netstat是linux下用于显示网络状态的命令。通过它能统计端口情况,网络连接状态,路由表等信息。在网络开发或运维中,经常会使用netstat来查看网络状态。
参数含义
-a,--all
显示所有套接字的连接状态,默认只显示已建立连接的套接字,加上此参数后,也会显示Listen状态的套接字。
默认:
[root ~]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 iZ135ux6u63Z:42584 121.58.13.94:mysql ESTABLISHED
tcp 0 0 iZ135ux6u63Z:6379 62.48.69.16:54744 ESTABLISHED
tcp 0 0 localhost:40940 localhost:metasys ESTABLISHED
tcp 0 0 iZ235ux6u63Z:ssh 128.56.16.10:34353 ESTABLISHED
加-a后, State下会显示“LISTEN”状态的套接字
[root ~]# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:tproxy 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:https 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:40400 0.0.0.0:* LISTEN
......
tcp 0 0 iZ135ux8u13Z:42584 121.58.13.94:mysql ESTABLISHED
tcp 0 0 iZ135ux8u13Z:6379 62.48.69.16:54744 ESTABLISHED
tcp 0 0 localhost:40940 localhost:metasys ESTABLISHED
tcp 0 0 iZ135ux8u13Z:ssh 128.56.16.10:34353 ESTABLISHED
-n,--numeric
以数字形式显示ip地址。默认会显示解析过的host,prot,或用户名。
默认:
[root ~]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 iZ135ux8u13Z:42584 121.58.13.94:mysql ESTABLISHED
tcp 0 0 iZ135ux8u13Z:6379 62.48.69.16:54744 ESTABLISHED
tcp 0 0 localhost:40940 localhost:metasys ESTABLISHED
tcp 0 0 iZ135ux8u13Z:ssh 128.56.16.10:34353 ESTABLISHED
加-n后,mysql,ssh,localhost等都以ip或者端口形式显示
[root ~]# netstat -n
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 123.40.125.228:42584 121.58.13.94:3306 ESTABLISHED
tcp 0 0 123.40.125.228:6379 62.48.69.16:54744 ESTABLISHED
tcp 0 0 127.0.0.1:40940 127.0.0.1:11001 ESTABLISHED
tcp 0 0 123.40.125.228:ssh 128.56.16.10:34353 ESTABLISHED
-l,--listening
只显示LISTEN状态的套接字
[root ~]# netstat -l
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:tproxy 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:https 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:40400 0.0.0.0:* LISTEN
-t,--tcp 和 -u,--udp
只显示tcp(udp)连接。
-p,--program
显示进程PID和进程名称
[root ~]# netstat -p
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 iZ135ux8u13Z:42584 121.58.13.94:mysql ESTABLISHED 4815/java
tcp 0 0 iZ135ux8u13Z:6379 62.48.69.16:54744 ESTABLISHED 840/redis-server *:
tcp 0 0 localhost:40940 localhost:metasys ESTABLISHED 5109/java
tcp 0 0 iZ135ux8u13Z:6379 128.56.16.10:65097 ESTABLISHED 840/redis-server *:
-i,--interfaces
显示网络接口
[root ~]# netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
docker0 1500 2560782 0 0 0 4151415 0 0 0 BMU
eth0 1500 23379381 0 0 0 34455532 0 0 0 BMRU
eth1 1500 217716581 0 0 0 202343360 0 0 0 BMRU
lo 65536 240937752 0 0 0 240937752 0 0 0 LRU
-r,--route
显示路由表
[root ~]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default gateway 0.0.0.0 UG 0 0 0 eth1
10.0.0.0 10.165.21.247 255.0.0.0 UG 0 0 0 eth0
10.168.64.0 0.0.0.0 255.255.248.0 U 0 0 0 eth0
100.64.0.0 10.165.21.247 255.192.0.0 UG 0 0 0 eth0
121.40.180.0 0.0.0.0 255.255.252.0 U 0 0 0 eth1
link-local 0.0.0.0 255.255.0.0 U 0 0 0 eth0
link-local 0.0.0.0 255.255.0.0 U 0 0 0 eth1
172.16.0.0 10.165.21.247 255.240.0.0 UG 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.240.0 U 0 0 0 docker0
-e,--extend
显示额外信息
-ie能显示网络接口的详细信息,和ifconfig命令的显示内容一致
-pe会显示进程名和用户名
[root ~]# netstat -pe
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 iZ135ux8u13Z:42584 121.58.13.94:mysql ESTABLISHED root 70731166 4815/java
tcp 0 0 iZ135ux8u13Z:6379 62.48.69.16:54744 ESTABLISHED redis 35176559 840/redis-server *:
tcp 0 0 localhost:40940 localhost:metasys ESTABLISHED root 74749821 5109/java
tcp 0 0 iZ135ux8u13Z:6379 128.56.16.10:65097 ESTABLISHED redis 25990225 840/redis-server *:
-ne,User一列会显示id而非用户名
-s,--statistics
显示每个协议的统计信息
[root ~]# netstat -s
Ip:
484627137 total packets received
6705287 forwarded
501 with unknown protocol
0 incoming packets discarded
477921341 incoming packets delivered
481921712 requests sent out
72 dropped because of missing route
Icmp:
25322 ICMP messages received
7175 input ICMP message failed.
InCsumErrors: 9
ICMP input histogram:
destination unreachable: 9616
timeout in transit: 427
redirects: 94
echo requests: 15165
echo replies: 10
timestamp request: 1
190825 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 175649
echo request: 10
echo replies: 15165
timestamp replies: 1
.......
用法示例
打印所有监听端口及对应的进程id和名称
[root ~]# netstat -nlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN 840/redis-server *:
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 5109/java
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 989/nginx: master p
tcp 0 0 0.0.0.0:14001 0.0.0.0:* LISTEN 26902/java
tcp 0 0 0.0.0.0:8081 0.0.0.0:* LISTEN 28705/java
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 836/sshd
查看tcp端口
[root ~]# netstat -tnp
tcp 0 4080 182.92.221.114:22 123.122.21.121:17350 ESTABLISHED 18909/sshd
tcp 0 0 10.172.248.114:6379 10.171.86.96:56562 ESTABLISHED 18441/redis-server
tcp 0 0 10.172.248.114:6379 10.171.86.96:56496 ESTABLISHED 18441/redis-server
tcp 0 0 10.172.248.114:27017 10.171.86.96:46927 ESTABLISHED 21380/mongod
查看端口是否正常监听
查看是否处于监听状态
[root ~]# netstat -nlp | grep ":80 "
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 989/nginx: master p
另外可以使用telnet
测试远程服务器的端口是否打开:
telnet reomte-ip 80
如果本地正常监听,但telent不通,原因可能是防火墙没有屏蔽的端口,需检查防火墙设置。
各个监听状态的含义
转自:http://www.cnblogs.com/peida/archive/2013/03/08/2949194.html
LISTEN:侦听来自远方的TCP端口的连接请求
SYN-SENT:再发送连接请求后等待匹配的连接请求(如果有大量这样的状态包,检查是否中招了)
SYN-RECEIVED:再收到和发送一个连接请求后等待对方对连接请求的确认(如有大量此状态,估计被flood攻击了)
ESTABLISHED:代表一个打开的连接
FIN-WAIT-1:等待远程TCP连接中断请求,或先前的连接中断请求的确认
FIN-WAIT-2:从远程TCP等待连接中断请求
CLOSE-WAIT:等待从本地用户发来的连接中断请求
CLOSING:等待远程TCP对连接中断的确认
LAST-ACK:等待原来的发向远程TCP的连接中断请求的确认(不是什么好东西,此项出现,检查是否被攻击)
TIME-WAIT:等待足够的时间以确保远程TCP接收到连接中断请求的确认
CLOSED:没有任何连接状态
参考: linux man:man netstat