4 and IPv6 is displayed. -i, --interface iface If you use the -i, --interfaces option, a table of all (or the specified iface) networking interfaces will be printed. The output uses the ifconfig -e format, and is described in ifconfig(8). netstat -ei will print a table or a single interface entry just like ifconfig does. With the -a switch, you can include interfaces which are not configured (i.e. don't have the U=UP flag set). -M, --masquerade A list of all masqueraded sessions can be viewed, too. With the -e switch you can include some more informations about sequenze numbering and deltas, caused by data rewrites on FTP sessions (PORT command). Masquerade sup- port is used to hide hosts with unofficial network addresses from the outside world, as described in ipfw(4),ipfwadm(8) and ipfw(8). -N, --netlink Recent kernels have a kernel/user communication support called netlink. You can get messages about creation or deletion of interfaces or routes from /dev/route (36,0). OPTIONS -v, --verbose Tell the user what is going on by being verbose. Espe- cially print some usefull informations about unconfigured address families. -n, --numeric shows numerical addresses instead of trying to determine symbolic host, port or user names. -p, --programs displays process name and PID of the owner of each socket it dumps. You have to be the owner of such process to have all it's sockets matched to it or generally root user will see all the necessary information in place. -A, --af family use a different method to set the address families. fam- ily is a comma (',') seperated list of address family key- words like inet, unix, ipx, ax25, netrom and ddp. This is has the same effect as using the long options --inet, --unix, --ipx, --ax25, --netrom and --ddp. -c, --continous This will cause netstat to print the selected table every second continously on the screen until you interrupt it. OUTPUT Active Internet connections (TCP, UDP, RAW) Proto The protocol (tcp, udp, raw) used by the socket. Recv-Q The count of bytes not copied by the user program con- nected to this socket. Send-Q The count of bytes not acknoledged by the remote host. Local Address The local address (local hostname) and port number of the socket. Unless the -n switch is given, the socket address is resolved to its canonical hostname, and the port number is translated into the corresponding service name. Foreign Address The remote address (remote hostname) and port number of he socket. As with the local address:port, the -n switch turns off hostname and service name resolution. State The state of the socket. Since there are no states in RAW and usually no states used in UDP, this row may be left blank. Normally this can be one of several values: ESTABLISHED The socket has an established connection. SYN_SENT The socket is actively attempting to establish a connection. SYN_RECV A connection request has been received from the network. FIN_WAIT1 The socket is closed, and the connection is shut- ting down. FIN_WAIT2 Connection is closed, and the socket is waiting for a shutdown from the remote end. TIME_WAIT The socket is waiting after close to handle packets still in the network. CLOSED The socket is not being used. CLOSE_WAIT The remote end has shut down, waiting for the socket to close. LAST_ACK The remote end shut down, and the socket is closed. Waiting for acknowledgement. LISTEN The socket is listening for incoming connections. Those sockets are only displayed if the -a,--lis- tening switch is set. CLOSING Both sockets are shut down but we still don't have all our data sent. UNKNOWN The state of the socket is unknown. User The name or the UID of the owner of the socket. PID/Program name Slash-separated pair of the PID and process name of the program holding this socket. Option -p enables display of this column. You will also need root privileges as you have to have access rights to process to be able to see the program's sockets matched up to it. This identifica- tion information is not yet available for IPX sockets. Timer (this needs to be written) Active UNIX domain Sockets Proto The protocol (usually unix) used by the socket. RefCnt The reference count (i.e. attached processes via this socket). Flags The flags displayed is SO_ACCEPTON (displayed as ACC), SO_WAITDATA (W) or SO_NOSPACE (N). SO_ACCECPTON is used on unconnected sockets if their corresponding processes are waiting for a connect request. The other flags are not of normal interest. Type There are several types of socket access: SOCK_DGRAM The socket is used in Datagram (connectionless) mode. SOCK_STREAM This is a stream (connection) socket. SOCK_RAW The socket is used as a raw socket. SOCK_RDM This one serves reliably-delivered messages. SOCK_SEQPACKET This is a sequential packet socket. SOCK_PACKET RAW interface access socket. UNKNOWN Who ever knows, what the future will bring us - just fill in here :-) State This field will contain one of the following Keywords: FREE The socket is not allocated LISTENING The socket is listening for a connection request. Those sockets are only displayed if the -a,--lis- tening switch is set. CONNECTING The socket is about to establish a connection. CONNECTED The socket is connected. DISCONNECTING The socket is disconnecting. (empty) The socket is not connected to another one. UNKNOWN This state should never happen. PID/Program name PID and process name of the program holding this socket. More info available in Active Internet connections section written above. Path This displays the path name as which the corresponding processes attached to the socket. Active IPX sockets (this needs to be done by somebody who knows it) Active NET/ROM sockets (this needs to be done by somebody who knows it) Active AX.25 sockets (this needs to be done by somebody who knows it) NOTES Since kernel release 2.2 netstat -i does not display interface statistics for alias interfaces anymore. To get per alias interface counters you need to setup explicit rules using the ipchains(8) command.
命令使用实例
1.netsta -a
列出所有接口的连接
2.netstat -at
列出所有tcp连接信息
3.netstat -au
列出所有udp连接信息
4.netstat -l
列出所有活动的处于监听状态的接口信息
子命令
netstat -lt 仅显示tcp连接
netstat -lu 仅显示udp连接
netstat -lx 仅显示unix套接字连接
5.
netstat -s
统计所有协议的活动信息
子命令
netstat -st 仅统计tcp协议信息
netstat -su 仅统计udp协议信息
6.
netstat -tp
显示服务名以及进程ID
7.
netstat -r
显示核心IP路由表
8.
netstat -g
显示多播组成员信息(包括IPV4,IPV6)
9.
netstat -c
间隔几秒不断的显示网络状态信息(netsat -a).
参考:
1.http://www.computerhope.com/unix/unetstat.htm
2.http://www.tecmint.com/20-netstat-commands-for-linux-network-management/
3.http://www.thegeekstuff.com/2010/03/netstat-command-examples
4.http://www.skrenta.com/rt/man/netstat.8.html
1102
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
