文章目录
netstat
netstat - Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships
打印网络连接、路由表、接口统计信息、伪装连接和多播成员关系
列出所有处于监听状态的 Sockets -l
-l, --listening
Show only listening sockets. (These are omitted by default.)
只显示监听套接字。(默认情况下省略这些。)
netstat -l #只显示监听端口
netstat -lt #只列出所有监听 tcp 端口
netstat -lu #只列出所有监听 udp 端口
netstat -lx #只列出所有监听 UNIX 端口
输出解释
OUTPUT
Active Internet connections (TCP, UDP, raw)
主动互联网连接(TCP, UDP, raw)
Proto
The protocol (tcp, udp, raw) used by the socket.
套接字使用的协议(tcp、udp、raw)。
Recv-Q
The count of bytes not copied by the user program connected to this socket.
连接到此套接字的用户程序未复制的字节数。
Send-Q
The count of bytes not acknowledged by the remote host.
远程主机不承认的字节数。
Local Address
Address and port number of the local end of the socket. Unless the --numeric (-n) option is specified, the socket address is resolved to its canonical host name (FQDN), and the port number is translated into the corresponding
service name.
套接字的本地端地址和端口号。除非指定——numeric (-n)选项,否则套接字地址将解析为它的规范主机名(FQDN),端口号将被转换为相应的服务名。
Foreign Address
Address and port number of the remote end of the socket. Analogous to "Local Address."
套接字的远程端地址和端口号。类似于“本地地址”。
State
The state of the socket. Since there are no states in raw mode and usually no states used in UDP, this column may be left blank. Normally this can be one of several values:
套接字的状态。由于在raw模式中没有状态,而且UDP中通常也没有使用状态,所以这一列可能是空的。通常这可以是几个值之一:
ESTABLISHED
The socket has an established connection.
套接字具有已建立的连接。
SYN_SENT
The socket is actively attempting to establish a connection.
套接字正在积极尝试建立连接。
SYN_RECV
A connection request has been received from the network.
已从网络接收到连接请求。
FIN_WAIT1
The socket is closed, and the connection is shutting down.
插座关闭,连接正在关闭。
FIN_WAIT2
Connection is closed, and the socket is waiting for a shutdown from the remote end.
连接已关闭,套接字正在等待远程端关闭。
TIME_WAIT
The socket is waiting after close to handle packets still in the network.
套接字在关闭后等待处理仍然在网络中的数据包。
CLOSE The socket is not being used.
没有使用套接字。
CLOSE_WAIT
The remote end has shut down, waiting for the socket to close.
远程端已关闭,等待套接字关闭。
LAST_ACK
The remote end has shut down, and the socket is closed. Waiting for acknowledgement.
远程端已关闭,插座已关闭。等待确认。
LISTEN The socket is listening for incoming connections. Such sockets are not included in the output unless you specify the --listening (-l) or --all (-a) option.
套接字正在监听传入的连接。除非指定——listening (-l)或——all (-a)选项,否则此类套接字不会包含在输出中。
CLOSING
Both sockets are shut down but we still don't have all our data sent.
两个套接字都关闭了,但是我们仍然没有发送所有的数据。
UNKNOWN
The state of the socket is unknown.
套接字的状态未知。
User
The username or the user id (UID) of the owner of the socket.
套接字所有者的用户名或用户id (UID)。
PID/Program name
Slash-separated pair of the process id (PID) and process name of the process that owns the socket.
进程id (PID)和拥有套接字的进程的进程名的斜杠分隔对。
--program causes this column to be included.
You will also need superuser privileges to see this information on sockets you don't own.
This identification information is not yet available for IPX sockets.
Timer
(this needs to be written)
Active UNIX domain Sockets
Proto
The protocol (usually unix) used by the socket.
套接字使用的协议(通常是unix)。
RefCnt
The reference count (i.e. attached processes via this socket).
引用计数(即通过此套接字附加的进程)。
Flags
The flags displayed is SO_ACCEPTON (displayed as ACC), SO_WAITDATA (W) or SO_NOSPACE (N). SO_ACCECPTON is used on unconnected sockets if their corresponding processes are waiting for a connect request. The other flags are not
of normal interest.
显示的标志是SO_ACCEPTON(显示为ACC)、SO_WAITDATA (W)或SO_NOSPACE (N)。其他标志不具有正常的意义。
Type
There are several types of socket access:
有几种类型的插座访问:
SOCK_DGRAM
The socket is used in Datagram (connectionless) mode.
套接字用于数据报(无连接)模式。
SOCK_STREAM
This is a stream (connection) socket.
这是一个流(连接)套接字。
SOCK_RAW
The socket is used as a raw socket.
套接字用作原始套接字。
SOCK_RDM
This one serves reliably-delivered messages.
这个服务可靠地传递消息。
SOCK_SEQPACKET
This is a sequential packet socket.
这是一个顺序的数据包套接字。
SOCK_PACKET
Raw interface access socket.
原始接口访问套接字。
UNKNOWN
Who ever knows what the future will bring us - just fill in here :-)
谁知道未来会给我们带来什么呢?
State
This field will contain one of the following Keywords:
该字段将包含以下关键字之一:
FREE The socket is not allocated
LISTENING
The socket is listening for a connection request. Such sockets are only included in the output if you specify the --listening (-l) or --all (-a) option.
CONNECTING
The socket is about to establish a connection.
CONNECTED
The socket is connected.
DISCONNECTING
The socket is disconnecting.
(empty)
The socket is not connected to another one.
UNKNOWN
This state should never happen.
PID/Program name
Process ID (PID) and process name of the process that has the socket open. More info available in Active Internet connections section written above.
进程ID (PID)和打开套接字的进程的进程名。更多信息可在上面写的活动互联网连接部分。
Path
This is the path name as which the corresponding processes attached to the socket.
这是对应进程附加到套接字的路径名。
Active IPX sockets
(this needs to be done by somebody who knows it)
Active NET/ROM sockets
(this needs to be done by somebody who knows it)
Active AX.25 sockets
(this needs to be done by somebody who knows it)
FILES
/etc/services -- The services translation file
/proc -- Mount point for the proc filesystem, which gives access to kernel status information via the following files.
/proc/net/dev -- device information
/proc/net/raw -- raw socket information
/proc/net/tcp -- TCP socket information
/proc/net/udp -- UDP socket information
/proc/net/igmp -- IGMP multicast information
/proc/net/unix -- Unix domain socket information
/proc/net/ipx -- IPX socket information
/proc/net/ax25 -- AX25 socket information
/proc/net/appletalk -- DDP (appletalk) socket information
/proc/net/nr -- NET/ROM socket information
/proc/net/route -- IP routing information
/proc/net/ax25_route -- AX25 routing information
/proc/net/ipx_route -- IPX routing information
/proc/net/nr_nodes -- NET/ROM nodelist
/proc/net/nr_neigh -- NET/ROM neighbours
/proc/net/ip_masquerade -- masqueraded connections
/proc/net/snmp -- statistics
2008-11-16
从整体上看,netstat的输出结果可以分为两个部分:
一个是Active Internet connections,称为有源TCP连接,其中"Recv-Q"和"Send-Q"指的是接收队列和发送队列,这些数字一般都应该是0。如果不是则表示软件包正在队列中堆积,这种情况非常少见。
另一个是Active UNIX domain sockets,称为有源Unix域套接口(和网络套接字一样,但是只能用于本机通信,性能可以提高一倍)。
列出所有端口 (包括监听和未监听的) -a
-a, --all
Show both listening and non-listening sockets. With the --interfaces option, show interfaces that are not up
同时显示监听和非监听套接字。使用——interfaces选项,显示未打开的接口
netstat -a #列出所有端口
netstat -at #列出所有tcp端口
netstat -au #列出所有udp端口
显示每个协议的统计信息 -s
netstat -s 显示所有端口的统计信息
netstat -st 显示TCP端口的统计信息
netstat -su 显示UDP端口的统计信息
在netstat输出中显示 PID 和进程名称 -p
-p, --program
Show the PID and name of the program to which each socket belongs.
显示每个套接字所属程序的PID和名称。
netstat -pt
netstat -p可以与其它开关一起使用,就可以添加“PID/进程名称”到netstat输出中,这样debugging的时候可以很方便的发现特定端口运行的程序。
在netstat输出中不显示主机,端口和用户名(host, port or user) -n
--numeric , -n
Show numerical addresses instead of trying to determine symbolic host, port or user names.
显示数字地址,而不是试图确定符号主机、端口或用户名。
当你不想让主机,端口和用户名显示,使用netstat -n。将会使用数字代替那些名称。同样可以加速输出,因为不用进行比对查询。
netstat -an
如果只是不想让这三个名称中的一个被显示,使用以下命令:
netsat -a --numeric-ports
netsat -a --numeric-hosts
netsat -a --numeric-users
持续输出netstat信息 -c
netstat -c #每隔一秒输出网络信息
-c, --continuous
This will cause netstat to print the selected information every second continuously.
这将导致netstat每秒钟连续打印所选信息。
显示系统不支持的地址族(Address Families) —verbose
netstat --verbose
在输出的末尾,会有如下的信息:
netstat: no support for `AF IPX' on this system.
netstat: no support for `AF AX25' on this system.
netstat: no support for `AF X25' on this system.
netstat: no support for `AF NETROM' on this system.
显示核心路由信息 -r
netstat -r
使用netstat -rn显示数字格式,不查询主机名称。
找出程序运行的端口
并不是所有的进程都能找到,没有权限的会不显示,使用 root 权限查看所有的信息。
netstat -ap | grep ssh
找出运行在指定端口的进程:
netstat -an | grep ':80'
显示网络接口列表 -i
netstat -i
显示详细信息,像是ifconfig
netstat -ie。
man netstat
NETSTAT(8)
NAME
netstat - Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships
打印网络连接、路由表、接口统计信息、伪装连接和多播成员关系
SYNOPSIS
netstat [address_family_options] [--tcp|-t] [--udp|-u] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--symbolic|-N] [--extend|-e[--extend|-e]] [--timers|-o] [--pro?
gram|-p] [--verbose|-v] [--continuous|-c]
netstat {--route|-r} [address_family_options] [--extend|-e[--extend|-e]] [--verbose|-v] [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--continuous|-c]
netstat {--interfaces|-i} [--all|-a] [--extend|-e[--extend|-e]] [--verbose|-v] [--program|-p] [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--continuous|-c]
netstat {--groups|-g} [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--continuous|-c]
netstat {--masquerade|-M} [--extend|-e] [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--continuous|-c]
netstat {--statistics统计数据|-s} [--tcp|-t] [--udp|-u] [--raw|-w]
netstat {--version|-V}
netstat {--help|-h}
address_family_options:
[-4] [-6] [--protocol={inet,unix,ipx,ax25,netrom,ddp}[,...]] [--unix|-x] [--inet|--ip] [--ax25] [--ipx] [--netrom] [--ddp]
DESCRIPTION
Netstat prints information about the Linux networking subsystem. The type of information printed is controlled by the first argument, as follows:
Netstat打印关于Linux网络子系统的信息。打印的信息类型由第一个参数控制,如下:
(none)
By default, netstat displays a list of open sockets. If you don't specify any address families, then the active sockets of all configured address families will be printed.
默认情况下,netstat显示一个打开的套接字列表。如果不指定任何地址族,则将打印所有已配置的地址族的活动套接字。
--route , -r
Display the kernel routing tables. See the description in route(8) for details. netstat -r and route -e produce the same output.
显示内核路由表。详见route(8)中的描述。netstat -r和route -e产生相同的输出。
--groups , -g
Display multicast group membership information for IPv4 and IPv6.
显示IPv4和IPv6的多播组成员信息。
--interfaces, -i
Display a table of all network interfaces.
显示所有网络接口的表。
--masquerade , -M
Display a list of masqueraded connections.
--statistics , -s
Display summary statistics for each protocol.
显示伪装连接的列表。
OPTIONS
--verbose , -v
Tell the user what is going on by being verbose. Especially print some useful information about unconfigured address families.
冗长地告诉用户发生了什么。特别是打印一些关于未配置地址族的有用信息。
--wide , -W
Do not truncate IP addresses by using output as wide as needed. This is optional for now to not break existing scripts.
不要根据需要使用输出宽度截断IP地址。目前,这是可选的,以避免破坏现有脚本。
--numeric , -n
Show numerical addresses instead of trying to determine symbolic host, port or user names.
显示数字地址,而不是试图确定符号主机、端口或用户名。
--numeric-hosts
shows numerical host addresses but does not affect the resolution of port or user names.
显示数字主机地址,但不影响端口或用户名的分辨率。
--numeric-ports
shows numerical port numbers but does not affect the resolution of host or user names.
显示数字端口号,但不影响主机名或用户名的分辨率。
--numeric-users
shows numerical user IDs but does not affect the resolution of host or port names.
显示数值用户id,但不影响主机或端口名称的分辨率。
--protocol=family , -A
Specifies the address families (perhaps better described as low level protocols) for which connections are to be shown. family is a comma (',') separated list of address family keywords like inet, unix, ipx, ax25, netrom, and
ddp. This has the same effect as using the --inet, --unix (-x), --ipx, --ax25, --netrom, and --ddp options.
The address family inet includes raw, udp and tcp protocol sockets.
-c, --continuous
This will cause netstat to print the selected information every second continuously.
这将导致netstat每秒钟连续打印所选信息。
-e, --extend
Display additional information. Use this option twice for maximum detail.
显示额外的信息。使用此选项两次以获得最大的详细信息。
-o, --timers
Include information related to networking timers.
包括与网络计时器相关的信息。
-p, --program
Show the PID and name of the program to which each socket belongs.
显示每个套接字所属程序的PID和名称。
-l, --listening
Show only listening sockets. (These are omitted by default.)
只显示监听套接字。(默认情况下省略这些。)
-a, --all
Show both listening and non-listening sockets. With the --interfaces option, show interfaces that are not up
同时显示监听和非监听套接字。使用——interfaces选项,显示未打开的接口
-F
Print routing information from the FIB. (This is the default.)
从FIB打印路由信息。(这是默认值。)
-C
Print routing information from the route cache.
从路由缓存中打印路由信息。
3826
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
