一、netstat命令的功能
netstat命令用於顯示本次網絡連接的統計數據,一般用於查看網絡連接的相關情況。
如果用戶計算機偶爾接收到的數據報出錯,應該算是正常的,TCP/IP會要求重發這些數據報。但如果出錯的比例比較大,說明網絡可能存在某些問題,應該查找原因,設法解決。
另外,用netstat命令還可以追蹤到通訊對方的IP地址,這在受到惡意訪問時,可以搞清對方的來源。
二、netstat命令的使用
使用netstat命令時,先打開“開始→程序→附件→命令提示符”,然後就可輸入命令了。
① netstat:不帶任何參數,則顯示本機目前活動網絡連接和監聽端口。該信息隨着本機正在訪問着的網絡不同而不同。圖1是用瀏覽器打開某網頁時用netstat查看的結果。
C:\>netstat
Active Connections
Proto Local Address Foreign Address State TCP Legend-xyz:1201 61.135.125.77:http ESTABLISHED TCP Legend-xyz:1202 61.135.125.77:http ESTABLISHED TCP Legend-xyz:1203 61.135.125.77:http ESTABLISHED TCP Legend-xyz:1204 61.135.125.77:http ESTABLISHED |
每個連接信息包括四項:Proto:協議類型;Loacl Address:本地地址;Foreign Address:外部地址;State:狀態。
Loacl Address 的內容爲“計算機名:端口名(號)”;Foreign Address 爲連接目標的IP地址或域名;State 有ESTABLISHED(已建立的連接)、LISTENING(監聽連接請求)、以及TCP協議在建立連接、釋放連接過程中的狀態(TIME_WAIT、CLOSE_WAIT、SYN_SENT、LAST_ACK)。
LISTEN:偵聽來自遠方的TCP端口的連接請求
SYN-SENT:再發送連接請求後等待匹配的連接請求
SYN-RECEIVED:再收到和發送一個連接請求後等待對方對連接請求的確認
ESTABLISHED:代表一個打開的連接
FIN-WAIT-1:等待遠程TCP連接中斷請求,或先前的連接中斷請求的確認
FIN-WAIT-2:從遠程TCP等待連接中斷請求
CLOSE-WAIT:等待從本地用戶發來的連接中斷請求
CLOSING:等待遠程TCP對連接中斷的確認
LAST-ACK:等待原來的發向遠程TCP的連接中斷請求的確認
TIME-WAIT:等待足夠的時間以確保遠程TCP接收到連接中斷請求的確認
CLOSED:沒有任何連接狀態
其實可以man netstat , 看其中的stat部分解釋
State
The state of the socket. Since there are no states in raw mode and usually no states used in UDP, this column may be left
blank. Normally this can be one of several values:
ESTABLISHED
The socket has an established connection.
SYN_SENT
The socket is actively attempting to establish a connection.
SYN_RECV
A connection request has been received from the network.
FIN_WAIT1
The socket is closed, and the connection is shutting down.
FIN_WAIT2
Connection is closed, and the socket is waiting for a shutdown from the remote end.
TIME_WAIT
The socket is waiting after close to handle packets still in the network.
CLOSED The socket is not being used.
CLOSE_WAIT
The remote end has shut down, waiting for the socket to close.
LAST_ACK
The remote end has shut down, and the socket is closed. Waiting for acknowledgement.
LISTEN The socket is listening for incoming connections. Such sockets are not included in the output unless you specify
the –listening (-l) or –all (-a) option.
CLOSING
Both sockets are shut down but we still don’t have all our data sent.
UNKNOWN
The state of the socket is unknown.
② netstat -n:顯示本機目前活動網絡連接和監聽端口。與①相同,但本地地址和外部地址均顯示爲“IP地址:端口號”。
③ netstat -a:顯示本機已建立的所有有效連接和監聽端口,形式與①相同。
④ netstat -e:顯示本次連接過程的統計數據。包括髮送和接收的總字節數、錯誤數、丟棄數、廣播數等。用於查看本次連接過程最基本的流量信息。如圖2所示。
C:\>netstat -e
Interface Statistics
|
Received 爲接收數,Sent 爲發送數。
Bytes:總字節數,Unicast packets:數據報數,Non-unicast packets:廣播數,Discards:丟棄數,Errors:錯誤數,Unknown protocols:未知協議類型。
⑤ netstat -s:按照各個協議(IP、ICMP、TCP、UDP)分別顯示本次連接過程的統計數據。這有利於確定問題發生的位置。
C:\>netstat -s
IP Statistics
Packets Received = 585766
Received Header Errors = 0 Received Address Errors= 1 Datagrams Forwarded= 0 Unknown Protocols Received = 0 Received Packets Discarded = 0 Received Packets Delivered = 585759 Output Requests= 513932 Routing Discards = 0 Discarded Output Packets = 0 Output Packet No Route = 0 Reassembly Required= 8 Reassembly Successful= 0 Reassembly Failures= 8 Datagrams Successfully Fragmented= 20 Datagrams Failing Fragmentation= 0 Fragments Created= 40 ICMP Statistics
ReceivedSent
Messages 562 20 Errors 5 0 Destination Unreachable531 4 Time Exceeded228 Parameter Problems 0 0 Source Quenches0 0 Redirects0 0 Echoes 0 8 Echo Replies 4 0 Timestamps 0 0 Timestamp Replies0 0 Address Masks0 0 Address Mask Replies 0 0 TCP Statistics
Active Opens = 597
Passive Opens= 135 Failed Connection Attempts = 107 Reset Connections= 91 Current Connections= 8 Segments Received= 106770 Segments Sent= 118431 Segments Retransmitted = 461 UDP Statistics
Datagrams Received = 19912 No Ports = 28 Receive Errors = 1 Datagrams Sent = 28091 |
⑥ netstat -r:顯示路由表的信息。類似於使用route print命令時看到的信息。除了顯示有效路由外,還顯示當前有效的連接。
netstat命令的其它參數可以用“netstat -?”查看。
netstat命令十分有用,用該命令可以檢測本機是否有不應該有的網絡連接。若有,則可能是感染了計算機病毒或被植入了後門等。也可用此命令查看本機開放的端口,從而及時關閉那些容易感染病毒的端口。