netstat用于显示与IP、TCP、UDP和ICMP协议相关的统计数据,一般用于检验本机各端口的网络连接情况。
常用:
netstat -anp | grep 进程名、pid进程号、端口号
参数一般用的:
-aup
-anp
-anltp
-ano
-a (all)显示所有连接和监听端口选项,默认不显示LISTEN相关
-t (tcp)仅显示tcp相关选项
-o 显示与每个连接相关的所属进程 ID
-u (udp)仅显示udp相关选项
-n 以数字形式显示地址和端口号。
-l 仅列出有在 Listen (监听) 的服務状态
-p 显示 proto 指定的协议的连接
-r 显示路由信息,路由表
-e 显示以太网统计信息。此选项可以与 -s选项组合使用,例如uid等
-s 按各个协议进行统计
-c 每隔一个固定时间,执行该netstat命令。
提示:LISTEN和LISTENING的状态只有用-a或者-l才能看到
#netstat -p tcp
Active Connections
Proto Local Address Foreign Address State
TCP Eagle:microsoft-ds localhost:1031 ESTABLISHED
TCP Eagle:1031 localhost:microsoft-ds ESTABLISHED
TCP Eagle:1213 218.85.139.65:9002 CLOSE_WAIT
TCP Eagle:2416 219.133.63.142:https CLOSE_WAIT
TCP Eagle:2443 219.133.63.142:https CLOSE_WAIT
TCP Eagle:2907 192.168.1.101:2774 CLOSE_WAIT
TCP Eagle:2916 192.168.1.101:telnet ESTABLISHED
TCP Eagle:2929 219.137.227.10:4899 ESTABLISHED
TCP Eagle:3455 218.85.139.65:9002 ESTABLISHED
1、列出所有端口 :netstat -a
[root@zhz jiehun]# netstat -a | more Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 *:webcache *:* LISTEN tcp 0 0 *:http *:* LISTEN tcp 0 0 192.168.122.1:domain *:* LISTEN tcp 0 0 localhost.localdomain:d-s-n *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 localhost.loc:simplifymedia *:* LISTEN
2、 列出所有tcp端口:netstat -at
[root@zhz jiehun]# netstat -at|more Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 *:webcache *:* LISTEN tcp 0 0 *:http *:* LISTEN tcp 0 0 192.168.122.1:domain *:* LISTEN tcp 0 0 localhost.localdomain:d-s-n *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 localhost.loc:simplifymedia *:* LISTEN
3、列出所有udp端口 :netstat -au
[root@zhz jiehun]# netstat -au|more Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 *:ideafarm-panic *:* udp 0 0 *:47005 *:* udp 0 0 localhost.loca:memcache *:* udp 0 0 *:55276 *:* udp 0 0 192.168.122.1:domain *:* udp 0 0 *:bootps *:* udp 0 0 *:bootpc *:* udp 0 0 *:sunrpc *:* udp 0 0 *:ipp *:* udp 0 0 *:44236 *:* udp 0 0 *:722 *:*
4、 只显示监听端口:netstat -l
[root@zhz jiehun]# netstat -l Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 *:webcache *:* LISTEN tcp 0 0 *:http *:* LISTEN tcp 0 0 192.168.122.1:domain *:* LISTEN tcp 0 0 localhost.localdomain:d-s-n *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 localhost.loc:simplifymedia *:* LISTEN tcp 0 0 localhost.localdomain:ipp *:* LISTEN tcp 0 0 *:44343 *:* LISTEN tcp 0 0 localhost.localdomain:smtp *:* LISTEN
5、只显示监听的tcp端口:netstat -lt
[root@zhz jiehun]# netstat -lt Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 *:webcache *:* LISTEN tcp 0 0 *:http *:* LISTEN tcp 0 0 192.168.122.1:domain *:* LISTEN tcp 0 0 localhost.localdomain:d-s-n *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 localhost.loc:simplifymedia *:* LISTEN tcp 0 0 localhost.localdomain:ipp *:* LISTEN tcp 0 0 *:44343 *:* LISTEN tcp 0 0 localhost.localdomain:smtp *:* LISTEN
6、只显示所有监听udp端口:netstat -lu
[root@zhz jiehun]# netstat -lu Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 *:ideafarm-panic *:* udp 0 0 *:47005 *:* udp 0 0 *:47551 *:* udp 0 0 localhost.loca:memcache *:* udp 0 0 *:55276 *:* udp 0 0 192.168.122.1:domain *:* udp 0 0 *:bootps *:* udp 0 0 *:bootpc *:* udp 0 0 *:sunrpc *:*
7、 只列出所有监听unix端口 :netstat -lx
[root@zhz jiehun]# netstat -lx Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 21941 /tmp/.X11-unix/X0 unix 2 [ ACC ] STREAM LISTENING 34096 /tmp/orbit-haozheng/linc-cd2-0-5b33fa1ecf0c9 unix 2 [ ACC ] STREAM LISTENING 22263 @/tmp/gdm-greeter-cBlQsyRF unix 2 [ ACC ] STREAM LISTENING 32728 /tmp/.ICE-unix/3103 unix 2 [ ACC ] STREAM LISTENING 36866 @/tmp/dbus-AcJrBlWF unix 2 [ ACC ] STREAM LISTENING 20454 /tmp/mysql.sock
8、 显示所有端口的统计信息:netstat -s
[root@zhz jiehun]# netstat -s Ip: 1943780 total packets received 2 forwarded 0 incoming packets discarded 1769532 incoming packets delivered 1121573 requests sent out 132 outgoing packets dropped 45867 dropped because of missing route Tcp: 64002 active connections openings 7632 passive connection openings 2309 failed connection attempts 498 connection resets received 8 connections established 1018564 segments received 1022700 segments send out 16835 segments retransmited 2 bad segments received. 552 resets sent Udp: 133420 packets received 7845 packets to unknown port received. 0 packet receive errors 74841 packets sent 0 receive buffer errors 0 send buffer errors
9、 显示所有tcp(netstat -st)或udp(netstat -su)的统计信息
[root@zhz jiehun]# netstat -su IcmpMsg: InType0: 11 InType3: 13506 OutType3: 13679 OutType8: 11 Udp: 133462 packets received 7869 packets to unknown port received. 0 packet receive errors 74888 packets sent 0 receive buffer errors 0 send buffer errors UdpLite: IpExt: InNoRoutes: 991 InMcastPkts: 24308 OutMcastPkts: 2353 InBcastPkts: 630615 OutBcastPkts: 1546 InOctets: 755319900 OutOctets: 296705252 InMcastOctets: 2908748 OutMcastOctets: 93173 InBcastOctets: 99500419 OutBcastOctets: 299980
10、显示pid/进程名称: netstat -p
-p可以与其他参数一起使用 比如 显示tcp的进程id信息
netstat -p 可以与其它开关一起使用,就可以添加 “PID/进程名称” 到 netstat 输出中,这样 debugging 的时候可以很方便的发现特定端口运行的程序。
[root@zhz jiehun]# netstat -pt Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 192.168.0.52:44784 123.150.49.20:http FIN_WAIT2 4207/VirtualBox tcp 0 0 192.168.0.52:46715 ie-in-f125.1e100.net:https ESTABLISHED 4207/VirtualBox tcp 0 0 192.168.0.52:43415 geotrust-ocsp-mtv.veri:http FIN_WAIT2 4207/VirtualBox
11、 在 netstat 输出中不显示主机,端口和用户名 (host, port or user)当你不想让主机,端口和用户名显示,使用: netstat -n
将会使用数字代替那些名称。同样可以加速输出,因为不用进行比对查询。
netstat -ntpl 显示tcp的监听端口 不显示主机端口用户名 用数字代替
[root@zhz jiehun]# netstat -ptnl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 971/rpcbind tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1526/nginx: master tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1526/nginx: master tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1248/dnsmasq tcp 0 0 127.0.0.1:8086 0.0.0.0:* LISTEN 1553/python tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1163/sshd tcp 0 0 127.0.0.1:8087 0.0.0.0:* LISTEN 1553/python tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1140/cupsd tcp 0 0 0.0.0.0:44343 0.0.0.0:* LISTEN 1151/rpc.statd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 18573/sendmail: acc tcp 0 0 127.0.0.1:3002 0.0.0.0:* LISTEN 1004/ruby tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 1526/nginx: master
12、 一秒钟输出一次tcp监听端口信息 :netstat -c
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 971/rpcbind tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1526/nginx: master tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1526/nginx: master tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1248/dnsmasq tcp 0 0 127.0.0.1:8086 0.0.0.0:* LISTEN 1553/python tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1163/sshd
13、 显示路由信息 netstat -r
[root@zhz jiehun]# netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface default vrouter 0.0.0.0 UG 0 0 0 eth0 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 192.168.122.0 * 255.255.255.0 U 0 0 0 virb
14、 显示网络接口列表 netstat -i
[root@zhz jiehun]# netstat -i Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 4943885 0 0 0 901773 0 0 0 BMRU lo 16436 0 236931 0 0 0 236931 0 0 0 LRU virbr0 1500 0 0 0 0 0 0 0 0 0 BMU
14、 找出程序运行的端口: netstat -ap | grep ssh
并不是所有的进程都能找到,没有权限的会不显示,使用 root 权限查看所有的信息
[root@zhz jiehun]# netstat -ap | grep ssh tcp 1 0 dev-db:ssh 101.174.100.22:39213 CLOSE_WAIT -
tcp 1 0 dev-db:ssh 101.174.100.22:57643 CLOSE_WAIT -
找出运行在指定端口的进程:netstat -an | grep 80
[root@zhz jiehun]# netstat -an | grep 80
原文:http://www.cnblogs.com/qmfsun/p/3819144.html