用于 Linux 网络管理的 20 个 Netstat 命令
netstat(网络统计)是一个命令行工具,用于监控传入和传出的网络连接以及查看路由表、接口统计信息等。
[ 你可能还喜欢:系统管理员的 22 个 Linux 网络命令]
netstat适用于所有类 Unix 操作系统,也适用于Windows 操作系统。它在网络故障排除和性能测量方面非常有用。
netstat是最基本的网络服务调试工具之一,它可以告诉您哪些端口是打开的以及是否有任何程序正在监听端口。
更新:Linux netstat 命令已被新的ss 命令取代,该命令能够显示有关网络连接的更多信息,并且比旧的netstat 命令快得多。
netstat工具对于 Linux 网络管理员以及系统管理员来说非常重要且非常有用,可以监控和解决与网络相关的问题并确定网络流量性能。
本文通过示例展示了netstat命令的用法,这可能在日常操作中很有用。
[ 你可能还喜欢:Linux Find 命令的 35 个实用示例]
1. 列出所有 TCP 和 UDP 连接的监听端口
使用netstat -a选项列出所有端口(TCP和UDP) 。
# netstat -a | more Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:sunrpc *:* LISTEN tcp 0 52 192.168.0.2:ssh 192.168.0.1:egs ESTABLISHED tcp 1 0 192.168.0.2:59292 www.gov.com:http CLOSE_WAIT tcp 0 0 localhost:smtp *:* LISTEN tcp 0 0 *:59482 *:* LISTEN udp 0 0 *:35036 *:* udp 0 0 *:npmp-local *:* Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 16972 /tmp/orbit-root/linc-76b-0-6fa08790553d6 unix 2 [ ACC ] STREAM LISTENING 17149 /tmp/orbit-root/linc-794-0-7058d584166d2 unix 2 [ ACC ] STREAM LISTENING 17161 /tmp/orbit-root/linc-792-0-546fe905321cc unix 2 [ ACC ] STREAM LISTENING 15938 /tmp/orbit-root/linc-74b-0-415135cb6aeab
2. 列出 TCP 端口连接
使用netstat -at仅列出TCP(传输控制协议)端口连接。
# netstat -at Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:ssh *:* LISTEN tcp 0 0 localhost:ipp *:* LISTEN tcp 0 0 localhost:smtp *:* LISTEN tcp 0 52 192.168.0.2:ssh 192.168.0.1:egs ESTABLISHED tcp 1 0 192.168.0.2:59292 www.gov.com:http CLOSE_WAIT
3. 列出 UDP 端口连接
使用netstat -au仅列出UDP(用户数据报协议)端口连接。
# netstat -au Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 *:35036 *:* udp 0 0 *:npmp-local *:* udp 0 0 *:mdns *:*
4. 列出所有监听连接
使用netstat -l列出所有活动监听端口连接。
# netstat -l Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 *:58642 *:* LISTEN tcp 0 0 *:ssh *:* LISTEN udp 0 0 *:35036 *:* udp 0 0 *:npmp-local *:* Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 16972 /tmp/orbit-root/linc-76b-0-6fa08790553d6 unix 2 [ ACC ] STREAM LISTENING 17149 /tmp/orbit-root/linc-794-0-7058d584166d2 unix 2 [ ACC ] STREAM LISTENING 17161 /tmp/orbit-root/linc-792-0-546fe905321cc unix 2 [ ACC ] STREAM LISTENING 15938 /tmp/orbit-root/linc-74b-0-415135cb6aeab
5.列出所有 TCP 监听端口
使用选项netstat -lt列出所有活动监听的 TCP 端口。
# netstat -lt Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:dctp *:* LISTEN tcp 0 0 *:mysql *:* LISTEN tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 *:munin *:* LISTEN tcp 0 0 *:ftp *:* LISTEN tcp 0 0 localhost.localdomain:ipp *:* LISTEN tcp 0 0 localhost.localdomain:smtp *:* LISTEN tcp 0 0 *:http *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 *:https *:* LISTEN
6.列出所有 UDP 监听端口
使用选项netstat -lu列出所有活动监听的 UDP 端口。
# netstat -lu Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 *:39578 *:* udp 0 0 *:meregister *:* udp 0 0 *:vpps-qua *:* udp 0 0 *:openvpn *:* udp 0 0 *:mdns *:* udp 0 0 *:sunrpc *:* udp 0 0 *:ipp *:* udp 0 0 *:60222 *:* udp 0 0 *:mdns *:*
7. 列出所有 UNIX 监听端口
使用netstat -lx列出所有活动的 UNIX 监听端口。
# netstat -lx Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 4171 @ISCSIADM_ABSTRACT_NAMESPACE unix 2 [ ACC ] STREAM LISTENING 5767 /var/run/cups/cups.sock unix 2 [ ACC ] STREAM LISTENING 7082 @/tmp/fam-root- unix 2 [ ACC ] STREAM LISTENING 6157 /dev/gpmctl unix 2 [ ACC ] STREAM LISTENING 6215 @/var/run/hald/dbus-IcefTIUkHm unix 2 [ ACC ] STREAM LISTENING 6038 /tmp/.font-unix/fs7100 unix 2 [ ACC ] STREAM LISTENING 6175 /var/run/avahi-daemon/socket unix 2 [ ACC ] STREAM LISTENING 4157 @ISCSID_UIP_ABSTRACT_NAMESPACE unix 2 [ ACC ] STREAM LISTENING 60835836 /var/lib/mysql/mysql.sock unix 2 [ ACC ] STREAM LISTENING 4645 /var/run/audispd_events unix 2 [ ACC ] STREAM LISTENING 5136 /var/run/dbus/system_bus_socket unix 2 [ ACC ] STREAM LISTENING 6216 @/var/run/hald/dbus-wsUBI30V2I unix 2 [ ACC ] STREAM LISTENING 5517 /var/run/acpid.socket unix 2 [ ACC ] STREAM LISTENING 5531 /var/run/pcscd.comm
8. 按协议显示统计数据
按协议显示统计信息。默认情况下,显示 TCP、UDP、ICMP 和 IP 协议的统计信息。-s参数可用于指定一组协议。
# netstat -s
Ip:
2461 total packets received
0 forwarded
0 incoming packets discarded
2431 incoming packets delivered
2049 requests sent out
Icmp:
0 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
1 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 1
Tcp:
159 active connections openings
1 passive connection openings
4 failed connection attempts
0 connection resets received
1 connections established
2191 segments received
1745 segments send out
24 segments retransmited
0 bad segments received.
4 resets sent
Udp:
243 packets received
1 packets to unknown port received.
0 packet receive errors
281 packets sent
9. 按 TCP 协议显示统计信息
使用选项netstat -st仅显示 TCP 协议的统计信息。
# netstat -st
Tcp:
2805201 active connections openings
1597466 passive connection openings
1522484 failed connection attempts
37806 connection resets received
1 connections established
57718706 segments received
64280042 segments send out
3135688 segments retransmited
74 bad segments received.
17580 resets sent
10. 通过 UDP 协议显示统计数据
# netstat -su
Udp:
1774823 packets received
901848 packets to unknown port received.
0 packet receive errors
2968722 packets sent
11. 显示服务名称和 PID
显示服务名称及其PID号,使用选项netstat -tp将显示“ PID/程序名称”。
# netstat -tp Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 192.168.0.2:ssh 192.168.0.1:egs ESTABLISHED 2179/sshd tcp 1 0 192.168.0.2:59292 www.gov.com:http CLOSE_WAIT 1939/clock-applet
12. 显示混杂模式
使用-ac开关显示混杂模式,netstat 打印所选信息或每五秒刷新一次屏幕。默认屏幕每秒刷新一次。
# netstat -ac 5 | grep tcp tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 *:58642 *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 localhost:ipp *:* LISTEN tcp 0 0 localhost:smtp *:* LISTEN tcp 1 0 192.168.0.2:59447 www.gov.com:http CLOSE_WAIT tcp 0 52 192.168.0.2:ssh 192.168.0.1:egs ESTABLISHED tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 localhost:ipp *:* LISTEN tcp 0 0 localhost:smtp *:* LISTEN tcp 0 0 *:59482 *:* LISTEN
13. 显示内核 IP 路由
使用 netstat 和 route 命令显示内核 IP 路由表。
# netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 link-local * 255.255.0.0 U 0 0 0 eth0 default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
14. 显示网络接口事务
显示网络接口数据包事务,包括传输和接收具有 MTU 大小的数据包。
# netstat -i Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 4459 0 0 0 4057 0 0 0 BMRU lo 16436 0 8 0 0 0 8 0 0 0 LRU
15. 显示内核接口表
显示内核接口表,类似于ifconfig命令。
# netstat -ie
Kernel Interface table
eth0 Link encap:Ethernet HWaddr 00:0C:29:B4:DA:21
inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feb4:da21/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4486 errors:0 dropped:0 overruns:0 frame:0
TX packets:4077 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2720253 (2.5 MiB) TX bytes:1161745 (1.1 MiB)
Interrupt:18 Base address:0x2000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:480 (480.0 b) TX bytes:480 (480.0 b)
16. 显示 IPv4 和 IPv6 信息
显示 IPv4 和 IPv6 的多播组成员身份信息。
# netstat -g IPv6/IPv4 Group Memberships Interface RefCnt Group --------------- ------ --------------------- lo 1 all-systems.mcast.net eth0 1 224.0.0.251 eth0 1 all-systems.mcast.net lo 1 ff02::1 eth0 1 ff02::202 eth0 1 ff02::1:ffb4:da21 eth0 1 ff02::1
17. 连续打印 Netstat 信息
要每隔几秒获取一次 netstat 信息,请使用以下命令,它将每隔几秒连续打印 netstat 信息。
# netstat -c Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 example.com:http sg2nlhg007.shr.prod.s:36944 TIME_WAIT tcp 0 0 example.com:http sg2nlhg010.shr.prod.s:42110 TIME_WAIT tcp 0 132 example.com:ssh 115.113.134.3.static-:64662 ESTABLISHED tcp 0 0 example.com:http crawl-66-249-71-240.g:41166 TIME_WAIT tcp 0 0 localhost.localdomain:54823 localhost.localdomain:smtp TIME_WAIT tcp 0 0 localhost.localdomain:54822 localhost.localdomain:smtp TIME_WAIT tcp 0 0 example.com:http sg2nlhg010.shr.prod.s:42091 TIME_WAIT tcp 0 0 example.com:http sg2nlhg007.shr.prod.s:36998 TIME_WAIT
18. 查找不支持的地址
查找未配置的地址系列并获取一些有用信息。
# netstat --verbose netstat: no support for `AF IPX' on this system. netstat: no support for `AF AX25' on this system. netstat: no support for `AF X25' on this system. netstat: no support for `AF NETROM' on this system.
19. 寻找听力节目
查明某个端口上运行了多少个监听程序。
# netstat -ap | grep http tcp 0 0 *:http *:* LISTEN 9056/httpd tcp 0 0 *:https *:* LISTEN 9056/httpd tcp 0 0 example.com:http sg2nlhg008.shr.prod.s:35248 TIME_WAIT - tcp 0 0 example.com:http sg2nlhg007.shr.prod.s:57783 TIME_WAIT - tcp 0 0 example.com:http sg2nlhg007.shr.prod.s:57769 TIME_WAIT - tcp 0 0 example.com:http sg2nlhg008.shr.prod.s:35270 TIME_WAIT - tcp 0 0 example.com:http sg2nlhg009.shr.prod.s:41637 TIME_WAIT - tcp 0 0 example.com:http sg2nlhg009.shr.prod.s:41614 TIME_WAIT - unix 2 [ ] STREAM CONNECTED 88586726 10394/httpd
20. 显示 RAW 网络统计信息
# netstat --statistics --raw
Ip:
62175683 total packets received
52970 with invalid addresses
0 forwarded
Icmp:
875519 ICMP messages received
destination unreachable: 901671
echo request: 8
echo replies: 16253
IcmpMsg:
InType0: 83
IpExt:
InMcastPkts: 117
就是这样,如果您正在寻找有关netstat命令的更多信息和选项,请参阅 netstat 手册文档或使用man netstat命令了解所有信息。
如果我们遗漏了列表中的任何内容,请使用下面的评论部分告知我们。这样我们就可以根据您的评论不断更新此列表。