netstat

netstat - 打印网络连接、路由表、连接的数据统计、伪装连接以及广播域成员。

列出连接

列出所有连接: netstat -a

[root@iZuf6bb1rjtnkgib0hegp2Z ~]# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:8009            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:http            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:biimenu         0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN     
tcp        0      0 localhost:mxi           0.0.0.0:*               LISTEN     
tcp        0      0 localhost:56926         localhost:mysql         ESTABLISHED
tcp        0      0 localhost:56916         localhost:mysql         TIME_WAIT  
tcp        0      0 localhost:biimenu       localhost:58942         ESTABLISHED
udp        0      0 iZuf6bb1rjtnkgib0he:ntp 0.0.0.0:*                          
udp        0      0 localhost:ntp           0.0.0.0:*                          
udp        0      0 0.0.0.0:ntp             0.0.0.0:*                          
udp6       0      0 [::]:ntp                [::]:*                             

列出所有tcp连接: netstat -at

[root@iZuf6bb1rjtnkgib0hegp2Z ~]# netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:8009            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:http            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:biimenu         0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN     
tcp        0      0 localhost:mxi           0.0.0.0:*               LISTEN     
tcp        0      0 localhost:57191         localhost:mysql         ESTABLISHED
tcp        0      0 localhost:57184         localhost:mysql         TIME_WAIT  
tcp        0    320 iZuf6bb1rjtnkgib0he:ssh 34.182.175.59.bro:56942 ESTABLISHED
tcp        1      0 iZuf6bb1rjtnkgib0:44152 101.226.212.27:https    CLOSE_WAIT 
tcp        0      0 localhost:57194         localhost:mysql         ESTABLISHED
tcp        0      0 localhost:biimenu       localhost:58942         ESTABLISHED

禁用反向域名解析/n: netstat -ant

只列出监听中的连接/l: netstat -tl

注意：不要使用 -a 选项，否则 netstat 会列出所有连接，而不仅仅是监听端口。

获取进程名，进程号，用户名/p: netstat -tlp

查看进程的拥有者/ep：netstat -tlep

查看tcp的网络信息/s：netstat -st

显示内核路由信息/r：netstat -rn

打印网络接口/i：netstat -ei

持续输出TCP协议信息/c：netstat -ct

进阶

打印active状态的连接：netstat -atnp | grep ESTA

查看服务是否在运行：sudo netstat -aple | grep ntp

常用：netstat -atlep | grep ESTA

nethogs

nethogs -h

[root@iZuf6bb1rjtnkgib0hegp2Z pic]# nethogs -h
usage: nethogs [-V] [-h] [-b] [-d seconds] [-v mode] [-c count] [-t] [-p] [-s] [device [device [device ...]]]
                -V : prints version.
                -h : prints this help.
                -b : bughunt mode - implies tracemode.
                -d : delay for update refresh rate in seconds. default is 1.
                -v : view mode (0 = KB/s, 1 = total KB, 2 = total B, 3 = total MB). default is 0.
                -c : number of updates. default is 0 (unlimited).
                -t : tracemode.
                -p : sniff in promiscious mode (not recommended).
                -s : sort output by sent column.
   -a : monitor all devices, even loopback/stopped ones.
                device : device(s) to monitor. default is all interfaces up and running excluding loopback

When nethogs is running, press:
 q: quit
 s: sort by SENT traffic
 r: sort by RECEIVE traffic
 m: switch between total (KB, B, MB) and KB/s mode

nload

nload
nload eth0

参考：
netstat 的10个基本用法