一、Netstat的作用
netstat用于显示网络状态,可以查看服务器当前端口列表及指定端口的连接状态
二、语法格式
[root@host127 home]# netstat -h
usage: netstat [-vWeenNcCF] [<Af>] -r netstat {-V|--version|-h|--help}
netstat [-vWnNcaeol] [<Socket> ...]
netstat { [-vWeenNac] -I[<Iface>] | [-veenNac] -i | [-cnNe] -M | -s [-6tuw] } [delay]
-r, --route display routing table
-I, --interfaces=<Iface> display interface table for <Iface>
-i, --interfaces display interface table
-g, --groups display multicast group memberships
-s, --statistics display networking statistics (like SNMP)
-M, --masquerade display masqueraded connections
-v, --verbose be verbose
-W, --wide don't truncate IP addresses
-n, --numeric don't resolve names
--numeric-hosts don't resolve host names
--numeric-ports don't resolve port names
--numeric-users don't resolve user names
-N, --symbolic resolve hardware names
-e, --extend display other/more information
-p, --programs display PID/Program name for sockets
-o, --timers display timers
-c, --continuous continuous listing
-l, --listening display listening server sockets
-a, --all display all sockets (default: connected)
-F, --fib display Forwarding Information Base (default)
-C, --cache display routing cache instead of FIB
-Z, --context display SELinux security context for sockets
<Socket>={-t|--tcp} {-u|--udp} {-U|--udplite} {-S|--sctp} {-w|--raw}
{-x|--unix} --ax25 --ipx --netrom
<AF>=Use '-6|-4' or '-A <af>' or '--<af>'; default: inet
List of possible address families (which support routing):
inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25)
netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP)
x25 (CCITT X.25)
参数说明
-a或--all 显示所有连线中的Socket。
-A<网络类型>或--<网络类型> 列出该网络类型连线中的相关地址。
-c或--continuous 持续列出网络状态。
-C或--cache 显示路由器配置的快取信息。
-e或--extend 显示网络其他相关信息。
-F或--fib 显示路由缓存。
-g或--groups 显示多重广播功能群组组员名单。
-h或--help 在线帮助。
-i或--interfaces 显示网络界面信息表单。
-l或--listening 显示监控中的服务器的Socket。
-M或--masquerade 显示伪装的网络连线。
-n或--numeric 直接使用IP地址,而不通过域名服务器。
-N或--netlink或--symbolic 显示网络硬件外围设备的符号连接名称。
-o或--timers 显示计时器。
-p或--programs 显示正在使用Socket的程序识别码和程序名称。
-r或--route 显示Routing Table。
-s或--statistics 显示网络工作信息统计表。
-t或--tcp 显示TCP传输协议的连线状况。
-u或--udp 显示UDP传输协议的连线状况。
-v或--verbose 显示指令执行过程。
-V或--version 显示版本信息。
-w或--raw 显示RAW传输协议的连线状况。
-x或--unix 此参数的效果和指定"-A unix"参数相同。
--ip或--inet 此参数的效果和指定"-A inet"参数相同。
三、参数解析
State状态
| 状态 | 含义 |
|---|---|
| CLOSED | 初始(无连接)状态。 |
| LISTENING | 侦听状态,等待远程机器的连接请求 |
| SYN_SEND | 在TCP三次握手期间,主动连接端发送了SYN包后,进入SYN_SEND状态,等待对方的ACK包。(SYN:synchronous 同步,ACK:acknowledgement 确认) |
| SYN_RECV | 在TCP三次握手期间,主动连接端收到SYN包后,进入SYN_RECV状态。(RECV:receiver 收到) |
| ESTABLISHED | (建立)完成TCP三次握手后,主动连接端进入ESTABLISHED状态。此时,TCP连接已经建立,可以进行通信 |
| FIN_WAIT_1 | 在TCP四次挥手时,主动关闭端发送FIN包后,进入FIN_WAIT_1状态。(FIN:finish 结束) |
| FIN_WAIT_2 | 在TCP四次挥手时,主动关闭端收到ACK包后,进入FIN_WAIT_2状态 |
| TIME_WAIT | 在TCP四次挥手时,主动关闭端发送了ACK包之后,进入TIME_WAIT状态,等待最多MSL时间,让被动关闭端收到ACK包 |
| CLOSING | 在TCP四次挥手期间,主动关闭端发送了FIN包后,没有收到对应的ACK包,却收到对方的FIN包,此时,进入CLOSING状态 |
| CLOSE_WAIT | 在TCP四次挥手期间,被动关闭端收到FIN包后,进入CLOSE_WAIT状态 |
| LAST_ACK | 在TCP四次挥手时,被动关闭端发送FIN包后,进入LAST_ACK状态,等待对方的ACK包 |
四、输出解析
4.1 显示所有的端口
- netstat -a显示详细的网络状况,列出所有的端口
- netstat -at列出所有的tcp端口
[root@host115 ~]# netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 host115:6802 0.0.0.0:* LISTEN
tcp 0 0 3e7c2624702d037.cs:6802 0.0.0.0:* LISTEN
tcp 0 0 3e7c2624702d037.cs:6803 0.0.0.0:* LISTEN
tcp 0 0 host115:6803 0.0.0.0:* LISTEN
tcp 0 0 host115:6804 0.0.0.0:* LISTEN
tcp 0 0 3e7c2624702d037.cs:6804 0.0.0.0:* LISTEN
- netstat -au 列出所有的unix端口
[root@host115 ~]# netstat -au
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 host115:domain 0.0.0.0:*
udp 0 0 0.0.0.0:bootps 0.0.0.0:*
udp 0 0 0.0.0.0:sunrpc 0.0.0.0:*
udp 0 0 192.168.122.:netbios-ns 0.0.0.0:*
udp 0 0 host115:netbios-ns 0.0.0.0:*
udp 0 0 192.168.189.:netbios-ns 0.0.0.0:*
udp 0 0 host115:netbios-ns 0.0.0.0:*
- netstat -ax 列出所有的unix端口
[root@host115 ~]# netstat -ax
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 560563968 /var/run/salt/minion/minion_event_3bfd4f72aa_pub.ipc
unix 2 [ ACC ] STREAM LISTENING 560563970 /var/run/salt/minion/minion_event_3bfd4f72aa_pull.ipc
unix 2 [ ACC ] STREAM LISTENING 560659205 /run/samba/winbindd/pipe
unix 2 [ ACC ] STREAM LISTENING 560660498 /run/samba/ncalrpc/np/mdssvc
unix 2 [ ACC ] STREAM LISTENING 560660500 /run/samba/ncalrpc/np/initshutdown
unix 2 [ ACC ] STREAM LISTENING 560660502 /run/samba/ncalrpc/np/eventlog
unix 2 [ ACC ] STREAM LISTENING 560660504 /run/samba/ncalrpc/np/plugplay
4.2 显示监听端口
- netstat -l 显示所有的监听端口
- netstat -lt列出所有的tcp监听端口;
- netstat -lu 列出所有的udp监听端口;
- netstat -lx列出所有的unix监听端口;
4.3 显示网络统计信息
- netstat -s 显示网络统计信息
[root@host114 lock]# netstat -s
Ip:
Forwarding: 2
675538820 total packets received
9251574 with invalid addresses
0 forwarded
0 incoming packets discarded
631343932 incoming packets delivered
623209421 requests sent out
1942479 outgoing packets dropped
15838082 dropped because of missing route
2622225 reassemblies required
874075 packets reassembled ok
890825 fragments received ok
2672475 fragments created
Icmp:
20762500 ICMP messages received
1783252 input ICMP message failed
ICMP input histogram:
destination unreachable: 3204909
echo requests: 5609828
echo replies: 11947763
9427638 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 3205577
echo requests: 612233
echo replies: 5609828
IcmpMsg:
InType0: 11947763
InType3: 3204909
InType8: 5609828
OutType0: 5609828
OutType3: 3205577
OutType8: 612233
Tcp:
14985098 active connection openings
86790277 passive connection openings
402792 failed connection attempts
1066399 connection resets received
7 connections established
603788950 segments received
706208450 segments sent out
2426518 segments retransmitted
7 bad segments received
4332531 resets sent
Udp:
588820 packets received
1275552 packets to unknown port received
0 packet receive errors
1421979 packets sent
0 receive buffer errors
0 send buffer errors
IgnoredMulti: 5220914
UdpLite:
TcpExt:
2533 SYN cookies sent
2457 SYN cookies received
1 invalid SYN cookies received
56228 resets received for embryonic SYN_RECV sockets
326 packets pruned from receive queue because of socket buffer overrun
12 ICMP packets dropped because they were out-of-window
8988859 TCP sockets finished time wait in fast timer
20 packetes rejected in established connections because of timestamp
2550916 delayed acks sent
933 delayed acks further delayed because of locked socket
Quick ack mode was activated 1286158 times
101070527 packet headers predicted
162390904 acknowledgments not containing data payload received
62933524 predicted acknowledgments
TCPSackRecovery: 8
TCPDSACKUndo: 6
38 congestion windows recovered without slow start after partial ack
TCPLostRetransmit: 84996
TCPSackFailures: 1
10 fast retransmits
1 retransmits in slow start
TCPTimeouts: 42621
TCPLossProbes: 2344849
TCPLossProbeRecovery: 12
TCPDSACKOldSent: 1286158
TCPDSACKRecv: 2268319
1295091 connections reset due to unexpected data
718265 connections reset due to early user close
14450 connections aborted due to timeout
TCPDSACKIgnoredNoUndo: 1997953
TCPSpuriousRTOs: 23
TCPSackShiftFallback: 407
IPReversePathFilter: 3940425
TCPReqQFullDoCookies: 2533
TCPRcvCoalesce: 17686560
TCPOFOQueue: 257
TCPChallengeACK: 23
TCPSYNChallenge: 7
TCPSpuriousRtxHostQueues: 19324
TCPAutoCorking: 15607
TCPFromZeroWindowAdv: 424
TCPToZeroWindowAdv: 424
TCPWantZeroWindowAdv: 21521
TCPSynRetrans: 12688
TCPOrigDataSent: 384192319
TCPHystartTrainDetect: 31670
TCPHystartTrainCwnd: 829865
TCPWinProbe: 1
TCPKeepAlive: 32795
TCPDelivered: 393784543
TCPAckCompressed: 235
IpExt:
InNoRoutes: 4
InBcastPkts: 5486926
OutBcastPkts: 119960
InOctets: 389138114683
OutOctets: 397135592107
InBcastOctets: 1514018441
OutBcastOctets: 10168714
InNoECTPkts: 675609653
- netstat -st 显示所有的 tcp端口统计信息;
- netstat -su 显示所有的 udp端口统计信息;
显示路由信息
- netstat -r 显示路由信息
[root@VMC01 ~]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default _gateway 0.0.0.0 UG 0 0 0 br_comm_port
10.229.37.0 0.0.0.0 255.255.255.0 U 0 0 0 br_comm_port
ZXVEVMC01 0.0.0.0 255.255.255.255 UH 0 0 0 br_comm_port
111.192.168.0 0.0.0.0 255.255.255.0 U 0 0 0 ens8f0
111.192.180.0 0.0.0.0 255.255.255.0 U 0 0 0 ens8f1_port
常用组合示例
- netstat -anp :a-显示所有、n-只显示IP不显示域名、p-显示pid和进程号
[root@host127 ~]# netstat -anp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.189.127:6802 0.0.0.0:* LISTEN 299612/ceph-osd
tcp 0 0 192.168.190.127:6802 0.0.0.0:* LISTEN 291684/ceph-osd
tcp 0 0 192.168.190.127:6803 0.0.0.0:* LISTEN 299612/ceph-osd
tcp 0 0 192.168.189.127:6803 0.0.0.0:* LISTEN 299612/ceph-osd
tcp 0 0 192.168.189.127:6804 0.0.0.0:* LISTEN 290491/ceph-osd
tcp 0 0 192.168.190.127:6804 0.0.0.0:* LISTEN 293018/ceph-osd
tcp 0 0 192.168.190.127:6805 0.0.0.0:* LISTEN 290491/ceph-osd
五、使用实例
1、查看指定服务的连接状态
