当前位置：网络安全 > netstat命令，一文搞懂

netstat命令，一文搞懂

发布：2023-09-28 17:16

前言后台开发，netstat命令总是绕不过，不仅工作中经常用过，面试也是考的多。netstat命令，对应的选项比较多，功能比较强大。netstat 常用来查看，后台服务进程的相关状态。 netstat 可以用来打印网络连接、路由表、连接的数据统计。下面我们来学习一下。打印所有连接使用 -a，列出所有连接。 [root@VM-16-9-centos ~]# netstat -a Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN tcp 0 0 VM-16-9-centos:49326 169.254.0.55:lsi-bobcat ESTABLISHED tcp 0 52 VM-16-9-centos:ssh 119.137.1.7:20029 ESTABLISHED tcp 0 0 VM-16-9-centos:ssh 113.110.224.255:63626 ESTABLISHED tcp6 0 0 [::]:mysql [::]:* LISTEN udp 0 0 0.0.0.0:bootpc 0.0.0.0:* udp 0 0 VM-16-9-centos:ntp 0.0.0.0:* udp 0 0 VM-16-9-centos:ntp 0.0.0.0:* udp 0 0 0.0.0.0:38064 0.0.0.0:* udp6 0 0 VM-16-9-centos:ntp [::]:* udp6 0 0 VM-16-9-centos:ntp [::]:* 打印 TCP 或 UDP 连接使用 -t 选项列出 TCP 协议的连接。 [root@VM-16-9-centos ~]# netstat -t Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 VM-16-9-centos:49326 169.254.0.55:lsi-bobcat ESTABLISHED tcp 0 52 VM-16-9-centos:ssh 119.137.1.7:20029 ESTABLISHED tcp 0 0 VM-16-9-centos:ssh 113.110.224.255:63626 ESTABLISHED tcp 0 0 VM-16-9-centos:ssh vps-d395feee.vps.:39128 ESTABLISHED 使用 -u 选项列出 UDP 协议的连接。 [root@VM-16-9-centos ~]# netstat -u Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State 禁用反向域名解析使用 -n 选项禁用域名解析功能，这样可以加快查找速度。 [root@VM-16-9-centos ~]# netstat -n Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 172.17.16.9:49326 169.254.0.55:5574 ESTABLISHED tcp 0 52 172.17.16.9:22 119.137.1.7:20029 ESTABLISHED tcp 0 0 172.17.16.9:22 113.110.224.255:63626 ESTABLISHED tcp 0 0 172.17.16.9:52236 169.254.0.4:80 TIME_WAIT 显示对应的程序识别码和程序名称使用 -p 选项列出正在监听的套接字。 [root@VM-16-9-centos ~]# netstat -p Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 VM-16-9-centos:49326 169.254.0.55:lsi-bobcat ESTABLISHED 1400/YDService tcp 0 52 VM-16-9-centos:ssh 119.137.1.7:20029 ESTABLISHED 22131/sshd: root@pt tcp 0 0 VM-16-9-centos:ssh host-188-14-121-2:55529 TIME_WAIT - tcp 0 0 VM-16-9-centos:ssh 113.110.224.255:63626 ESTABLISHED 32201/sshd: root@pt 打印监听中的连接使用 -l 选项列出正在监听的套接字。 [root@VM-16-9-centos ~]# netstat -l Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN tcp6 0 0 [::]:mysql [::]:* LISTEN udp 0 0 0.0.0.0:bootpc 0.0.0.0:* 停下来，花30秒时间，欣赏一幅美丽的欧式建筑。建筑就像小时候童话里的，看着感觉心情舒畅。接下来接着学。打印连接进程信息使用 -p 选项查看进程信息。 [root@VM-16-9-centos ~]# netstat -p Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 VM-16-9-centos:49326 169.254.0.55:lsi-bobcat ESTABLISHED 1400/YDService tcp 0 0 VM-16-9-centos:48680 169.254.0.55:webcache TIME_WAIT - tcp 0 52 VM-16-9-centos:ssh 119.137.1.7:20029 ESTABLISHED 22131/sshd: root@pt tcp 0 0 VM-16-9-centos:ssh 113.110.224.255:63626 ESTABLISHED 32201/sshd: root@pt tcp 0 0 VM-16-9-centos:ssh host-188-14-121-2:56025 ESTABLISHED 10384/sshd: unknown 打印网络工作信息统计表使用 -s 选项查看进程信息(只展示部分结果)。 [root@VM-16-9-centos ~]# netstat -s Ip: 7502855 total packets received 0 forwarded 0 incoming packets discarded 7502837 incoming packets delivered 7624338 requests sent out 40 dropped because of missing route Icmp: 938052 ICMP messages received 147 input ICMP message failed. ICMP input histogram: destination unreachable: 411 timeout in transit: 8 redirects: 2 echo requests: 937623 echo replies: 7 timestamp request: 1 946258 ICMP messages sent 0 ICMP messages failed ICMP output histogram: destination unreachable: 8634 echo replies: 937623 timestamp replies: 1 打印网络接口使用 -i 选项查看进程信息。 [root@VM-16-9-centos ~]# netstat -i Kernel Interface table Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 7825094 0 0 0 7712988 0 0 0 BMRU lo 65536 10230 0 0 0 10230 0 0 0 LRU 持续输出信息使用 -c 选项查看进程信息。 [root@VM-16-9-centos ~]# netstat -c Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 VM-16-9-centos:49326 169.254.0.55:lsi-bobcat ESTABLISHED tcp 0 52 VM-16-9-centos:ssh 119.137.1.7:20029 ESTABLISHED tcp 0 0 VM-16-9-centos:ssh vps-d395feee.vps.:39442 ESTABLISHED tcp 0 0 VM-16-9-centos:ssh 113.110.224.255:63626 ESTABLISHED tcp 0 0 VM-16-9-centos:52660 169.254.0.4:http TIME_WAIT tcp 0 0 VM-16-9-centos:ssh b3d278e1.virtua.c:35113 TIME_WAIT tcp 0 0 VM-16-9-centos:ssh 58.230.147.230:56693 TIME_WAIT Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 3 [ ] DGRAM 7444 /run/systemd/notify 根据进程pid查端口利用 grep 命令，通过进程 pid 查出监听端口。 [root@VM-16-9-centos test]# netstat -nap|grep 12178 tcp6 0 0 :::8888 :::* LISTEN 12178/gin 根据端口查进程利用 grep 命令，通过监听端口查出进程 pid 。 [root@VM-16-9-centos test]# netstat -nap|grep 8888 tcp6 0 0 :::8888 :::* LISTEN 12178/gin 统计网络socket状态借助 awk 命令，统计socket状态对应的个数。 [test]# netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}' ESTABLISHED 5 TIME_WAIT 2 絮叨 netstat命令不难，但是选项比较多，工作中也常用，务必要掌握。这篇文章可以用作为大家 netstat 参考手册。希望这篇文章能帮助到大家，下期再会!