1. netstat输出结果
netstat的输出结果可以分为两个部分
Part1 => Active Internet connections 有源TCP连接,其中"Recv-Q"和"Send-Q"指接收队列和发送队列;这些数字如果不为0则表示软件包正在队列中堆积。
Part2 => Active UNIX domain sockets 有源Unix域套接口,只能用于本机通信,性能可以提高一倍。
注:netstat默认不显示udp协议、不显示状态为LISTEN
[root@xxserver bin]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 32 0 HA-node1-cluster-he:35762 HA-node1-cluster-h:efi-mg CLOSE_WAIT
tcp 32 0 HA-node1-cluster-he:48560 HA-node2-cluster-h:efi-mg CLOSE_WAIT
tcp 0 0 xxserver:ssh 169.177.166.247:53827 ESTABLISHED
……
tcp6 0 0 localhost:44208 localhost:mysql ESTABLISHED
tcp6 0 0 localhost:61613 localhost:34190 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 3 [ ] DGRAM 11527 /run/systemd/notify
unix 2 [ ] DGRAM
……
unix 3 [ ] STREAM CONNECTED 32670 /run/dbus/system_bus_socket
2.常用参数
-a 显示所有选项,默认不显示LISTEN相关
-t 仅显示tcp相关选项
-u 仅显示udp相关选项
-w 仅显示RAW相关选项
-x 仅显示unix相关选项
-n 拒绝显示别名,能显示数字的全部转化成数字
-l 仅列出有在 Listen (监听) 的服务状态
-p 显示正在使用Socket的程序名和PID
-r 显示路由表
-i 显示网络接口列表
-s 按各个协议进行统计
-c 每隔一个固定时间执行该netstat命令
举例:
(1) -a 列出所有端口(包括监听和未监听的)
netstat -a 列出所有端口
netstat -at 列出所有 tcp 端口
netstat -au 列出所有 udp 端口
(2) -l 只显示监听端口
只显示监听端口 netstat -l
只列出所有监听 tcp 端口 netstat -lt
只列出所有监听 udp 端口 netstat -lu
只列出所有监听 UNIX 端口 netstat -lx
说明:为什么udp和raw的State不打印LISTEN? 查看 man netstat解释如下
Since there are no states in raw mode and usually no states used in UDP and UDPLite, this column may be left blank.
[root@xxserver bin]# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:rsync 0.0.0.0:* LISTEN
tcp6 0 0 [::]:42242 [::]:* LISTEN
……
udp 0 0 HA-node1-ne:45334 0.0.0.0:*
udp6 0 0 192.169.4.202:snmptrap [::]:*
raw6 0 0 [::]:ipv6-icmp [::]:* 7
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 42703 private/relay
unix 2 [ ACC ] STREAM LISTENING 42712 private/retry
……(3) netstat -s 显示每个协议的统计信息
(4) netstat -p 输出中显示PID和进程名称
[root@xxserver ~]# netstat -ap
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 22533/sshd
udp6 0 0 192.169.4.202:snmptrap [::]:* 26680/java
……(5) netstat -n 输出中不显示主机、端口和用户名 (host, port or user)
[root@xxserver ~]# netstat -anp | grep ssh
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 22533/sshd
udp6 0 0 192.169.4.202:162 :::* 26680/java
……说明:如果仅不想让其中一个被显示,使用以下命令
# netsat -a --numeric-ports
# netsat -a --numeric-hosts
# netsat -a --numeric-users
(6) netstat -c 持续输出netstat信息
默认1秒打印一次 netstat -auc | grep snmp
设置5秒打印一次 netstat -auc 5 | grep snmp
[root@xxxserver ~]# netstat -auc | grep snmp
Tue Mar 30 17:08:23 CST 2021
udp6 0 0 192.169.4.202:snmptrap [::]:*
udp6 0 0 192.169.4.202:snmptrap [::]:*
udp6 0 0 192.169.4.202:snmptrap [::]:*
udp6 0 0 192.169.4.202:snmptrap [::]:*
^C
[root@xxxserver ~]# (7) 显示路由信息 netstat -r 输出结果同route
(8) 显示网络接口列表 netstat -i,netstat -ie输出结果同ifconfig
[root@xxxserver ~]# netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
ens164 1500 4649150 0 30 0 6231154 0 0 0 BMRU
ens192 1500 4596573 0 29 0 2720436 0 0 0 BMRU
lo 65536 16194199 0 0 0 16194199 0 0 0 LRU
virbr0 1500 0 0 0 0 0 0 0 0 BMU
[root@xxxserver ~]#
3.套接口的State
Active Internet connections
State
The state of the socket. Since there are no states in raw mode and usually no states used in UDP and
UDPLite, this column may be left blank. Normally this can be one of several values:
ESTABLISHED
The socket has an established connection.
SYN_SENT
The socket is actively attempting to establish a connection.
SYN_RECV
A connection request has been received from the network.
FIN_WAIT1
The socket is closed, and the connection is shutting down.
FIN_WAIT2
Connection is closed, and the socket is waiting for a shutdown from the remote end.
TIME_WAIT
The socket is waiting after close to handle packets still in the network.
CLOSE The socket is not being used.
CLOSE_WAIT
The remote end has shut down, waiting for the socket to close.
LAST_ACK
The remote end has shut down, and the socket is closed. Waiting for acknowledgement.
LISTEN The socket is listening for incoming connections. Such sockets are not included in the output
unless you specify the --listening (-l) or --all (-a) option.
CLOSING
Both sockets are shut down but we still don't have all our data sent.
UNKNOWN
The state of the socket is unknown.
各个状态解释可参考另一篇博文,TCP的连接建立和释放 https://blog.csdn.net/wy_hhxx/article/details/103980331
Active UNIX domain Sockets
State
This field will contain one of the following Keywords:
FREE The socket is not allocated
LISTENING
The socket is listening for a connection request. Such sockets are only included in the output
if you specify the --listening (-l) or --all (-a) option.
CONNECTING
The socket is about to establish a connection.
CONNECTED
The socket is connected.
DISCONNECTING
The socket is disconnecting.
(empty)
The socket is not connected to another one.
UNKNOWN
This state should never happen.
参考资料:
Linux netstat命令详解及state的含义 https://blog.csdn.net/libaineu2004/article/details/82465215
========================================================================
ss命令,偷个懒 囧
ss比netstat快的主要原因是,netstat是遍历/proc下面每个PID目录,ss直接读/proc/net下面的统计信息。所以ss执行的时候消耗资源以及消耗的时间都比netstat少很多。
ss命令和netstat命令比较 https://cloud.tencent.com/developer/article/1026969
Linux网络状态工具ss命令使用详解 http://www.ttlsa.com/linux-command/ss-replace-netstat/
409
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
