Linux命令 - netstat

技术笔记

简介

netstat - 显示各种网络连接的相关信息,如网络连接(network connections)、路由表(routing tables)、接口状态(interface statistics)和多播成员(multicast memberships)。

基本语法

1
netstate [-a][-t][-u][-x][-n][-l][-p][-r][-e][-s][-c]
基本参数解释:
参数 作用
-a –all 显示所有连接和未连接的端口
-t –tcp 仅显示TCP套接字连接的端口
-u –udp 仅显示UDP套接字连接的端口
-x -unix 仅显示UNIX套接字连接的端口
-n –numeric 以完整名称的方式(即数字)显示所有端口
-l –listening 仅显示所有已连接的端口
-p –program 额外显示PID(进程ID)/Program name(进程名称)
-r –route 显示路由表(routing table)
-e –extend 显示网络连接的额外信息(如User)
-s –statistics 显示网络连接的统计信息
-c –continuous 持续列出网络状态

常用基本操作

  • 显示所有端口
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 localhost:6379              *:*                         LISTEN
tcp        0      0 *:sunrpc                    *:*                         LISTEN
tcp        0      0 localhost:6379              localhost:36240             ESTABLISHED
tcp        1      0 172.16.8.69:38720           123.58.173.186:http         CLOSE_WAIT
tcp        0      0 localhost:36000             localhost:6379              ESTABLISHED
tcp        0      0 localhost:36241             localhost:6379              ESTABLISHED
tcp        0      0 *:39395                     *:*                         LISTEN
tcp        0      0 localhost:mxi               *:*                         LISTEN
tcp        0      0 *:8009                      *:*                         LISTEN
udp        0      0 *:sunrpc                    *:*
udp        0      0 *:ipp                       *:*
udp        0      0 192.168.122.1:ntp           *:*
udp        0      0 192.168.122.1:domain        *:*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  13     [ ]         DGRAM                    507392 /dev/log
unix  2      [ ACC ]     STREAM     LISTENING     507758 /var/run/rpcbind.sock
unix  2      [ ACC ]     STREAM     LISTENING     15533  /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     18496  @/tmp/gdm-greeter-jHQBuBtc
unix  2      [ ACC ]     STREAM     LISTENING     22717  @/tmp/dbus-Fzbdj98FAc
...
  • 仅显示TCP端口(同理于仅显示UDP端口)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# netstat -t # 仅显示所有已建立连接的TCP端口
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 localhost:35206             localhost:6379              ESTABLISHED
tcp        0      0 localhost:35286             localhost:6379              ESTABLISHED
tcp        0      0 localhost:36227             localhost:6379              ESTABLISHED
tcp        0      0 localhost:6379              localhost:36306             ESTABLISHED
tcp        0      0 localhost:6379              localhost:35286             ESTABLISHED
tcp        0      0 localhost:6379              localhost:36226             ESTABLISHED
tcp        0      0 localhost:6379              localhost:36227             ESTABLISHED
tcp        0      0 localhost:6379              localhost:36000             ESTABLISHED
tcp        0      0 localhost:35201             localhost:6379              ESTABLISHED
tcp        0      0 localhost:6379              localhost:35201             ESTABLISHED
tcp        0      0 localhost:6379              localhost:35206             ESTABLISHED
...

# netstat -at # 显示所有TCP端口
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 localhost:6379              *:*                         LISTEN
tcp        0      0 *:sunrpc                    *:*                         LISTEN
tcp        0      0 localhost:webcache          *:*                         LISTEN
tcp        0      0 *:52912                     *:*                         LISTEN
tcp        0      0 192.168.122.1:domain        *:*                         LISTEN
tcp        0      0 *:ssh                       *:*                         LISTEN
tcp        0      0 localhost:ipp               *:*                         LISTEN
tcp        0      0 localhost:smtp              *:*                         LISTEN
tcp        0      0 *:rxapi                     *:*                         LISTEN
tcp        0      0 localhost:35206             localhost:6379              ESTABLISHED
tcp        0      0 localhost:35286             localhost:6379              ESTABLISHED
  • 显示所有处于监听状态(LISTEN)的端口
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 localhost:6379              *:*                         LISTEN
tcp        0      0 localhost:smtp              *:*                         LISTEN
tcp        0      0 *:39395                     *:*                         LISTEN
tcp        0      0 localhost:mxi               *:*                         LISTEN
tcp        0      0 *:8009                      *:*                         LISTEN
udp        0      0 *:sunrpc                    *:*
udp        0      0 *:ipp                       *:*
udp        0      0 192.168.122.1:ntp           *:*
udp        0      0 172.16.8.69:ntp             *:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     507758 /var/run/rpcbind.sock
unix  2      [ ACC ]     STREAM     LISTENING     15533  /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     18496  @/tmp/gdm-greeter-jHQBuBtc
...
  • 显示所有端口的统计信息
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# netstat -s
Ip:
    6626695 total packets received
    6625 with invalid addresses
    0 forwarded
    0 incoming packets discarded
    5055725 incoming packets delivered
    4377026 requests sent out
    96 dropped because of missing route
...
Tcp:
    3196 active connections openings
    1666 passive connection openings
    382 failed connection attempts
    39 connection resets received
    22 connections established
    5043080 segments received
    4352432 segments send out
    6833 segments retransmited
    73 bad segments received.
    443 resets sent
Udp:
    10653 packets received
    80 packets to unknown port received.
    0 packet receive errors
    14349 packets sent
...
  • 利用数字取代别名(主机、用户名),并加速输出所有网络连接信息
1
2
3
4
5
6
7
8
9
10
11
12
13
14
# netstat -n
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 127.0.0.1:35206             127.0.0.1:6379              ESTABLISHED
tcp        0      0 127.0.0.1:35286             127.0.0.1:6379              ESTABLISHED
tcp        0      0 127.0.0.1:36227             127.0.0.1:6379              ESTABLISHED
tcp        0      0 127.0.0.1:6379              127.0.0.1:36306             ESTABLISHED
tcp        0      0 127.0.0.1:6379              127.0.0.1:35286             ESTABLISHED
tcp        0      0 127.0.0.1:6379              127.0.0.1:36226             ESTABLISHED
...

# netstat --numeric-ports # 仅替换端口别名
# netstat --numeric-hosts # 仅替换主机别名
# netstat --numeric-users # 仅替换用户别名
  • 持续显示网络连接状况(以秒为单位,默认为1秒)
1
2
3
4
5
6
7
8
# netstat -c 60 # 每隔60秒运行一次
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 localhost:35206             localhost:6379              ESTABLISHED
tcp        0      0 localhost:35286             localhost:6379              ESTABLISHED
tcp        0      0 localhost:36227             localhost:6379              ESTABLISHED
tcp        0      0 localhost:6379              localhost:36306             ESTABLISHED
...
  • 显示核心路由信息
1
2
3
4
5
6
# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.0.1      *               255.255.255.0   U         0 0          0 eth0
192.168.122.0   *               255.255.255.0   U         0 0          0 virbr0
default         192.168.0.1     0.0.0.0         UG        0 0          0 eth0

与其他命令搭配使用

  • 显示程序所占用的端口
1
2
3
4
5
# netstat -ap | grep ssh
tcp        0      0 *:ssh                       *:*                         LISTEN      18116/sshd
tcp        0      0 173.15.1.50:ssh             113.56.213.179:newheights   ESTABLISHED 6111/sshd
tcp        0      0 *:ssh                       *:*                         LISTEN      18116/sshd
...

参考资料:

[1] http://www.cnblogs.com/ggjucheng/archive/2012/01/08/2316661.html