Linux 网络:netstat 的 13 种用途
网络统计 ( netstat) 命令是一种用于故障排除和配置的网络工具,也可以用作网络连接的监控工具。传入和传出连接、路由表、端口监听和使用情况统计都是此命令的常见用途。让我们来看看一些基本用法netstat和最常用的情况。
列出所有监听端口
要列出所有侦听端口(使用 TCP 和 UDP),请使用netstat -a:
[tcarrigan@rhel ~]$ netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:hostmon 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN
tcp 0 0 rhel.test:domain 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:ipp 0.0.0.0:* LISTEN
tcp 0 0 rhel.test:39148 a173-222-212-251.:https ESTABLISHED
tcp 2880 0 rhel.test:39150 a173-222-212-251.:https ESTABLISHED
tcp 0 0 rhel.test:39146 a173-222-212-251.:https ESTABLISHED
tcp 0 0 rhel.test:49610 parrot.sbs.arizona:http TIME_WAIT
tcp 0 0 rhel.test:49614 parrot.sbs.arizona:http TIME_WAIT
tcp 0 0 rhel.test:49608 parrot.sbs.arizona:http TIME_WAIT
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 38124 @/tmp/.ICE-unix/2276
unix 2 [ ACC ] STREAM LISTENING 41812 /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 38125 /tmp/.ICE-unix/2276
unix 2 [ ACC ] STREAM LISTENING 41743 /tmp/.ICE-unix/2613
unix 2 [ ACC ] STREAM LISTENING 14186 @/org/kernel/linux/storage/multipathd
unix 2 [ ACC ] STREAM LISTENING 41653 @/tmp/dbus-GYsHTAWD
unix 2 [ ACC ] STREAM LISTENING 41742 @/tmp/.ICE-unix/2613注意:此输出经过了长度编辑。
如果这对您来说看起来像是很多信息,那是因为它确实有很多信息!
仅列出 TCP 端口连接
如果您发现该-a选项太冗长,请尝试使用-t 它的标志:
[tcarrigan@rhel ~]$ netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:hostmon 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN
tcp 0 0 rhel.test:domain 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:ipp 0.0.0.0:* LISTEN
tcp 0 0 rhel.test:39148 a173-222-212-251.:https ESTABLISHED
tcp 0 0 rhel.test:39150 a173-222-212-251.:https ESTABLISHED
tcp 0 0 rhel.test:39146 a173-222-212-251.:https ESTABLISHED
tcp6 0 0 [::]:hostmon [::]:* LISTEN
tcp6 0 0 [::]:sunrpc [::]:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 localhost:ipp [::]:* LISTEN 这可以为您提供更加用户友好的 TCP 连接读数。
仅列出 UDP 端口连接
可以使用相同的过滤器来关闭 UDP 连接。如下所示:
[tcarrigan@rhel ~]$ netstat -au
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 0.0.0.0:35709 0.0.0.0:*
udp 0 0 rhel.test:domain 0.0.0.0:*
udp 0 0 127.0.0.53:domain 0.0.0.0:*
udp 0 0 0.0.0.0:bootps 0.0.0.0:*
udp 0 0 rhel.test:bootpc 0.0.0.0:*
udp 0 0 0.0.0.0:sunrpc 0.0.0.0:*
udp 0 0 localhost:323 0.0.0.0:*
udp 0 0 0.0.0.0:mdns 0.0.0.0:*
udp 0 0 0.0.0.0:hostmon 0.0.0.0:*
udp6 0 0 [::]:39874 [::]:*
udp6 0 0 [::]:sunrpc [::]:*
udp6 0 0 localhost:323 [::]:*
udp6 0 0 [::]:mdns [::]:*
udp6 0 0 [::]:hostmon [::]:* 列出所有主动监听的端口
要列出所有主动监听的端口(TCP 和 UDP),请使用以下命令:
[tcarrigan@rhel ~]$ netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:hostmon 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN
udp 0 0 0.0.0.0:35709 0.0.0.0:*
udp 0 0 rhel.test:domain 0.0.0.0:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 38124 @/tmp/.ICE-unix/2276
unix 2 [ ACC ] STREAM LISTENING 41812 /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 38125 /tmp/.ICE-unix/2276
unix 2 [ ACC ] STREAM LISTENING 41743 /tmp/.ICE-unix/2613
unix 2 [ ACC ] STREAM LISTENING 14186 @/org/kernel/linux/storage/multipathd注意:此输出经过了长度编辑。
您也可以根据所需协议添加-t和选项,将过滤器应用于监听端口。-u
对于 TCP:
[tcarrigan@rhel ~]$ netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:hostmon 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN
tcp 0 0 rhel.test:domain 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:ipp 0.0.0.0:* LISTEN
tcp6 0 0 [::]:hostmon [::]:* LISTEN
tcp6 0 0 [::]:sunrpc [::]:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 localhost:ipp [::]:* LISTEN 对于 UDP:
[tcarrigan@rhel ~]$ netstat -lu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 0.0.0.0:35709 0.0.0.0:*
udp 0 0 rhel.test:domain 0.0.0.0:*
udp 0 0 127.0.0.53:domain 0.0.0.0:*
udp 0 0 0.0.0.0:bootps 0.0.0.0:*
udp 0 0 rhel.test:bootpc 0.0.0.0:*
udp 0 0 0.0.0.0:sunrpc 0.0.0.0:*
udp 0 0 localhost:323 0.0.0.0:*
udp 0 0 0.0.0.0:mdns 0.0.0.0:*
udp 0 0 0.0.0.0:hostmon 0.0.0.0:*
udp6 0 0 [::]:39874 [::]:*
udp6 0 0 [::]:sunrpc [::]:*
udp6 0 0 localhost:323 [::]:*
udp6 0 0 [::]:mdns [::]:*
udp6 0 0 [::]:hostmon [::]:* Netstat + grep
netstat和的组合grep非常常用于查找端口上的监听程序数量。我们运行标准netstat -ap,然后通过管道输入到grep作为搜索关键字。对于此示例,我们将使用http:
[root@rhel ~]# netstat -ap | grep http
tcp 0 0 rhel.test:60680 iad30s14-in-f4.1e:https TIME_WAIT -
tcp 0 0 rhel.test:57752 iad30s15-in-f3.1e:https ESTABLISHED 4003/firefox
tcp 0 0 rhel.test:55418 13.107.42.14:https ESTABLISHED 4003/firefox
tcp 0 0 rhel.test:42496 server-13-249-126-:http ESTABLISHED 4003/firefox
tcp 0 0 rhel.test:48538 server-13-249-102:https ESTABLISHED 4003/firefox 现在我们知道如何查看连接和监听端口,让我们看一下提取统计数据。
按协议提取统计数据
要提取并查看按协议排序的网络统计信息,请使用以下命令:
[tcarrigan@rhel ~]$ netstat -s
Ip:
Forwarding: 1
64919 total packets received
1 with invalid addresses
0 forwarded
0 incoming packets discarded
64877 incoming packets delivered
62971 requests sent out
4 dropped because of missing route
Icmp:
0 ICMP messages received
0 input ICMP message failed
ICMP input histogram:
0 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
Tcp:
31 active connection openings
0 passive connection openings
0 failed connection attempts
1 connection resets received
0 connections established
64704 segments received
62779 segments sent out
0 segments retransmitted
0 bad segments received
33 resets sent
Udp:
173 packets received
0 packets to unknown port received
0 packet receive errors
205 packets sent
0 receive buffer errors
0 send buffer errors
UdpLite:
TcpExt:
9 TCP sockets finished time wait in fast timer
32 delayed acks sent
1 delayed acks further delayed because of locked socket
59599 packet headers predicted
38 acknowledgments not containing data payload received
424 predicted acknowledgments
1 connections reset due to early user close
TCPRcvCoalesce: 2863
TCPAutoCorking: 2
TCPOrigDataSent: 462
TCPDelivered: 493
IpExt:
InMcastPkts: 29
OutMcastPkts: 35
InOctets: 337792114
OutOctets: 2677848
InMcastOctets: 3098
OutMcastOctets: 3338
InNoECTPkts: 293203可以按照与过滤连接/端口相同的方式为特定协议实现过滤器。
TCP 统计信息:
[tcarrigan@rhel ~]$ netstat -st
Tcp:
31 active connection openings
0 passive connection openings
0 failed connection attempts
1 connection resets received
0 connections established
64704 segments received
62779 segments sent out
0 segments retransmitted
0 bad segments received
33 resets sent
UdpLite:
TcpExt:
9 TCP sockets finished time wait in fast timer
32 delayed acks sent
1 delayed acks further delayed because of locked socket
59599 packet headers predicted
38 acknowledgments not containing data payload received
424 predicted acknowledgments
1 connections reset due to early user close
TCPRcvCoalesce: 2863
TCPAutoCorking: 2
TCPOrigDataSent: 462
TCPDelivered: 493
IpExt:
InMcastPkts: 29
OutMcastPkts: 35
InOctets: 337792798
OutOctets: 2678532
InMcastOctets: 3098
OutMcastOctets: 3338
InNoECTPkts: 293212UDP 统计信息:
[tcarrigan@rhel ~]$ netstat -su
Udp:
191 packets received
0 packets to unknown port received
0 packet receive errors
223 packets sent
0 receive buffer errors
0 send buffer errors
UdpLite:
IpExt:
InMcastPkts: 29
OutMcastPkts: 35
InOctets: 337793482
OutOctets: 2679216
InMcastOctets: 3098
OutMcastOctets: 3338
InNoECTPkts: 293221原始网络统计数据:
如果所有这些过滤数据都不适合您,请考虑提取原始统计数据:
[root@rhel ~]# netstat --statistics --raw
Ip:
Forwarding: 1
68789 total packets received
1 with invalid addresses
0 forwarded
0 incoming packets discarded
68727 incoming packets delivered
66762 requests sent out
4 dropped because of missing route
Icmp:
0 ICMP messages received
0 input ICMP message failed
ICMP input histogram:
0 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
UdpLite:
IpExt:
InMcastPkts: 29
OutMcastPkts: 35
InOctets: 348032479
OutOctets: 3070589
InMcastOctets: 3098
OutMcastOctets: 3338
InNoECTPkts: 303413按 PID 显示服务
一个非常方便的故障排除技巧是通过 PID 列出服务。为此,请使用以下命令:
[root@rhel ~]# netstat -tp
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 rhel.test:56598 130.248.144.17:https ESTABLISHED 4487/firefox
tcp 0 0 rhel.test:40414 server-13-249-122:https TIME_WAIT -
tcp 0 0 rhel.test:59534 e017.en25.com:https ESTABLISHED 4487/firefox
tcp 0 0 rhel.test:40134 iad23s60-in-f4.1e:https ESTABLISHED 4487/firefox
tcp 0 0 rhel.test:39014 72.21.91.29:http TIME_WAIT 按接口显示 I/O
该-i选项是另一个有用的故障排除标志。要按接口查看发送/接收统计信息,请使用以下命令:
[root@rhel ~]# netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
enp0s3 1500 293240 0 0 0 63064 0 0 0 BMRU
lo 65536 0 0 0 0 0 0 0 0 LRU
virbr0 1500 0 0 0 0 0 0 0 0 BMU包起来
There you have it. The netstat command is an easy to use and powerful tool that any Linux network admin can put to use. I used netstat extensively as a storage admin for troubleshooting, and I am sure that you will find some use for it, too. While in recent years netstat has been deprecated in favor of the ss command, you may still find it in your networking toolbox. For a more modern take, I will explore ss in a future article, so be sure to keep an eye out for that!
[ Getting started with networking? Check out the Linux networking cheat sheet. ]