文章目錄
netstat
netstat - Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships
打印網絡連接、路由表、接口統計信息、僞裝連接和多播成員關係
列出所有處於監聽狀態的 Sockets -l
-l, --listening
Show only listening sockets. (These are omitted by default.)
只顯示監聽套接字。(默認情況下省略這些。)
netstat -l #只顯示監聽端口
netstat -lt #只列出所有監聽 tcp 端口
netstat -lu #只列出所有監聽 udp 端口
netstat -lx #只列出所有監聽 UNIX 端口
輸出解釋
OUTPUT
Active Internet connections (TCP, UDP, raw)
主動互聯網連接(TCP, UDP, raw)
Proto
The protocol (tcp, udp, raw) used by the socket.
套接字使用的協議(tcp、udp、raw)。
Recv-Q
The count of bytes not copied by the user program connected to this socket.
連接到此套接字的用戶程序未複製的字節數。
Send-Q
The count of bytes not acknowledged by the remote host.
遠程主機不承認的字節數。
Local Address
Address and port number of the local end of the socket. Unless the --numeric (-n) option is specified, the socket address is resolved to its canonical host name (FQDN), and the port number is translated into the corresponding
service name.
套接字的本地端地址和端口號。除非指定——numeric (-n)選項,否則套接字地址將解析爲它的規範主機名(FQDN),端口號將被轉換爲相應的服務名。
Foreign Address
Address and port number of the remote end of the socket. Analogous to "Local Address."
套接字的遠程端地址和端口號。類似於“本地地址”。
State
The state of the socket. Since there are no states in raw mode and usually no states used in UDP, this column may be left blank. Normally this can be one of several values:
套接字的狀態。由於在raw模式中沒有狀態,而且UDP中通常也沒有使用狀態,所以這一列可能是空的。通常這可以是幾個值之一:
ESTABLISHED
The socket has an established connection.
套接字具有已建立的連接。
SYN_SENT
The socket is actively attempting to establish a connection.
套接字正在積極嘗試建立連接。
SYN_RECV
A connection request has been received from the network.
已從網絡接收到連接請求。
FIN_WAIT1
The socket is closed, and the connection is shutting down.
插座關閉,連接正在關閉。
FIN_WAIT2
Connection is closed, and the socket is waiting for a shutdown from the remote end.
連接已關閉,套接字正在等待遠程端關閉。
TIME_WAIT
The socket is waiting after close to handle packets still in the network.
套接字在關閉後等待處理仍然在網絡中的數據包。
CLOSE The socket is not being used.
沒有使用套接字。
CLOSE_WAIT
The remote end has shut down, waiting for the socket to close.
遠程端已關閉,等待套接字關閉。
LAST_ACK
The remote end has shut down, and the socket is closed. Waiting for acknowledgement.
遠程端已關閉,插座已關閉。等待確認。
LISTEN The socket is listening for incoming connections. Such sockets are not included in the output unless you specify the --listening (-l) or --all (-a) option.
套接字正在監聽傳入的連接。除非指定——listening (-l)或——all (-a)選項,否則此類套接字不會包含在輸出中。
CLOSING
Both sockets are shut down but we still don't have all our data sent.
兩個套接字都關閉了,但是我們仍然沒有發送所有的數據。
UNKNOWN
The state of the socket is unknown.
套接字的狀態未知。
User
The username or the user id (UID) of the owner of the socket.
套接字所有者的用戶名或用戶id (UID)。
PID/Program name
Slash-separated pair of the process id (PID) and process name of the process that owns the socket.
進程id (PID)和擁有套接字的進程的進程名的斜槓分隔對。
--program causes this column to be included.
You will also need superuser privileges to see this information on sockets you don't own.
This identification information is not yet available for IPX sockets.
Timer
(this needs to be written)
Active UNIX domain Sockets
Proto
The protocol (usually unix) used by the socket.
套接字使用的協議(通常是unix)。
RefCnt
The reference count (i.e. attached processes via this socket).
引用計數(即通過此套接字附加的進程)。
Flags
The flags displayed is SO_ACCEPTON (displayed as ACC), SO_WAITDATA (W) or SO_NOSPACE (N). SO_ACCECPTON is used on unconnected sockets if their corresponding processes are waiting for a connect request. The other flags are not
of normal interest.
顯示的標誌是SO_ACCEPTON(顯示爲ACC)、SO_WAITDATA (W)或SO_NOSPACE (N)。其他標誌不具有正常的意義。
Type
There are several types of socket access:
有幾種類型的插座訪問:
SOCK_DGRAM
The socket is used in Datagram (connectionless) mode.
套接字用於數據報(無連接)模式。
SOCK_STREAM
This is a stream (connection) socket.
這是一個流(連接)套接字。
SOCK_RAW
The socket is used as a raw socket.
套接字用作原始套接字。
SOCK_RDM
This one serves reliably-delivered messages.
這個服務可靠地傳遞消息。
SOCK_SEQPACKET
This is a sequential packet socket.
這是一個順序的數據包套接字。
SOCK_PACKET
Raw interface access socket.
原始接口訪問套接字。
UNKNOWN
Who ever knows what the future will bring us - just fill in here :-)
誰知道未來會給我們帶來什麼呢?
State
This field will contain one of the following Keywords:
該字段將包含以下關鍵字之一:
FREE The socket is not allocated
LISTENING
The socket is listening for a connection request. Such sockets are only included in the output if you specify the --listening (-l) or --all (-a) option.
CONNECTING
The socket is about to establish a connection.
CONNECTED
The socket is connected.
DISCONNECTING
The socket is disconnecting.
(empty)
The socket is not connected to another one.
UNKNOWN
This state should never happen.
PID/Program name
Process ID (PID) and process name of the process that has the socket open. More info available in Active Internet connections section written above.
進程ID (PID)和打開套接字的進程的進程名。更多信息可在上面寫的活動互聯網連接部分。
Path
This is the path name as which the corresponding processes attached to the socket.
這是對應進程附加到套接字的路徑名。
Active IPX sockets
(this needs to be done by somebody who knows it)
Active NET/ROM sockets
(this needs to be done by somebody who knows it)
Active AX.25 sockets
(this needs to be done by somebody who knows it)
FILES
/etc/services -- The services translation file
/proc -- Mount point for the proc filesystem, which gives access to kernel status information via the following files.
/proc/net/dev -- device information
/proc/net/raw -- raw socket information
/proc/net/tcp -- TCP socket information
/proc/net/udp -- UDP socket information
/proc/net/igmp -- IGMP multicast information
/proc/net/unix -- Unix domain socket information
/proc/net/ipx -- IPX socket information
/proc/net/ax25 -- AX25 socket information
/proc/net/appletalk -- DDP (appletalk) socket information
/proc/net/nr -- NET/ROM socket information
/proc/net/route -- IP routing information
/proc/net/ax25_route -- AX25 routing information
/proc/net/ipx_route -- IPX routing information
/proc/net/nr_nodes -- NET/ROM nodelist
/proc/net/nr_neigh -- NET/ROM neighbours
/proc/net/ip_masquerade -- masqueraded connections
/proc/net/snmp -- statistics
2008-11-16
從整體上看,netstat的輸出結果可以分爲兩個部分:
一個是Active Internet connections,稱爲有源TCP連接,其中"Recv-Q"和"Send-Q"指的是接收隊列和發送隊列,這些數字一般都應該是0。如果不是則表示軟件包正在隊列中堆積,這種情況非常少見。
另一個是Active UNIX domain sockets,稱爲有源Unix域套接口(和網絡套接字一樣,但是隻能用於本機通信,性能可以提高一倍)。
列出所有端口 (包括監聽和未監聽的) -a
-a, --all
Show both listening and non-listening sockets. With the --interfaces option, show interfaces that are not up
同時顯示監聽和非監聽套接字。使用——interfaces選項,顯示未打開的接口
netstat -a #列出所有端口
netstat -at #列出所有tcp端口
netstat -au #列出所有udp端口
顯示每個協議的統計信息 -s
netstat -s 顯示所有端口的統計信息
netstat -st 顯示TCP端口的統計信息
netstat -su 顯示UDP端口的統計信息
在netstat輸出中顯示 PID 和進程名稱 -p
-p, --program
Show the PID and name of the program to which each socket belongs.
顯示每個套接字所屬程序的PID和名稱。
netstat -pt
netstat -p可以與其它開關一起使用,就可以添加“PID/進程名稱”到netstat輸出中,這樣debugging的時候可以很方便的發現特定端口運行的程序。
在netstat輸出中不顯示主機,端口和用戶名(host, port or user) -n
--numeric , -n
Show numerical addresses instead of trying to determine symbolic host, port or user names.
顯示數字地址,而不是試圖確定符號主機、端口或用戶名。
當你不想讓主機,端口和用戶名顯示,使用netstat -n。將會使用數字代替那些名稱。同樣可以加速輸出,因爲不用進行比對查詢。
netstat -an
如果只是不想讓這三個名稱中的一個被顯示,使用以下命令:
netsat -a --numeric-ports
netsat -a --numeric-hosts
netsat -a --numeric-users
持續輸出netstat信息 -c
netstat -c #每隔一秒輸出網絡信息
-c, --continuous
This will cause netstat to print the selected information every second continuously.
這將導致netstat每秒鐘連續打印所選信息。
顯示系統不支持的地址族(Address Families) —verbose
netstat --verbose
在輸出的末尾,會有如下的信息:
netstat: no support for `AF IPX' on this system.
netstat: no support for `AF AX25' on this system.
netstat: no support for `AF X25' on this system.
netstat: no support for `AF NETROM' on this system.
顯示核心路由信息 -r
netstat -r
使用netstat -rn顯示數字格式,不查詢主機名稱。
找出程序運行的端口
並不是所有的進程都能找到,沒有權限的會不顯示,使用 root 權限查看所有的信息。
netstat -ap | grep ssh
找出運行在指定端口的進程:
netstat -an | grep ':80'
顯示網絡接口列表 -i
netstat -i
顯示詳細信息,像是ifconfig
netstat -ie。
man netstat
NETSTAT(8)
NAME
netstat - Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships
打印網絡連接、路由表、接口統計信息、僞裝連接和多播成員關係
SYNOPSIS
netstat [address_family_options] [--tcp|-t] [--udp|-u] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--symbolic|-N] [--extend|-e[--extend|-e]] [--timers|-o] [--pro?
gram|-p] [--verbose|-v] [--continuous|-c]
netstat {--route|-r} [address_family_options] [--extend|-e[--extend|-e]] [--verbose|-v] [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--continuous|-c]
netstat {--interfaces|-i} [--all|-a] [--extend|-e[--extend|-e]] [--verbose|-v] [--program|-p] [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--continuous|-c]
netstat {--groups|-g} [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--continuous|-c]
netstat {--masquerade|-M} [--extend|-e] [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--continuous|-c]
netstat {--statistics統計數據|-s} [--tcp|-t] [--udp|-u] [--raw|-w]
netstat {--version|-V}
netstat {--help|-h}
address_family_options:
[-4] [-6] [--protocol={inet,unix,ipx,ax25,netrom,ddp}[,...]] [--unix|-x] [--inet|--ip] [--ax25] [--ipx] [--netrom] [--ddp]
DESCRIPTION
Netstat prints information about the Linux networking subsystem. The type of information printed is controlled by the first argument, as follows:
Netstat打印關於Linux網絡子系統的信息。打印的信息類型由第一個參數控制,如下:
(none)
By default, netstat displays a list of open sockets. If you don't specify any address families, then the active sockets of all configured address families will be printed.
默認情況下,netstat顯示一個打開的套接字列表。如果不指定任何地址族,則將打印所有已配置的地址族的活動套接字。
--route , -r
Display the kernel routing tables. See the description in route(8) for details. netstat -r and route -e produce the same output.
顯示內核路由表。詳見route(8)中的描述。netstat -r和route -e產生相同的輸出。
--groups , -g
Display multicast group membership information for IPv4 and IPv6.
顯示IPv4和IPv6的多播組成員信息。
--interfaces, -i
Display a table of all network interfaces.
顯示所有網絡接口的表。
--masquerade , -M
Display a list of masqueraded connections.
--statistics , -s
Display summary statistics for each protocol.
顯示僞裝連接的列表。
OPTIONS
--verbose , -v
Tell the user what is going on by being verbose. Especially print some useful information about unconfigured address families.
冗長地告訴用戶發生了什麼。特別是打印一些關於未配置地址族的有用信息。
--wide , -W
Do not truncate IP addresses by using output as wide as needed. This is optional for now to not break existing scripts.
不要根據需要使用輸出寬度截斷IP地址。目前,這是可選的,以避免破壞現有腳本。
--numeric , -n
Show numerical addresses instead of trying to determine symbolic host, port or user names.
顯示數字地址,而不是試圖確定符號主機、端口或用戶名。
--numeric-hosts
shows numerical host addresses but does not affect the resolution of port or user names.
顯示數字主機地址,但不影響端口或用戶名的分辨率。
--numeric-ports
shows numerical port numbers but does not affect the resolution of host or user names.
顯示數字端口號,但不影響主機名或用戶名的分辨率。
--numeric-users
shows numerical user IDs but does not affect the resolution of host or port names.
顯示數值用戶id,但不影響主機或端口名稱的分辨率。
--protocol=family , -A
Specifies the address families (perhaps better described as low level protocols) for which connections are to be shown. family is a comma (',') separated list of address family keywords like inet, unix, ipx, ax25, netrom, and
ddp. This has the same effect as using the --inet, --unix (-x), --ipx, --ax25, --netrom, and --ddp options.
The address family inet includes raw, udp and tcp protocol sockets.
-c, --continuous
This will cause netstat to print the selected information every second continuously.
這將導致netstat每秒鐘連續打印所選信息。
-e, --extend
Display additional information. Use this option twice for maximum detail.
顯示額外的信息。使用此選項兩次以獲得最大的詳細信息。
-o, --timers
Include information related to networking timers.
包括與網絡計時器相關的信息。
-p, --program
Show the PID and name of the program to which each socket belongs.
顯示每個套接字所屬程序的PID和名稱。
-l, --listening
Show only listening sockets. (These are omitted by default.)
只顯示監聽套接字。(默認情況下省略這些。)
-a, --all
Show both listening and non-listening sockets. With the --interfaces option, show interfaces that are not up
同時顯示監聽和非監聽套接字。使用——interfaces選項,顯示未打開的接口
-F
Print routing information from the FIB. (This is the default.)
從FIB打印路由信息。(這是默認值。)
-C
Print routing information from the route cache.
從路由緩存中打印路由信息。