netstat 命令

netstat 命令可以帮助检查本机的网络状况，man netstat 可以看到对其的基本描述：

netstat - Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships

先来一个简单的例子，要显示tcp协议，使用-t参数，包括了tcp和tcp6

[plain]  view plain copy

1.  netstat -t  
2. Active Internet connections (w/o servers)  
3. Proto Recv-Q Send-Q Local Address           Foreign Address         State        
4. tcp        0      0 localhost:59226         localhost:8527          ESTABLISHED  
5. tcp        0      0 bogon:44385             117.79.93.222:http      TIME_WAIT    
6. tcp        0      0 localhost:8527          localhost:59305         CLOSE_WAIT   
7. tcp        0      0 localhost:8527          localhost:59235         ESTABLISHED  
8. tcp        0      1 bogon:36113             tf-in-f19.1e100.n:https SYN_SENT     
9. tcp        0      0 bogon:49941             117.79.93.196:http      TIME_WAIT    
10. tcp        0      0 bogon:53574             117.79.93.208:http      ESTABLISHED  
11. tcp        0      0 localhost:59259         localhost:8527          ESTABLISHED  

数量太多，只显示了一部分。

添加一个-l参数，会只显示监听本地端口的TCP程序，现在一下子程序少了很多。

[plain]  view plain copy

1. netstat -tl  
2. Active Internet connections (only servers)  
3. Proto Recv-Q Send-Q Local Address           Foreign Address         State        
4. tcp        0      0 localhost:8527          *:*                     LISTEN       
5. tcp        0      0 *:http                  *:*                     LISTEN       
6. tcp        0      0 localhost:domain        *:*                     LISTEN       
7. tcp        0      0 localhost:ipp           *:*                     LISTEN       
8. tcp        0      0 *:https                 *:*                     LISTEN       
9. tcp6       0      0 ip6-localhost:8527      [::]:*                  LISTEN       
10. tcp6       0      0 ip6-localhost:ipp       [::]:*                  LISTEN   

注意上面的Local Address一列，显示的不是ip地址，而是localhost, 如果想要显示IP地址，添加一个参数-n

[plain]  view plain copy

1. netstat -tln  
2. Active Internet connections (only servers)  
3. Proto Recv-Q Send-Q Local Address           Foreign Address         State        
4. tcp        0      0 127.0.0.1:8527          0.0.0.0:*               LISTEN       
5. tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN       
6. tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN       
7. tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN       
8. tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN       
9. tcp6       0      0 ::1:8527                :::*                    LISTEN       
10. tcp6       0      0 ::1:631                 :::*                    LISTEN   

如果还想显示进程名称和ID，再添加一个参数-p

[plain]  view plain copy

1. netstat -tlnp  
2. Active Internet connections (only servers)  
3. Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name  
4. tcp        0      0 127.0.0.1:8527          0.0.0.0:*               LISTEN      6506/ssh          
5. tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      889/nginx         
6. tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      1268/dnsmasq      
7. tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      590/cupsd         
8. tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      889/nginx         
9. tcp6       0      0 ::1:8527                :::*                    LISTEN      6506/ssh          
10. tcp6       0      0 ::1:631                 :::*                    LISTEN      590/cupsd   

配合grep，就可以查找监听本地某端口的进程

[plain]  view plain copy

1. netstat -tlnp | grep 127.0.0.1:8527  
2. tcp        0      0 127.0.0.1:8527          0.0.0.0:*               LISTEN      6506/ssh  

配合awk，就可以快速找到进程名称

[plain]  view plain copy

1. netstat -tlnp | grep 127.0.0.1:8527 | awk '{print $7}'  
2. 7458/ssh  

再做一次awk查找，去掉斜线后面的，只保留进程id

[plain]  view plain copy

1. netstat -tlnp | grep 127.0.0.1:8527 | awk '{print $7}' | awk -F '/' '{print $1}'  
2. 7458