前言:
netstat是我们常用的一款用于统计网络套接字连接情况的工具。
TCP、UDP、监听状态的套接字等都可以监听到。
在排查网络相关问题时,会经常用到这款工具,下面我们就一起来看下那些比较实用的使用方式。
1.netstat实用参数最全的话肯定还是通过man netstat命令输出
root@93de58bae514:/proc/net# man netstat
NETSTAT(8) Linux System Administrator's Manual NETSTAT(8)
NAME
netstat - Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships
SYNOPSIS
netstat [address_family_options] [--tcp|-t] [--udp|-u] [--udplite|-U] [--sctp|-S] [--raw|-w] [--l2cap|-2] [--rfcomm|-f] [--listening|-l] [--all|-a]
[--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--symbolic|-N] [--extend|-e[--extend|-e]] [--timers|-o] [--program|-p] [--ver-
bose|-v] [--continuous|-c] [--wide|-W]
netstat {--route|-r} [address_family_options] [--extend|-e[--extend|-e]] [--verbose|-v] [--numeric|-n] [--numeric-hosts] [--numeric-ports]
[--numeric-users] [--continuous|-c]
netstat {--interfaces|-i} [--all|-a] [--extend|-e[--extend|-e]] [--verbose|-v] [--program|-p] [--numeric|-n] [--numeric-hosts] [--numeric-ports]
[--numeric-users] [--continuous|-c]
netstat {--groups|-g} [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--continuous|-c]
netstat {--masquerade|-M} [--extend|-e] [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--continuous|-c]
netstat {--statistics|-s} [--tcp|-t] [--udp|-u] [--udplite|-U] [--sctp|-S] [--raw|-w]
netstat {--version|-V}
netstat {--help|-h}
正常情况下,我们根本不需要用到这么多参数(肯定也记不住这么多参数)
所以,我们只需要记录一下这些实用的即可
-a展示所有的连接和监听端口-t显示TCP协议的连接情况-u显示UDP协议的连接情况-p显示建立连接的程序名和PID-o显示与每个连接相关的所属进程-n实用ip地址来代替主机名,-n想想禁用域名解析功能-l只列出处于监听状态的套接字-s展示网络统计数据,对应某个协议下的收发包数量-r展示内核路由信息-i展示网络接口信息 2.展示全部连接(-a)root@91230cc467cc:/usr/local/tomcat# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:8005 *:* LISTEN 我们来解释下输出项
Proto具体协议类型,多是tcp/utpRecv-Q在Established和Listening状态下有所不同,见下面表格Send-Q在Established和Listening状态下有所不同,见下面表格Local Address本地地址Foreign Address远程连接地址State当前套接字连接状态 套接字状态Recv-QSend-QEstablished接收队列长度(套接字缓冲还没有被应用程序取走的字节数)发送队列长度(还没有被远端主机确认的字节数)Listeningsyn backlog(半连接队列长度)当前值syn backlog(半连接队列长度)最大值 3.只展示TCP或UDP协议连接(-t -u)# 只展示tcp协议的连接
root@91230cc467cc:/usr/local/tomcat# netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:8005 *:* LISTEN
tcp 0 0 *:8009 *:* LISTEN
tcp 0 0 *:http-alt *:* LISTEN
# 只展示UTP协议的连接
root@91230cc467cc:/usr/local/tomcat# netstat -au
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State root@91230cc467cc:/usr/local/tomcat# netstat -anp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN 1/qemu-x86_64
tcp 0 0 0.0.0.0:8009 0.0.0.0:* LISTEN 1/qemu-x86_64
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1/qemu-x86_64 注意:使用-p选项时,netstat命令需要运行在root权限下,否则它不能获取运行在root用户下的进程名
5.查询进程拥有者信息(-e)root@91230cc467cc:/usr/local/tomcat# netstat -aep
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 localhost:8005 *:* LISTEN root 2166839 1/qemu-x86_64
tcp 0 0 *:8009 *:* LISTEN root 2166834 1/qemu-x86_64
tcp 0 0 *:http-alt *:* LISTEN root 2166830 1/qemu-x86_64 这里展示的User即当前进程所属用户
6.展示统计数据(-s)这里打印的是网络统计数据,具体就是每个协议下的收发包数量
root@91230cc467cc:/usr/local/tomcat# netstat -s
Ip:
7852 total packets received
0 forwarded
0 incoming packets discarded
7852 incoming packets delivered
4520 requests sent out
Icmp:
0 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
0 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
Tcp:
9 active connections openings
0 passive connection openings
0 failed connection attempts
0 connection resets received
0 connections established
7843 segments received
4504 segments send out
7 segments retransmited
0 bad segments received.
0 resets sent
Udp:
9 packets received
0 packets to unknown port received.
0 packet receive errors
9 packets sent
UdpLite:
...root@91230cc467cc:/usr/local/tomcat# netstat -ie
Kernel Interface table
eth0 Link encap:Ethernet HWaddr 02:42:ac:11:00:04
inet addr:172.17.0.4 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7887 errors:0 dropped:0 overruns:0 frame:0
TX packets:4531 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:10944863 (10.4 MiB) TX bytes:248425 (242.6 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)与ifconfig展示的结果基本一致
8.大杀器 grep上述都是展示各个不同类别的套接字监听状态,实际工作中,我们应该更关心某个端口号的连接信息,那就需要使用grep来完成了
# 只展示处于LISTEN监听状态的套接字
root@91230cc467cc:/usr/local/tomcat# netstat -anp | grep LIS
tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN 1/qemu-x86_64
tcp 0 0 0.0.0.0:8009 0.0.0.0:* LISTEN 1/qemu-x86_64
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1/qemu-x86_64
# 只展示8080端口的套接字信息
root@91230cc467cc:/usr/local/tomcat# netstat -anp | grep 8080
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1/qemu-x86_64
使用grep我们任意组装我们的展示结果
总结:综上所述,我们可以只记住一个命令即可
netstat -anp
如果还想查询,使用netstat -anp | grep xxx
