netstat命令简介
Netstat 是一款命令行工具,可用于列出系统上所有的网络套接字连接情况,包括 tcp, udp 以及 unix 套接字,另外它还能列出处于监听状态(即等待接入请求)的套接字。在Linux使用过程中,需要了解当前系统开放了哪些端口,并且要查看开放这些端口的具体进程和用户,可以通过netstat命令进行简单查询。
1. 帮助文档
[root@jiangnan ~]# netstat --help
usage: netstat [-vWeenNcCF] [<Af>] -r netstat {-V|--version|-h|--help}
netstat [-vWnNcaeol] [<Socket> ...]
netstat { [-vWeenNac] -I[<Iface>] | [-veenNac] -i | [-cnNe] -M | -s [-6tuw] } [delay]
-r, --route display routing table
-I, --interfaces=<Iface> display interface table for <Iface>
-i, --interfaces display interface table
-g, --groups display multicast group memberships
-s, --statistics display networking statistics (like SNMP)
-M, --masquerade display masqueraded connections
-v, --verbose be verbose
-W, --wide don't truncate IP addresses
-n, --numeric don't resolve names
--numeric-hosts don't resolve host names
--numeric-ports don't resolve port names
--numeric-users don't resolve user names
-N, --symbolic resolve hardware names
-e, --extend display other/more information
-p, --programs display PID/Program name for sockets
-o, --timers display timers
-c, --continuous continuous listing
-l, --listening display listening server sockets
-a, --all display all sockets (default: connected)
-F, --fib display Forwarding Information Base (default)
-C, --cache display routing cache instead of FIB
-Z, --context display SELinux security context for sockets
<Socket>={-t|--tcp} {-u|--udp} {-U|--udplite} {-S|--sctp} {-w|--raw}
{-x|--unix} --ax25 --ipx --netrom
<AF>=Use '-6|-4' or '-A <af>' or '--<af>'; default: inet
List of possible address families (which support routing):
inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25)
netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP)
x25 (CCITT X.25)
[root@jiangnan ~]#
netstat命令几个常用的参数说明如下:
-t : 指明显示TCP端口
-u : 指明显示UDP端口
-l : 仅显示监听套接字(所谓套接字就是使应用程序能够读写与收发通讯协议(protocol)与资料的程序)
-p : 显示进程标识符和程序名称,每一个套接字/端口都属于一个程序。
-n : 不进行DNS轮询(禁用反向域名解析),显示IP(可以加速操作)
2. 示例
netstat -ntlp //查看当前所有tcp端口.
netstat -ntulp |grep 80 //查看所有80端口使用情况.
netstat -an | grep 3306 //查看所有3306端口使用情况.
- 列出所有当前的连接。使用 -a 选项即可。
[root@jiangnan ~]# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:10248 0.0.0.0:* LISTEN
tcp 0 0 localhost:10257 0.0.0.0:* LISTEN
tcp 0 0 localhost:10259 0.0.0.0:* LISTEN
tcp 0 0 localhost:35700 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN
tcp 0 0 iZ2ze746e6572mmbd:40852 100.100.30.26:http ESTABLISHED
...
unix 3 [ ] STREAM CONNECTED 4853258 /run/containerd/containerd.sock
[root@jiangnan ~]#
- 只列出 TCP 协议的连接,使用 -t 选项列出 TCP 协议的连接:
[root@jiangnan ~]# netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:10248 0.0.0.0:* LISTEN
tcp 0 0 localhost:10257 0.0.0.0:* LISTEN
tcp 0 0 localhost:10259 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN
...
tcp6 0 0 [::]:webcache [::]:* LISTEN
tcp6 0 0 localhost:smtp [::]:* LISTEN
tcp6 0 0 localhost:mxi [::]:* LISTEN
[root@jiangnan ~]#
- 只列出 UDP 协议的连接,使用 -u 选项列出 TCP 协议的连接:
[root@jiangnan ~]# netstat -au
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 localhost:323 0.0.0.0:*
udp 0 0 0.0.0.0:bootpc 0.0.0.0:*
udp6 0 0 localhost:323 [::]:*
[root@jiangnan ~]#
- 禁用反向域名解析,加快查询速度
[root@jiangnan ~]# netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:10248 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:10257 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:10259 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:45251 0.0.0.0:* LISTEN
tcp 0 0 172.31.179.120:40852 100.100.30.26:80 ESTABLISHED
tcp 0 1 172.31.179.120:34790 101.200.149.4:6443 SYN_SENT
...
tcp6 0 0 ::1:25 :::* LISTEN
tcp6 0 0 127.0.0.1:8005 :::* LISTEN
[root@jiangnan ~]#
- 只查看处于监听状态的连接,并且不解析域名
[root@jiangnan ~]# netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:10248 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:10257 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:10259 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:45251 0.0.0.0:* LISTEN
tcp6 0 0 :::10250 :::* LISTEN
tcp6 0 0 :::10251 :::* LISTEN
tcp6 0 0 :::10252 :::* LISTEN
tcp6 0 0 :::8080 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
tcp6 0 0 127.0.0.1:8005 :::* LISTEN
[root@jiangnan ~]#
- 查询指定端口或状态的连接
[root@jiangnan ~]# netstat -atnp | grep ESTA
tcp 0 0 172.31.179.120:40852 100.100.30.26:80 ESTABLISHED 28385/AliYunDun
tcp 0 52 172.31.179.120:22 120.244.188.179:12035 ESTABLISHED 25718/sshd: root@pt
[root@jiangnan ~]#
通过管道符并配合grep命令查看。
微信公众号先已开通,搜索 “江小南和他的小伙伴们” 就能找到我哦,各位小伙伴们可以关注一下,文章会进行同步更新,方便查看哦。