netstat 命令可以帮助检查本机的网络状况,man netstat 可以看到对其的基本描述:
netstat - Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships
先来一个简单的例子,要显示tcp协议,使用-t参数,包括了tcp和tcp6
- netstat -t
- Active Internet connections (w/o servers)
- Proto Recv-Q Send-Q Local Address Foreign Address State
- tcp 0 0 localhost:59226 localhost:8527 ESTABLISHED
- tcp 0 0 bogon:44385 117.79.93.222:http TIME_WAIT
- tcp 0 0 localhost:8527 localhost:59305 CLOSE_WAIT
- tcp 0 0 localhost:8527 localhost:59235 ESTABLISHED
- tcp 0 1 bogon:36113 tf-in-f19.1e100.n:https SYN_SENT
- tcp 0 0 bogon:49941 117.79.93.196:http TIME_WAIT
- tcp 0 0 bogon:53574 117.79.93.208:http ESTABLISHED
- tcp 0 0 localhost:59259 localhost:8527 ESTABLISHED
数量太多,只显示了一部分。
添加一个-l参数,会只显示监听本地端口的TCP程序,现在一下子程序少了很多。
- netstat -tl
- Active Internet connections (only servers)
- Proto Recv-Q Send-Q Local Address Foreign Address State
- tcp 0 0 localhost:8527 *:* LISTEN
- tcp 0 0 *:http *:* LISTEN
- tcp 0 0 localhost:domain *:* LISTEN
- tcp 0 0 localhost:ipp *:* LISTEN
- tcp 0 0 *:https *:* LISTEN
- tcp6 0 0 ip6-localhost:8527 [::]:* LISTEN
- tcp6 0 0 ip6-localhost:ipp [::]:* LISTEN
注意上面的Local Address一列,显示的不是ip地址,而是localhost, 如果想要显示IP地址,添加一个参数-n
- netstat -tln
- Active Internet connections (only servers)
- Proto Recv-Q Send-Q Local Address Foreign Address State
- tcp 0 0 127.0.0.1:8527 0.0.0.0:* LISTEN
- tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
- tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
- tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
- tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
- tcp6 0 0 ::1:8527 :::* LISTEN
- tcp6 0 0 ::1:631 :::* LISTEN
如果还想显示进程名称和ID,再添加一个参数-p
- netstat -tlnp
- Active Internet connections (only servers)
- Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
- tcp 0 0 127.0.0.1:8527 0.0.0.0:* LISTEN 6506/ssh
- tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 889/nginx
- tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1268/dnsmasq
- tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 590/cupsd
- tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 889/nginx
- tcp6 0 0 ::1:8527 :::* LISTEN 6506/ssh
- tcp6 0 0 ::1:631 :::* LISTEN 590/cupsd
配合grep,就可以查找监听本地某端口的进程
- netstat -tlnp | grep 127.0.0.1:8527
- tcp 0 0 127.0.0.1:8527 0.0.0.0:* LISTEN 6506/ssh
配合awk,就可以快速找到进程名称
- netstat -tlnp | grep 127.0.0.1:8527 | awk '{print $7}'
- 7458/ssh
再做一次awk查找,去掉斜线后面的,只保留进程id
- netstat -tlnp | grep 127.0.0.1:8527 | awk '{print $7}' | awk -F '/' '{print $1}'
- 7458