eleven26
0%

netstat 用法

Posted on Edited on

netstat 命令用于显示各种网络相关信息。

常见参数

  • -a (all) 显示所有选项,默认不显示 LISTEN 相关
  • -t (tcp) 仅显示 tcp 相关选项
  • -u (udp) 仅显示 udp 相关选项
  • -n 拒绝显示别名,能显示数字的全部转化成数字
  • -l 仅列出有在 Listen(监听)的服务状态
  • -p 显示建立相关链接的程序名
  • -r 显示路由信息,路由表
  • -e 显示扩展信息,例如 uid
  • -s 按各个协议进行统计
  • -c 每隔一个固定时间,执行该 netstat 命令
  • -i --interfaces,显示所有网卡
  • -s 显示网络统计信息

示例

显示正在监听的 tcp 套接字

1
netstat -tl

输出:

1
2
3
4
5
6
7
8
9
10
11
12
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 localhost:9121          0.0.0.0:*               LISTEN
tcp        0      0 localhost:websm         0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:zabbix-agent    0.0.0.0:*               LISTEN
tcp        0      0 localhost:9187          0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:zabbix-trapper  0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:xprint-server   0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:commplex-main   0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:empowerid       0.0.0.0:*               LISTEN
tcp        0      0 localhost:cslistener    0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:rsync           0.0.0.0:*               LISTEN

显示路由表

1
netstat -r

输出:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         gateway         0.0.0.0         UG        0 0          0 enp4s0
172.17.0.0      0.0.0.0         255.255.0.0     U         0 0          0 docker0
172.18.0.0      0.0.0.0         255.255.0.0     U         0 0          0 br-4caf812bdaa6
172.19.0.0      0.0.0.0         255.255.0.0     U         0 0          0 br-bf1a2715a536
172.20.0.0      0.0.0.0         255.255.0.0     U         0 0          0 br-24ea9b4941ce
172.21.0.0      0.0.0.0         255.255.0.0     U         0 0          0 br-dad742f48f75
172.22.0.0      0.0.0.0         255.255.0.0     U         0 0          0 br-c3b89e07005b
172.23.0.0      0.0.0.0         255.255.0.0     U         0 0          0 br-e80111182b15
172.24.0.0      0.0.0.0         255.255.0.0     U         0 0          0 br-52c539f436eb
172.27.0.0      0.0.0.0         255.255.0.0     U         0 0          0 br-6135592da74f
172.30.0.0      0.0.0.0         255.255.0.0     U         0 0          0 br-2b9072cf2223
192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0 enp4s0
192.168.250.0   0.0.0.0         255.255.255.0   U         0 0          0 br-ff86e2f8db31

显示相关的程序名

1
netstat -tlp

输出:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 localhost:9121          0.0.0.0:*               LISTEN      6994/redis_exporter
tcp        0      0 localhost:websm         0.0.0.0:*               LISTEN      6970/prometheus
tcp        0      0 0.0.0.0:zabbix-agent    0.0.0.0:*               LISTEN      1495/zabbix_agentd
tcp        0      0 localhost:9187          0.0.0.0:*               LISTEN      6992/postgres_expor
tcp        0      0 0.0.0.0:zabbix-trapper  0.0.0.0:*               LISTEN      3160/zabbix_server
tcp        0      0 0.0.0.0:xprint-server   0.0.0.0:*               LISTEN      6979/nginx: master
tcp        0      0 0.0.0.0:commplex-main   0.0.0.0:*               LISTEN      3152/python3
tcp        0      0 0.0.0.0:empowerid       0.0.0.0:*               LISTEN      2271/nginx: master
tcp        0      0 localhost:cslistener    0.0.0.0:*               LISTEN      1757/php-fpm: maste
tcp        0      0 0.0.0.0:rsync           0.0.0.0:*               LISTEN      949/rsync
tcp        0      0 0.0.0.0:mysql           0.0.0.0:*               LISTEN      2216/mysqld
tcp        0      0 localhost:jetdirect     0.0.0.0:*               LISTEN      6984/node_exporter
tcp        0      0 localhost:9229          0.0.0.0:*               LISTEN      6991/gitlab-workhor
tcp        0      0 localhost:distinct      0.0.0.0:*               LISTEN      1493/php-fpm: maste
tcp        0      0 localhost:webcache      0.0.0.0:*               LISTEN      7142/unicorn master
tcp        0      0 localhost:9168          0.0.0.0:*               LISTEN      6975/ruby
tcp        0      0 0.0.0.0:9264            0.0.0.0:*               LISTEN      2271/nginx: master
tcp        0      0 0.0.0.0:http            0.0.0.0:*               LISTEN      2271/nginx: master
tcp        0      0 0.0.0.0:scp-config      0.0.0.0:*               LISTEN      2271/nginx: master

拒绝显示别名

还是用上一个命令,上一个命令的输出中,我们可以看到某些应该是数字端口的地方,却出现了一些单词,比如:

1
tcp        0      0 localhost:websm         0.0.0.0:*               LISTEN      6970/prometheus

我们可以加上 -n 参数:

1
netstat -nltp

输出:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:9121          0.0.0.0:*               LISTEN      6994/redis_exporter
tcp        0      0 127.0.0.1:9090          0.0.0.0:*               LISTEN      6970/prometheus
tcp        0      0 0.0.0.0:10050           0.0.0.0:*               LISTEN      1495/zabbix_agentd
tcp        0      0 127.0.0.1:9187          0.0.0.0:*               LISTEN      6992/postgres_expor
tcp        0      0 0.0.0.0:10051           0.0.0.0:*               LISTEN      3160/zabbix_server
tcp        0      0 0.0.0.0:8100            0.0.0.0:*               LISTEN      6979/nginx: master
tcp        0      0 0.0.0.0:5000            0.0.0.0:*               LISTEN      3152/python3
tcp        0      0 0.0.0.0:7080            0.0.0.0:*               LISTEN      2271/nginx: master
tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN      1757/php-fpm: maste
tcp        0      0 0.0.0.0:873             0.0.0.0:*               LISTEN      949/rsync
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      2216/mysqld
tcp        0      0 127.0.0.1:9100          0.0.0.0:*               LISTEN      6984/node_exporter
tcp        0      0 127.0.0.1:9229          0.0.0.0:*               LISTEN      6991/gitlab-workhor
tcp        0      0 127.0.0.1:9999          0.0.0.0:*               LISTEN      1493/php-fpm: maste
tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      7142/unicorn master
tcp        0      0 127.0.0.1:9168          0.0.0.0:*               LISTEN      6975/ruby
tcp        0      0 0.0.0.0:9264            0.0.0.0:*               LISTEN      2271/nginx: master
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      2271/nginx: master
tcp        0      0 0.0.0.0:10001           0.0.0.0:*               LISTEN      2271/nginx: master

这样我们就可以看到具体监听的端口了。

查看建立的连接

1
netstat -ant | grep ESTABLISHED

输出:

1
2
3
4
5
6
7
8
9
10
11
12
13
tcp        0      0 192.168.2.168:51924     192.168.2.156:9094      ESTABLISHED
tcp        0      0 192.168.2.168:53442     192.168.2.156:9092      ESTABLISHED
tcp        0      0 192.168.2.168:48928     192.168.2.227:9092      ESTABLISHED
tcp        0      0 192.168.2.168:32856     120.79.186.232:9113     ESTABLISHED
tcp        0      0 192.168.2.168:59814     192.168.2.185:9092      ESTABLISHED
tcp        0      0 192.168.2.168:60048     192.168.2.168:9092      ESTABLISHED
tcp        0      0 192.168.2.168:49480     47.115.135.169:9092     ESTABLISHED
tcp        0      0 192.168.2.168:60134     120.79.15.181:14101     ESTABLISHED
tcp        0      0 192.168.2.168:34968     119.23.209.74:9092      ESTABLISHED
tcp        0      0 192.168.2.168:37062     119.23.209.74:14101     ESTABLISHED
tcp        0      0 192.168.2.168:44492     120.77.177.149:14101    ESTABLISHED
tcp        0      0 192.168.2.168:59580     120.79.186.232:9092     ESTABLISHED
tcp        0      0 192.168.2.168:33466     120.77.177.149:9092     ESTABLISHED

显示所有可用网卡

1
netstat -i

输出:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Kernel Interface table
Iface             MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
br-24ea9b4941ce  1500 12923986      0      0 0       8918266      0      0      0 BMU
br-2b9072cf2223  1500        0      0      0 0             0      0      0      0 BMU
br-4caf812bdaa6  1500        0      0      0 0             0      0      0      0 BMU
br-52c539f436eb  1500  4420030      0      0 0       4572461      0      0      0 BMU
br-6135592da74f  1500  7591698      0      0 0      11314882      0      0      0 BMRU
br-bf1a2715a536  1500  7591698      0      0 0      11314882      0      0      0 BMU
br-c3b89e07005b  1500        0      0      0 0             0      0      0      0 BMU
br-dad742f48f75  1500     2091      0      0 0          6783      0      0      0 BMU
br-e80111182b15  1500        0      0      0 0             0      0      0      0 BMU
br-ff86e2f8db31  1500 12923986      0      0 0       8918266      0      0      0 BMU
docker0          1500 42136153      0      0 0      68259406      0      0      0 BMRU
enp4s0           1500 1904508155      0 2777565 0      2142106883      0      0      0 BMRU
lo              65536 987259699      0      0 0      987259699      0      0      0 LRU

显示网络统计信息

1
netstat -s

输出:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
Ip:
    2331469472 total packets received
    100868012 forwarded
    0 incoming packets discarded
    2153729362 incoming packets delivered
    2961922941 requests sent out
    16 outgoing packets dropped
    231 dropped because of missing route
    285 reassemblies required
    142 packets reassembled ok
Icmp:
    1683106 ICMP messages received
    561981 input ICMP message failed.
    InCsumErrors: 44
    ICMP input histogram:
        destination unreachable: 1678491
        echo requests: 4424
        echo replies: 147
    1755127 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 1750607
        echo request: 239
        echo replies: 4281
IcmpMsg:
        InType0: 147
        InType3: 1678491
        InType8: 4424
        OutType0: 4281
        OutType3: 1750607
        OutType8: 239
Tcp:
    75243858 active connections openings
    52446738 passive connection openings
    13907686 failed connection attempts
    904581 connection resets received
    55 connections established
    2222345241 segments received
    2883961201 segments send out
    33088737 segments retransmited
    335714 bad segments received.
    11770965 resets sent
Udp:
    42916525 packets received
    3132 packets to unknown port received.
    0 packet receive errors
    43474964 packets sent
    0 receive buffer errors
    0 send buffer errors
UdpLite:
TcpExt:
    13429 invalid SYN cookies received
    2868 resets received for embryonic SYN_RECV sockets
    35 packets pruned from receive queue because of socket buffer overrun
    329 ICMP packets dropped because they were out-of-window
    59244840 TCP sockets finished time wait in fast timer
    7185 packets rejects in established connections because of timestamp
    23339679 delayed acks sent
    .... // 省略一大堆输出
IpExt:
    InNoRoutes: 23
    InMcastPkts: 11716265
    OutMcastPkts: 78163
    InBcastPkts: 52491220
    InOctets: 1924057038252
    OutOctets: 3172007243489
    InMcastOctets: 1284732984
    OutMcastOctets: 13779932
    InBcastOctets: 10254385628
    InNoECTPkts: 2384812576
    InECT0Pkts: 614417