命令参数里面没有p
[aaa@localhost ~]$ netstat -nl | grep -w 8013 | sed -r 's#.* (.*)/.*#\1#'| wc -l
0
命令参数里面,有p,提示必须为root
[aaa@localhost ~]$ netstat -nlp | grep -w 8013 | sed -r 's#.* (.*)/.*#\1#'| wc -l
(No info could be read for "-p": geteuid()=1005 but you should be root.)
0
netstat之我见
2010-12-29 22:23:43
Netstat用于显示与IP、TCP、UDP和ICMP协议相关的统计数据,一般用于检验本机各端口的网络连接情况。
基本上来说,netstat 的输出可以分成两个部分。一个是Active Internet connections,称为有源TCP连接,另一个是Active UNIX domain sockets,称为有源Unix域套接口。
例如:
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 2 210.34.6.89:telnet 210.34.6.96:2873 ESTABLISHED
tcp 296 0 210.34.6.89:1165 210.34.6.84:netbios-ssn ESTABLISHED
tcp 0 0 localhost.localdom:9001 localhost.localdom:1162 ESTABLISHED
tcp 0 0 localhost.localdom:1162 localhost.localdom:9001 ESTABLISHED
tcp 0 80 210.34.6.89:1161 210.34.6.10:netbios-ssn CLOSE
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 1 [ ] STREAM CONNECTED 16178 @000000dd
unix 1 [ ] STREAM CONNECTED 16176 @000000dc
unix 9 [ ] DGRAM 5292 /dev/log
unix 1 [ ] STREAM CONNECTED 16182 @000000df我经常使用的命令参数有:
-n 拒绝显示别名,能显示数字的全部转化成数字。例如它会将机器别名,端口别名和用户名别名都转化成相应的ID来表示。
hironics@ubuntu:~$ netstat -tn | head
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.1.15:46641 192.168.2.5:389 ESTABLISHED
tcp 0 0 127.0.0.1:6001 127.0.0.1:56555 ESTABLISHED
tcp 0 0 127.0.0.1:56557 127.0.0.1:6001 ESTABLISHED
tcp 0 0 192.168.1.15:47340 192.168.2.5:389 TIME_WAIT
tcp 0 0 192.168.1.15:22 58.196.148.35:3325 ESTABLISHED
tcp 0 0 192.168.1.15:47301 192.168.2.5:389 TIME_WAIT
tcp 0 0 192.168.1.15:45425 192.168.2.5:389 ESTABLISHED
如果不想讲所有选项都转化成数据,那么下面几个稍微长一点的参数可以只数字化某部分。
--numeric-ports 将端口数字化
--numeric-hosts 将主机数字化
-a 显示所有,即显示tcp网络连接和socket
-t 显示tcp
-u udp display
hironics@ubuntu:~$ netstat -tu | head
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 ubuntu:48507 192.168.2.5:ldap TIME_WAIT
tcp 0 0 ubuntu:46641 192.168.2.5:ldap ESTABLISHED
tcp 0 0 localhost:x11-1 localhost:56555 ESTABLISHED
tcp 0 0 localhost:56557 localhost:x11-1 ESTABLISHED
tcp 0 0 ubuntu:48499 192.168.2.5:ldap TIME_WAIT
tcp 0 0 ubuntu:48510 192.168.2.5:ldap TIME_WAIT
tcp 0 0 ubuntu:ssh 58.196.148.35:3325 ESTABLISHED
tcp 0 0 ubuntu:48514 192.168.2.5:ldap TIME_WAIT
-r 显示路由信息,路由表
hironics@ubuntu:~$ netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
localnet * 255.255.255.0 U 0 0 0 eth0
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
-p 显示建立相关链接的程序名
hironics@ubuntu:~$ netstat -tp | head
(No info could be read for "-p": geteuid()=45069 but you should be root.)
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 ubuntu:46641 192.168.2.5:ldap ESTABLISHED -
tcp 0 0 localhost:x11-1 localhost:56555 ESTABLISHED -
tcp 0 0 localhost:56557 localhost:x11-1 ESTABLISHED -
tcp 0 0 ubuntu:59993 192.168.2.5:ldap TIME_WAIT -
tcp 0 0 ubuntu:ssh 58.196.148.35:3325 ESTABLISHED -
tcp 0 0 ubuntu:ssh 220.181.6.65:1447 ESTABLISHED -
(因为安全原因,这里的程序没有显示出来)
-e 显示扩展信息,例如uid等
-i 显示物理接口信息,如发送/接受的包,物理卡状态等
hironics@ubuntu:~$ netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 6732915 0 0 0 6926534 0 0 0 BMRU
lo 16436 0 1247260 0 0 0 1247260 0 0 0 LRU
-s 按各个协议进行统计
hironics@ubuntu:~$ netstat -s
Ip:
7974976 total packets received
761 with invalid addresses
0 forwarded
0 incoming packets discarded
7974215 incoming packets delivered
7161960 requests sent out
Icmp:
757 ICMP messages received
1 input ICMP message failed.
ICMP input histogram:
destination unreachable: 164
timeout in transit: 3
echo requests: 475
echo replies: 115
603 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 8
echo request: 120
echo replies: 475
IcmpMsg:
InType0: 115
InType3: 164
InType8: 475
InType11: 3
OutType0: 475
OutType3: 8
OutType8: 120
Tcp:
109826 active connections openings
1959 passive connection openings
3021 failed connection attempts
613 connection resets received
72 connections established
7922629 segments received
7084857 segments send out
25548 segments retransmited
6 bad segments received.
3420 resets sent
Udp:
49868 packets received
6 packets to unknown port received.
0 packet receive errors
50952 packets sent
UdpLite:
TcpExt:
1 resets received for embryonic SYN_RECV sockets
323 packets pruned from receive queue because of socket buffer overrun
2 ICMP packets dropped because they were out-of-window
71996 TCP sockets finished time wait in fast timer
461 time wait sockets recycled by time stamp
35 packets rejects in established connections because of timestamp
128426 delayed acks sent
25 delayed acks further delayed because of locked socket
Quick ack mode was activated 4120 times
93843 packets directly queued to recvmsg prequeue.
115613 bytes directly in process context from backlog
77310727 bytes directly received in process context from prequeue
5051273 packet headers predicted
52995 packets header predicted and directly queued to user
458740 acknowledgments not containing data payload received
2753655 predicted acknowledgments
181 times recovered from packet loss due to fast retransmit
6922 times recovered from packet loss by selective acknowledgements
Detected reordering 2 times using FACK
Detected reordering 1 times using SACK
Detected reordering 2 times using time stamp
3 congestion windows fully recovered without slow start
3 congestion windows partially recovered using Hoe heuristic
32 congestion windows recovered without slow start by DSACK
1461 congestion windows recovered without slow start after partial ack
5442 TCP data loss events
158 timeouts after reno fast retransmit
1181 timeouts after SACK recovery
324 timeouts in loss state
11087 fast retransmits
3044 forward retransmits
529 retransmits in slow start
5275 other TCP timeouts
102 classic Reno fast retransmits failed
280 SACK retransmits failed
1 times receiver scheduled too late for direct processing
11103 packets collapsed in receive queue due to low socket buffer
5309 DSACKs sent for old packets
415 DSACKs sent for out of order packets
707 DSACKs received
108 connections reset due to unexpected data
361 connections reset due to early user close
985 connections aborted due to timeout
TCPDSACKIgnoredOld: 445
TCPDSACKIgnoredNoUndo: 150
TCPSpuriousRTOs: 36
-c 持续的执行这个命令
每隔一个固定时间,执行该netstat命令。
323
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
