netstat命令用于显示网络相关信息,主要包括网络连接、路由表接口状态等信息,常用查询unix、tcp、udp等网络、端口信息的查询。
直接执行无参数的 netstat 命令如下:
[root@iZ2ze4zhiwnwqxsc7wehwlZ ~]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 1 iZ2ze4zhiwnwqxsc7:45056 101.73.92.159:6379 SYN_SENT
tcp 0 1 iZ2ze4zhiwnwqxsc7:38036 101.73.92.41:6379 SYN_SENT
tcp 0 1 iZ2ze4zhiwnwqxsc7:39602 101.73.92.4:6379 SYN_SENT
tcp 0 1 iZ2ze4zhiwnwqxsc7:37946 101.73.92.191:6379 SYN_SENT
tcp 0 1 iZ2ze4zhiwnwqxsc7:44738 101.73.92.54:6379 SYN_SENT
。。。。。。。。。。。。。。。。。。。。。省略
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 4 [ ] DGRAM 1291 /run/systemd/notify
unix 2 [ ] DGRAM 1293 /run/systemd/cgroups-agent
unix 5 [ ] DGRAM 7874
。。。。。。。。。。。。。。。。。。。。。省略
显示信息分为两部分:
1、Active Internet connects,其参数含义如下:
- Proto:网络协议,如 tcp、udp等;
- Recv-Q:接收队列,如果为非0,表示有堆积数据;
- Send-Q:发送队列,如果为非0,表示发送消息数据有堆积;
- Local Address:本地路由表;
- Forengn Address:远端的ip(或者域名)、端口;
- State:套接字当前的状态;
2、Active UNIX domain sockets,其参数含义:
- RefCnt:链接到套接字的进程号;
- Flags:
- Type:套接口类型:流套接字(SOCK_STREAM)、数据报套接字(SOCK_DGRAM)、原始套接字(SOCK_RAW);
- I-Node:
- Path:连接到套接口的其它进程使用的路径名;
语法:netstat [选项]
- -a(--all):显示所有连线中的Socket;
- -A<网络类型>或--<网络类型>:列出该网络类型连线中的相关地址;
- -c或--continuous:持续列出网络状态;
- -C或--cache:显示路由器配置的快取信息;
- -e或--extend:显示网络其他相关信息;
- -F或--fib:显示FIB;
- -g或--groups:显示多重广播功能群组组员名单;
- -h或--help:在线帮助;
- -i或--interfaces:显示网络界面信息表单;
- -l或--listening:显示监控中的服务器的Socket;
- -M或--masquerade:显示伪装的网络连线;
- -n或--numeric:直接使用ip地址,而不通过域名服务器;
- -N或--netlink或--symbolic:显示网络硬件外围设备的符号连接名称;
- -o或--timers:显示计时器;
- -p或--programs:显示正在使用Socket的程序识别码和程序名称;
- -r或--route:显示Routing Table;
- -s或--statistice:显示网络工作信息统计表;
- -t或--tcp:显示TCP传输协议的连线状况;
- -u或--udp:显示UDP传输协议的连线状况;
- -v或--verbose:显示指令执行过程;
- -V或--version:显示版本信息;
- -w或--raw:显示RAW传输协议的连线状况;
- -x或--unix:此参数的效果和指定"-A unix"参数相同;
- --ip或--inet:此参数的效果和指定"-A inet"参数相同
常用的命令组合有:
1、显示所有的端口
- netstat -a:列出所有的端口;
- netstat -at:列出所有的tcp端口;
- netstat -au:列出所有的udp端口;
- netstat -ax:列出所有的unix端口;
[root@iZ2ze4zhiwnwqxsc7wehwlZ ~]# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
。。。。。。。。。。。。。。。。。。。。省略
[root@iZ2ze4zhiwnwqxsc7wehwlZ ~]# netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 1 iZ2ze4zhiwnwqxsc7:37122 211.248.66.194:6379 SYN_SENT
。。。。。。。。。。。。。。。。。。。。 省略
[root@iZ2ze4zhiwnwqxsc7wehwlZ ~]# netstat -au
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 0.0.0.0:bootpc 0.0.0.0:*
[root@iZ2ze4zhiwnwqxsc7wehwlZ ~]# netstat -ax
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 4 [ ] DGRAM 1291 /run/systemd/notify
unix 2 [ ACC ] STREAM LISTENING 204818 /run/systemd/private
。。。。。。。。。。。。。。。。。。。。 省略
2、显示监听端口
- netstat -l:列出所有的监听端口;
- netstat -lt:列出所有的tcp监听端口;
- netstat -lu:列出所有的udp监听端口;
- netstat -lx:列出所有的unix监听端口;
[root@iZ2ze4zhiwnwqxsc7wehwlZ ~]# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp6 0 0 [::]:33060 [::]:* LISTEN
tcp6 0 0 [::]:mysql [::]:* LISTEN
tcp6 0 0 [::]:6379 [::]:* LISTEN
udp 0 0 0.0.0.0:bootpc 0.0.0.0:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 204818 /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 14853 /usr/local/aegis/Aegis-
[root@iZ2ze4zhiwnwqxsc7wehwlZ ~]# netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp6 0 0 [::]:33060 [::]:* LISTEN
tcp6 0 0 [::]:mysql [::]:* LISTEN
tcp6 0 0 [::]:6379 [::]:* LISTEN
[root@iZ2ze4zhiwnwqxsc7wehwlZ ~]# netstat -lu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 0.0.0.0:bootpc 0.0.0.0:*
[root@iZ2ze4zhiwnwqxsc7wehwlZ ~]# netstat -lx
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 204818 /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 14853 /usr/local/aegis/Aegis-<Guid(5A2C30A2-A87D-490A-9281-6765EDAD7CBA)>
unix 2 [ ACC ] STREAM LISTENING 12342 /run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 11485209 /var/lib/mysql/mysql.sock
unix 2 [ ACC ] STREAM LISTENING 11484830 /var/run/mysqld/mysqlx.sock
unix 2 [ ACC ] STREAM LISTENING 7871 /run/systemd/journal/stdout
unix 2 [ ACC ] SEQPACKET LISTENING 10722 /run/udev/control
3、显示统计信息
- netstat -s:显示所有端口的统计信息;
- netstat -st:显示所有的 tcp端口统计信息;
- netstat -su:显示所有的 udp端口统计信息;
[root@iZ2ze4zhiwnwqxsc7wehwlZ ~]# netstat -s
Ip:
69524966 total packets received
0 forwarded
313 with unknown protocol
0 incoming packets discarded
69524637 incoming packets delivered
1397034739 requests sent out
8 outgoing packets dropped
133 dropped because of missing route
4 reassemblies required
2 packets reassembled ok
Icmp:
12838677 ICMP messages received
5918086 input ICMP message failed.
。。。。。。。。。。。。。。。。。省略
4、netstat -anp(netstat -anp| grep redis)常用查询命令
- -a:显示所有;
- -n:只显示ip不显示域名;
- -p:显示pid和进程名称;
经常配合 grep 服务名称,如grep redis查询服务启动的信息(redis监听ip和端口6379、进程号为21627),这里也可以使用 ps -ef| grep redis查询;
[root@iZ2ze4zhiwnwqxsc7wehwlZ ~]# netstat -anp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN
udp 0 0 0.0.0.0:68 0.0.0.0:* 755/dhclient
。。。。。。。。。。。。。。。。。。。。。省略
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 4 [ ] DGRAM 1291 1/systemd /run/systemd/notify
unix 2 [ ] DGRAM 1293 1/systemd
。。。。。。。。。。。。。。。。。。。。。省略
[root@iZ2ze4zhiwnwqxsc7wehwlZ ~]# netstat -anp|grep redis
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN 21627/./redis-serve
tcp 0 0 172.21.205.54:6379 61.132.13.105:56921 ESTABLISHED 21627/./redis-serve
tcp 0 0 172.21.205.54:6379 61.132.13.107:58132 ESTABLISHED 21627/./redis-serve
tcp 0 0 172.21.205.54:6379 61.132.13.106:53328 ESTABLISHED 21627/./redis-serve
tcp 0 0 172.21.205.54:6379 14.215.49.111:51059 ESTABLISHED 21627/./redis-serve
tcp 0 0 172.21.205.54:6379 61.132.13.108:60057 ESTABLISHED 21627/./redis-serve
tcp6 0 0 :::6379 :::* LISTEN 21627/./redis-serve
5、netstat -r(netstat -rn) 显示路由表信息
[root@iZ2ze4zhiwnwqxsc7wehwlZ ~]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default gateway 0.0.0.0 UG 0 0 0 eth0
link-local 0.0.0.0 255.255.0.0 U 0 0 0 eth0
172.21.192.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
[root@iZ2ze4zhiwnwqxsc7wehwlZ ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 172.21.207.253 0.0.0.0 UG 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
172.21.192.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
加上n,则不显示主机名称,只显示ip地址,显示字段含义为:
- Destination:目的ip地址;
- Gateway:路由;
- Genmask:
- Flags:
- MSS Windows:最大报文端大小;
- irtt Iface:
6、netstat -i(显示网络接口列表)
[root@iZ2ze4zhiwnwqxsc7wehwlZ ~]# netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 68775486 0 0 0 1395533857 0 0 0 BMRU
lo 65536 2407617 0 0 0 2407617 0 0 0 LRU
7、netstat -c(持续输出netstat信息)
[root@iZ2ze4zhiwnwqxsc7wehwlZ ~]# netstat -c
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 1 iZ2ze4zhiwnwqxsc7:37770 211-20-254-42.hine:6379 SYN_SENT
tcp 0 1 iZ2ze4zhiwnwqxsc7:42978 211-20-252-217.hin:6379 SYN_SENT
tcp 0 1 iZ2ze4zhi:crestron-cips 211-20-253-247.hin:6379 SYN_SENT
tcp 0 1 iZ2ze4zhiwnwqxsc7:37774 fw.onation.com.tw:6379 SYN_SENT
8、显示链接端口最多的服务ip地址统计
netstat -ant| grep "0.0.0.0:*" |awk '{print $5}'|awk -F: '{print $1}'|sort|uniq -c|sort -nr|head -20
2 0.0.0.0
[root@iZ2ze4zhiwnwqxsc7wehwlZ ~]# netstat -ant| grep "0.0.0.0:*" |awk '{print $5}'|awk -F: '{print $1}'|sort|uniq -c|sort -nr|head -20
2 0.0.0.0