1. 写在前面
本文主要介绍 Linux netstat(network and statistics) 命令: 用于分析网络统计数据的命令行工具。可以显示各种统计数据,如主机系统上的开放端口和相应地址、路由表和伪装连接。
2. 如何在 Linux 中使用 netstat 命令?
2.1 前提条件
-
终端命令行工具;
-
已安装
net-tools软件包:包含netstat的软件包称为net-tools。在当前Linux系统中,netstat工具已预装,无需安装。但在旧系统上,运行netstat命令时很可能会出错。bash: netstat: command not found因此,要在 Linux 发行版上安装
netstat,请运行以下命令:$ sudo apt install net-tools [On Debian, Ubuntu and Mint]
$ sudo yum install net-tools [On RHEL/CentOS/Fedora and Rocky/AlmaLinux]
$ sudo emerge -a sys-apps/net-tools [On Gentoo Linux]
$ sudo apk add net-tools [On Alpine Linux]
$ sudo pacman -S net-tools [On Arch Linux]
$ sudo zypper install net-tools [On OpenSUSE]
2.2 基本用法
netstat 常用方式不带参数输出:
root@dev:~# netstat
-------------------------------------------------------------------------
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 postgres:58288 postgres:amqp ESTABLISHED
tcp 0 0 postgres:45566 postgres:6379 ESTABLISHED
tcp 0 0 postgres:58312 postgres:amqp ESTABLISHED
tcp 0 0 postgres:36178 postgres:postgresql TIME_WAIT
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 23733 /var/lib/haproxy/dev/log
unix 2 [ ] DGRAM 1594464 /run/user/1000/systemd/notify
unix 2 [ ] DGRAM 40530 /run/user/0/systemd/notify
如上所示:netstat 输出包含上下2部分:
-
Active Internet connections (w/o servers):显示主机上已建立的网络连接,详情如下(列表字段含义):
Proto – 连接协议(TCP、UDP);
Recv-Q – 已接收/准备接收 bytes 的接收队列;
Send-Q – 待发送 bytes 的发送队列;
Local address – 本地连接的详细地址和端口。如果端口尚未建立,主机中的星号 (*) 表示服务器正在监听;
Foreign address– 连接远端的详细地址和端口。如果端口尚未建立,则会出现星号 (*);
State – 本地 socket 的状态,通常为 ESTABLISHED、LISTENING、CLOSED 或空白;
-
Active UNIX domain sockets (w/o servers):显示所有活动的 “Unix Domain” 开放套接字,详情如下(列表字段含义):Proto – 套接字使用的协议(始终为 unix);
RefCnt – 连接到此套接字的进程数的引用计数;
Flags – 通常是 ACC 或空白;
Type – socket 类型;
State – socket状态,通常为CONNECTED、LISTENING或空白;
I-Node – 与此套接字关联的文件系统 inode(索引节点);
Path – socket 系统路径;另外,除了这里介绍的主要用法外,还可以通过
netstat选项过滤网络信息。语法如下:netstat [options]
或
netstat [option 1] [option 2] [option 3]
常用参数:
| 参数 | 描述 |
|---|---|
| –route, -r | 显示内核路由表。netstat -r 和 route -e 的输出结果相同 |
| –groups, -g | 显示 IPv4 和 IPv6 的多播组成员信息 |
| –interfaces, -i | 显示所有网络接口表 |
| –masquerade, -M | 显示伪装连接列表 |
| –statistics, -s | 显示每个协议的汇总统计数据 |
| –verbose, -v | 显示指令执行过程 |
| –wide, -W | 不截断 IP 地址,根据需要使用尽可能宽的输出 |
| –numeric, -n | 直接使用IP地址,而不通过域名、端口或用户名 |
| –numeric-hosts | 显示IP地址,但不影响端口或用户名的解析 |
| –numeric-ports | 显示端口,但不影响主机名或用户名的解析 |
| –numeric-users | 显示用户ID,但不影响主机或端口名称的解析 |
| –protocol=family, -A | 指定要显示连接的地址族 |
| -c, –continuous | 持续列出网络状态 |
| -e, –extend | 显示网络其他相关信息 |
| -o, –timers | 显示计时器 |
| -p, –program | 显示正在使用Socket的程序识别码和程序名称 |
| -l, –listening | 显示监控中的服务器的Socket |
| -a, –all | 显示所有连线中的Socket |
| -F | 打印 FIB 中的路由信息(默认设置) |
| -C | 显示路由器缓存的路由信息 |
2.3 实用示例
2.3.1 列出所有端口和连接
列出所有端口和连接,输出结果会列出已建立的连接,以及正在打开或监听的服务。
root@dev:~# netstat -a
-------------------------------------------------------------------------
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN
tcp 0 0 localhost:34613 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9006 0.0.0.0:* LISTEN
tcp 0 0 localhost:63342 0.0.0.0:* LISTEN
tcp 0 0 postgres:58288 postgres:amqp ESTABLISHED
tcp6 0 0 [::]:http [::]:* LISTEN
tcp6 0 0 ip6-localhost:34613 [::]:* LISTEN
udp 0 0 localhost:domain 0.0.0.0:*
udp 0 0 postgres:bootpc 0.0.0.0:*
raw6 0 0 [::]:ipv6-icmp [::]:* 7
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 23733 /var/lib/haproxy/dev/log
unix 2 [ ACC ] SEQPACKET LISTENING 14836 /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 969305 /run/containerd/s/4ac99f57a43
2.3.2 列出所有 TCP 端口
root@dev:~# netstat -at
-------------------------------------------------------------------------
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN
tcp 0 0 localhost:34613 0.0.0.0:* LISTEN
tcp 0 0 localhost:domain 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:postgresql 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:https 0.0.0.0:* LISTEN
2.3.3 列出所有 UDP 端口
root@dev:~# netstat -au
-------------------------------------------------------------------------
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 localhost:domain 0.0.0.0:*
udp 0 0 postgres:bootpc 0.0.0.0:*
2.3.4 仅列出监听端口
root@dev:~# netstat -l
-------------------------------------------------------------------------
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN
tcp 0 0 localhost:34613 0.0.0.0:* LISTEN
tcp 0 0 localhost:domain 0.0.0.0:* LISTEN
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] SEQPACKET LISTENING 14836 /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 969305 /run/containerd/s/4ac99f57a4
unix 2 [ ACC ] STREAM LISTENING 1594467 /run/user/1000/systemd/private
unix 2 [ ACC ] STREAM LISTENING 40533 /run/user/0/systemd/private
2.3.5 列出 TCP 监听端口
root@dev:~# netstat -lt
-------------------------------------------------------------------------
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN
tcp 0 0 localhost:34613 0.0.0.0:* LISTEN
tcp 0 0 localhost:domain 0.0.0.0:* LISTEN
2.3.6 列出 UDP 监听端口
root@dev:~# netstat -lu
-------------------------------------------------------------------------
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 localhost:domain 0.0.0.0:*
udp 0 0 postgres:bootpc 0.0.0.0:*
2.3.7 列出 UNIX 监听端口
root@dev:~# netstat -lx
-------------------------------------------------------------------------
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] SEQPACKET LISTENING 14836 /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 969305 /run/containerd/s/4ac99f57a4
2.3.8 按协议显示统计数据
显示所有端口的统计数据,无论使用何种协议;
root@dev:~# netstat -s
-------------------------------------------------------------------------
Ip:
Forwarding: 1
7816128 total packets received
6 with invalid addresses
585642 forwarded
0 incoming packets discarded
7199905 incoming packets delivered
8124611 requests sent out
40 outgoing packets dropped
Tcp:
85556 active connection openings
13952 passive connection openings
243 failed connection attempts
673 connection resets received
41 connections established
7157966 segments received
8129492 segments sent out
4464 segments retransmitted
1 bad segments received
20419 resets sent
统计数据按协议过滤
-
仅列出 TCP 端口的统计信息
root@dev:~# netstat -st
----------------------------------------------------------------------
IcmpMsg:
InType0: 15
InType3: 169
InType8: 17
OutType0: 17
OutType3: 80
OutType8: 30
Tcp:
85618 active connection openings
13952 passive connection openings
243 failed connection attempts
673 connection resets received
41 connections established
7159527 segments received
8131302 segments sent out
4464 segments retransmitted
1 bad segments received
20517 resets sent -
仅列出 UDP 端口的统计信息
netstat -su
2.3.9 列出网络接口 IO
查看内核接口表中的 MTU、接收和传输数据包。
root@dev:~# netstat -i
-------------------------------------------------------------------------
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
br-0d98d 1500 3373293 0 0 0 3518755 0 0 0 BMRU
br-3c911 1500 0 0 0 0 0 0 0 0 BMU
docker0 1500 0 0 0 0 0 0 0 0 BMU
ens3 1500 1379440 0 140887 0 1190824 0 0 0 BMRU
lo 65536 804512 0 0 0 804512 0 0 0 LRU
2.3.10 显示扩展内核接口表
将选项 -e 添加到 netstat -i 以扩展内核接口表的详细信息;
root@dev:~# netstat -ie
-------------------------------------------------------------------------
Kernel Interface table
br-0d98d1ae8a9d: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.0.1 netmask 255.255.0.0 broadcast 172.25.255.255
inet6 fe80::42:80ff:fe37:ab25 prefixlen 64 scopeid 0x20<link>
ether 02:42:80:37:ab:25 txqueuelen 0 (Ethernet)
RX packets 3506901 bytes 1111605054 (1.1 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3656528 bytes 636449409 (636.4 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
br-3c911bd828a7: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.21.0.1 netmask 255.255.0.0 broadcast 172.21.255.255
ether 02:42:c0:b3:e6:23 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
2.3.11 显示伪装连接
netstat -M
2.3.12 显示 PID
通过在 netstat 中添加 -p 选项,显示与特定连接相关的 PID/程序名。例如,要查看列出 PID/程序名的 TCP 连接;
root@dev:~# netstat -tp
-------------------------------------------------------------------------
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 postgres:34828 postgres:6379 ESTABLISHED 716331/python3.11
tcp 0 0 postgres:56692 postgres:6379 ESTABLISHED 716397/python3.11
tcp 0 0 postgres:58288 postgres:amqp ESTABLISHED 716331/python3.11
tcp 0 0 postgres:58312 postgres:amqp ESTABLISHED 716331/python3.11
tcp 0 0 postgres:58308 postgres:amqp ESTABLISHED 716331/python3.11
2.3.13 搜索状态 LISTENING 连接
root@dev:~# netstat -lp
-------------------------------------------------------------------------
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN 328470/docker-proxy
tcp 0 0 localhost:34613 0.0.0.0:* LISTEN 628314/sshd: root@n
tcp 0 0 localhost:domain 0.0.0.0:* LISTEN 609/systemd-resolve
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] SEQPACKET LISTENING 14836 1/init /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 969305 328010/containerd-s /run/containerd/s/4ac99f57a43fc62856761a7b272174baa8eb27f6733bd57d7aa71d48fe012ab9
unix 2 [ ACC ] STREAM LISTENING 1594467 630974/systemd /run/user/1000/systemd/private
unix 2 [ ACC ] STREAM LISTENING 40533 4763/systemd /run/user/0/systemd/private
2.3.14 显示内核 IP 路由表
root@dev:~# netstat -r
-------------------------------------------------------------------------
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default _gateway 0.0.0.0 UG 0 0 0 ens3
10.100.0.0 0.0.0.0 255.255.254.0 U 0 0 0 ens3
169.254.169.254 10.100.0.11 255.255.255.255 UGH 0 0 0 ens3
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.21.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-3c911bd828a7
172.25.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-0d98d1ae8a9d
2.3.15 显示 IPv4 和 IPv6 组成员身份
root@dev:~# netstat -g
-------------------------------------------------------------------------
IPv6/IPv4 Group Memberships
Interface RefCnt Group
--------------- ------ ---------------------
lo 1 all-systems.mcast.net
ens3 1 all-systems.mcast.net
br-3c911bd 1 all-systems.mcast.net
br-3c911bd 1 224.0.0.106
docker0 1 all-systems.mcast.net
2.3.16 连续输出 netstat 信息
在 netstat 命令中添加 -c 选项,以每秒打印一次信息;
netstat -c
例如,要连续打印内核接口表,请运行:
root@dev:~# netstat -ic
-------------------------------------------------------------------------
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
br-0d98d 1500 3512094 0 0 0 3661794 0 0 0 BMRU
br-3c911 1500 0 0 0 0 0 0 0 0 BMU
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
br-0d98d 1500 3512126 0 0 0 3661833 0 0 0 BMRU
br-3c911 1500 0 0 0 0 0 0 0 0 BMU
2.3.17 查找未配置的地址族
列出系统中不支持的地址,这些信息可在输出结果的末尾找到:
tcp 0 0 postgres:ssh 10.40.2.137:64935 ESTABLISHED
netstat: no support for `AF INET (sctp)' on this system.
netstat: no support for `AF INET (sctp)' on this system.
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 23733 /var/lib/haproxy/dev/log
unix 2 [ ] DGRAM 1594464 /run/user/1000/systemd/notify
如上:netstat: no support forAF INET (sctp)’ on this system.`
2.3.18 显示主机地址、端口号和用户 ID
默认情况下,地址、端口号和用户 ID 会尽可能解析为人类可读的名称。了解未解析的端口号对于 SSH 端口转发等任务非常重要。
显示数字地址:netstat -n
显示主机地址:netstat --numeric-hosts
显示端口号:netstat --numeric-ports
显示用户 ID:netstat --numeric-users
2.3.19 查找使用特定端口的进程
使用 grep 命令过滤 netstat 中的数据,如:要查找使用特定端口号的进程;
netstat -an | grep ':[port number]'
示例:
root@dev:~# netstat -an | grep ':80'
---------------------------------------------------------------
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8001 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8004 0.0.0.0:* LISTEN
2.3.20 列出所有 netstat 参数
不知道参数,可以加 -h 列出 netstat 选项和简短说明;
root@dev:~# netstat -h
---------------------------------------------------------------
usage: netstat [-vWeenNcCF] [<Af>] -r netstat {-V|--version|-h|--help}
netstat [-vWnNcaeol] [<Socket> ...]
netstat { [-vWeenNac] -i | [-cnNe] -M | -s [-6tuw] }
-r, --route display routing table
-i, --interfaces display interface table
-g, --groups display multicast group memberships
-s, --statistics display networking statistics (like SNMP)
-M, --masquerade display masqueraded connections
-v, --verbose be verbose
-W, --wide don't truncate IP addresses
-n, --numeric don't resolve names
--numeric-hosts don't resolve host names
--numeric-ports don't resolve port names
--numeric-users don't resolve user names
-N, --symbolic resolve hardware names
感谢您花时间阅读文章!
收藏本站不迷路!
原文始发于微信公众号(滑翔的纸飞机):Linux 命令:netstat
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。
文章由极客之音整理,本文链接:https://www.bmabk.com/index.php/post/260922.html
