netstat 命令是linux 上常用的一个查看网络信息的命令,主要包括网络连接信息、路由表信息、网卡信息和广播信息等。
用法概览
命令形式:netstat [选项]
选项参数:
-a/--all,显示所有连线中的 Socket-A<网络类型>或--<网络类型>,列出该网络类型连接中的相关地址-c/--continuous,持续列出网络状态-C/--cache,显示路由器配置的缓存信息-e/--extend,显示网络其他相关信息-F/--fib,显示FIB-g/--groups,显示多重广播功能群组组员名单-h/--help,显示使用帮助信息-i/--interfaces,显示网络界面信息表单-l/--listening,显示监控中的服务器 Socket-M/--masquerade,显示伪装的网络连接-n/numberic,使用数字形式显示,不使用域名-N/--netlink或--symblolic,显示网络硬件外围设备的符号连接名称-o/--timers,显示计时器-p/--programs,显示正在使用 Socket 的程序识别码和程序名称-r/--route,显示路由表-s/--statistic,显示网络工作信息统计表-t/--tcp,显示 TCP 协议的连接状况-u/--udp,显示 UDP 协议的连接状况-v/--verbose,显示指令执行过程-V/--version,显示版本信息-w/--raw,显示 Raw 传输协议的连接状况-x/--unix,效果和指定 “-A unix”参数相同--ip/--inet,效果和指定”-A inet”参数相同
输出示例
以下内容有删减,我们看下输出内容:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
[root@master uphie]# netstat -anp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1259/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1776/master
tcp 0 0 127.0.0.1:10248 0.0.0.0:* LISTEN 30514/kubelet
tcp 0 0 127.0.0.1:45648 0.0.0.0:* LISTEN 29683/containerd
tcp 0 1 10.211.55.22:42734 108.177.125.82:443 SYN_SENT 29683/containerd
tcp 0 0 10.211.55.22:22 10.211.55.2:57685 ESTABLISHED 1155/sshd: uphie [p
tcp 0 0 10.211.55.22:55362 34.107.244.51:443 ESTABLISHED 29683/containerd
tcp 0 1 10.211.55.22:38278 142.251.8.82:443 SYN_SENT 29683/containerd
tcp 0 0 10.211.55.22:55262 34.107.244.51:443 TIME_WAIT -
tcp 0 0 10.211.55.22:55404 34.107.244.51:443 ESTABLISHED 29683/containerd
tcp 0 0 10.211.55.22:55274 34.107.244.51:443 TIME_WAIT -
tcp 0 0 10.211.55.22:55212 34.107.244.51:443 TIME_WAIT -
tcp 0 0 10.211.55.22:55318 34.107.244.51:443 ESTABLISHED 29683/containerd
tcp 0 0 10.211.55.22:55178 34.107.244.51:443 TIME_WAIT -
tcp 0 0 10.211.55.22:55414 34.107.244.51:443 ESTABLISHED 29683/containerd
tcp 0 0 10.211.55.22:22 10.211.55.2:55804 ESTABLISHED 4573/sshd: uphie [p
tcp 0 0 10.211.55.22:22 10.211.55.2:57173 ESTABLISHED 4905/sshd: uphie [p
tcp 0 1 10.211.55.22:42724 108.177.125.82:443 SYN_SENT 29683/containerd
tcp 0 1 10.211.55.22:42682 108.177.125.82:443 SYN_SENT 29683/containerd
tcp6 0 0 :::22 :::* LISTEN 1259/sshd
tcp6 0 0 :::7000 :::* LISTEN 4899/./helloworld
tcp6 0 0 ::1:25 :::* LISTEN 1776/master
tcp6 0 0 :::10250 :::* LISTEN 30514/kubelet
udp 0 0 0.0.0.0:68 0.0.0.0:* 4388/dhclient
udp 0 0 127.0.0.1:323 0.0.0.0:* 722/chronyd
udp6 0 0 ::1:323 :::* 722/chronyd
raw6 0 0 :::58 :::* 7 942/NetworkManager
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 1795 1/systemd /run/lvm/lvmpolld.socket
unix 2 [ ] DGRAM 15627 722/chronyd /var/run/chrony/chronyd.sock
unix 2 [ ACC ] SEQPACKET LISTENING 1815 1/systemd /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 12317 1/systemd /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 14133 942/NetworkManager /var/run/NetworkManager/private-dhcp
unix 2 [ ACC ] STREAM LISTENING 1847 1/systemd /run/lvm/lvmetad.socket
unix 2 [ ACC ] STREAM LISTENING 20599 1776/master public/pickup
unix 2 [ ACC ] STREAM LISTENING 15001 1/systemd /run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 402868 30514/kubelet /var/lib/kubelet/device-plugins/kubelet.sock
unix 2 [ ACC ] STREAM LISTENING 400970 30514/kubelet /var/lib/kubelet/pod-resources/2905715132
unix 3 [ ] DGRAM 9634 1/systemd /run/systemd/notify
unix 2 [ ] DGRAM 9636 1/systemd /run/systemd/cgroups-agent
unix 2 [ ACC ] STREAM LISTENING 391590 29683/containerd /run/containerd/containerd.sock.ttrpc
unix 2 [ ] DGRAM 400958 30514/kubelet @0095c
unix 2 [ ACC ] STREAM LISTENING 391592 29683/containerd /run/containerd/containerd.sock
unix 2 [ ACC ] STREAM LISTENING 91306 1/systemd /var/run/docker.sock
unix 2 [ ] DGRAM 393644 29696/dockerd @0091f
unix 2 [ ACC ] STREAM LISTENING 9653 1/systemd /run/systemd/journal/stdout
unix 6 [ ] DGRAM 9656 1/systemd /run/systemd/journal/socket
unix 18 [ ] DGRAM 9658 1/systemd /dev/log
unix 2 [ ACC ] STREAM LISTENING 390589 29696/dockerd /var/run/docker/libnetwork/5fc647adbc2e.sock
unix 2 [ ACC ] STREAM LISTENING 20603 1776/master public/cleanup
unix 3 [ ] STREAM CONNECTED 12936 715/dbus-daemon
unix 3 [ ] STREAM CONNECTED 15103 715/dbus-daemon
unix 2 [ ] DGRAM 448507 1155/sshd: uphie [p
unix 3 [ ] STREAM CONNECTED 20668 1776/master
unix 3 [ ] STREAM CONNECTED 402551 1/systemd /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 15611 1/systemd
unix 3 [ ] STREAM CONNECTED 20597 1776/master
unix 3 [ ] STREAM CONNECTED 403646 30514/kubelet
unix 3 [ ] STREAM CONNECTED 402557 30514/kubelet
unix 2 [ ] DGRAM 451633 1181/su
unix 3 [ ] STREAM CONNECTED 15185 728/systemd-logind
unix 3 [ ] STREAM CONNECTED 448510 1161/sshd: uphie@pt
unix 3 [ ] STREAM CONNECTED 20612 1776/master
unix 3 [ ] STREAM CONNECTED 16143 1259/sshd
unix 3 [ ] STREAM CONNECTED 393635 1/systemd /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 20601 1776/master
unix 2 [ ] DGRAM 2779 550/systemd-udevd
unix 3 [ ] STREAM CONNECTED 403616 30514/kubelet
unix 3 [ ] STREAM CONNECTED 20660 1776/master
unix 3 [ ] STREAM CONNECTED 403647 715/dbus-daemon /run/dbus/system_bus_socket
unix 2 [ ] DGRAM 12946 728/systemd-logind
unix 3 [ ] STREAM CONNECTED 19653 715/dbus-daemon /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 20604 1776/master
unix 3 [ ] STREAM CONNECTED 569133 4909/sshd: uphie@pt
unix 3 [ ] STREAM CONNECTED 13331 1/systemd /run/systemd/journal/stdout
unix 2 [ ] DGRAM 15953 942/NetworkManager
unix 3 [ ] STREAM CONNECTED 20647 1776/master
unix 3 [ ] STREAM CONNECTED 20632 1776/master
unix 3 [ ] STREAM CONNECTED 20656 1776/master
unix 3 [ ] STREAM CONNECTED 20620 1776/master
unix 3 [ ] STREAM CONNECTED 391661 29696/dockerd
unix 3 [ ] STREAM CONNECTED 11208 1/systemd /run/systemd/journal/stdout
输出解释
Proto
protocol,socket 连接使用的协议名
对于网络套接字有:
- tcp,建立在IPv4基础上的TCP协议
- tcp6,建立在IPv6基础上的TCP协议
- udp,建立在IPv4基础上的UDP协议
- udp6,建立在IPv6基础上的UDP协议
- raw,建立在IPv4基础上的原始 socket,可以执行构造数据包
- raw6,建立在IPv6基础上的原始socket,可以执行构造数据包
对于 unix 域套接字有:
- unix,unix 域套接字
Recv-Q
网络接收队列,表示收到的数据已经在本地缓冲区,但还没有被进程取走。在 DDOS 攻击下,由于进程响应不过来,Recv-Q 会处于阻塞状态。
Send-Q
和 Recv-Q 类型,网络发送队列。
如果不能很快清零,则可能是有应用向外发送数据包过快,或对方接收数据包过慢。
Local Address
表示程序监听的 IP 及端口。
如 :::22,表示监听来自于所有 IPv6 地址的22端口的连接。
Foreign Address
与本机通信的外部 Socket,显示规则同 LocalAddress
State
连接状态。
LISTEN,服务端打开了 Socket 进行监听,处于监听状态ESTABLISHED,TCP连接已经建立,可以通信SYN_SENT,TCP三次握手中,主动关闭方在第一步发送SYN请求建立连接后的状态SYN_RECV,TCP三次握手中,被动关闭方在第二步回复ACK后的状态FIN_WAIT1,TCP四次挥手中,主动关闭方在第一步发送 FIN 后进入的状态FIN_WAIT2,TCP四次挥手中,主动关闭方在第二部收到 ACK 后进入的状态LAST_ACK,TCP 四次挥手中,被动关闭方在第三步发送 FIN 后进入的状态TIME_WAIT,TCP 四次挥手中,主动关闭方在第四步发送 ACK 后进入的状态CLOSING,少见CLOSED,TCP 四次挥手中,断开连接后,通信双方最终都进入的状态UNKNOWN,未知
PID/Program name
进程 ID 和进程名
RefCnt
被程序引用的次数,不同的程序或者同一个程序中可以使用同一个管道来交换数据
Flags
Type
套接字类型,包括:
- STREAM
- DGRAM
- SEQPACKET
I-Node
Linux 中的文件标识号
Path
连接到套接口的其它进程使用的路径名。
常用命令
列出所有TCP连接
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
[root@master uphie]# netstat -atnp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1259/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1776/master
tcp 0 0 127.0.0.1:10248 0.0.0.0:* LISTEN 30514/kubelet
tcp 0 0 127.0.0.1:45648 0.0.0.0:* LISTEN 29683/containerd
tcp 0 0 10.211.55.22:40570 34.107.244.51:443 ESTABLISHED 29683/containerd
tcp 0 1 10.211.55.22:56100 108.177.125.82:443 SYN_SENT 29683/containerd
tcp 0 0 10.211.55.22:40346 34.107.244.51:443 TIME_WAIT -
tcp 0 1 10.211.55.22:56126 108.177.125.82:443 SYN_SENT 29683/containerd
tcp 0 0 10.211.55.22:40430 34.107.244.51:443 TIME_WAIT -
tcp 0 0 10.211.55.22:40422 34.107.244.51:443 TIME_WAIT -
tcp 0 0 10.211.55.22:40404 34.107.244.51:443 TIME_WAIT -
tcp 0 0 10.211.55.22:22 10.211.55.2:55804 ESTABLISHED 4573/sshd: uphie [p
tcp 0 0 10.211.55.22:22 10.211.55.2:57173 ESTABLISHED 4905/sshd: uphie [p
tcp 0 0 10.211.55.22:40548 34.107.244.51:443 ESTABLISHED 29683/containerd
tcp 0 1 10.211.55.22:56124 108.177.125.82:443 SYN_SENT 29683/containerd
tcp 0 0 10.211.55.22:22 10.211.55.2:55580 ESTABLISHED 7827/sshd: uphie [p
tcp 0 0 10.211.55.22:40571 34.107.244.51:443 ESTABLISHED 29683/containerd
tcp 0 0 10.211.55.22:40500 34.107.244.51:443 TIME_WAIT -
tcp6 0 0 :::22 :::* LISTEN 1259/sshd
tcp6 0 0 :::7000 :::* LISTEN 4899/./helloworld
tcp6 0 0 ::1:25 :::* LISTEN 1776/master
tcp6 0 0 :::10250 :::* LISTEN 30514/kubelet
tcp6 0 0 ::1:51228 ::1:7000 TIME_WAIT -
列出所有正在监听的连接
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
[root@master uphie]# netstat -al
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN
tcp 0 0 localhost:10248 0.0.0.0:* LISTEN
tcp 0 0 localhost:45648 0.0.0.0:* LISTEN
tcp 0 0 master.local:40984 51.244.107.34.bc.:https ESTABLISHED
tcp 0 0 master.local:40946 51.244.107.34.bc.:https ESTABLISHED
tcp 0 1 master.local:52180 tb-in-f82.1e100.n:https SYN_SENT
tcp 0 1 master.local:56498 tp-in-f82.1e100.n:https SYN_SENT
tcp 0 0 master.local:csccredir 51.244.107.34.bc.:https TIME_WAIT
tcp 0 0 master.local:41002 51.244.107.34.bc.:https ESTABLISHED
tcp 0 0 master.local:41020 51.244.107.34.bc.:https ESTABLISHED
tcp 0 1 master.local:60042 ti-in-f82.1e100.n:https SYN_SENT
tcp 0 0 master.local:40862 51.244.107.34.bc.:https TIME_WAIT
tcp 0 0 master.local:ssh 10.211.55.2:55804 ESTABLISHED
tcp 0 0 master.local:ssh 10.211.55.2:57173 ESTABLISHED
tcp 0 0 master.local:40798 51.244.107.34.bc.:https TIME_WAIT
tcp 0 1 master.local:60060 ti-in-f82.1e100.n:https SYN_SENT
tcp 0 0 master.local:40872 51.244.107.34.bc.:https TIME_WAIT
tcp 0 0 master.local:ssh 10.211.55.2:55580 ESTABLISHED
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 [::]:afs3-fileserver [::]:* LISTEN
tcp6 0 0 localhost:smtp [::]:* LISTEN
tcp6 0 0 [::]:10250 [::]:* LISTEN
udp 0 0 0.0.0.0:bootpc 0.0.0.0:*
udp 0 0 localhost:323 0.0.0.0:*
udp6 0 0 localhost:323 [::]:*
raw6 0 0 [::]:ipv6-icmp [::]:* 7
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 1795 /run/lvm/lvmpolld.socket
unix 2 [ ] DGRAM 15627 /var/run/chrony/chronyd.sock
unix 2 [ ACC ] SEQPACKET LISTENING 1815 /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 12317 /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 14133 /var/run/NetworkManager/private-dhcp
unix 2 [ ACC ] STREAM LISTENING 1847 /run/lvm/lvmetad.socket
列出所有TCP连接的统计信息
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
[root@master uphie]# netstat -st
IcmpMsg:
InType0: 3
InType3: 108
OutType3: 109
OutType8: 3
Tcp:
148094 active connections openings
8 passive connection openings
131936 failed connection attempts
4 connection resets received
5 connections established
730031 segments received
536147 segments send out
32630 segments retransmited
0 bad segments received.
131972 resets sent
UdpLite:
TcpExt:
7981 TCP sockets finished time wait in fast timer
8068 delayed acks sent
2 delayed acks further delayed because of locked socket
Quick ack mode was activated 12 times
356530 packet headers predicted
34680 acknowledgments not containing data payload received
17346 predicted acknowledgments
55 congestion windows recovered without slow start after partial ack
8192 other TCP timeouts
12 DSACKs sent for old packets
TCPRetransFail: 6
TCPRcvCoalesce: 309097
TCPSynRetrans: 32529
TCPOrigDataSent: 44682
TCPHystartTrainDetect: 2
TCPHystartTrainCwnd: 33
IpExt:
InNoRoutes: 37
InBcastPkts: 146
InOctets: 570569977
OutOctets: 35197118
InBcastOctets: 27396
InNoECTPkts: 759894
InECT0Pkts: 4173
显示核心路由信息
1
2
3
4
5
6
7
8
9
10
11
12
[root@master uphie]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default prl-local-ns-se 0.0.0.0 UG 0 0 0 eth0
10.211.55.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
[root@master uphie]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.211.55.1 0.0.0.0 UG 0 0 0 eth0
10.211.55.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
显示网络接口
1
2
3
4
5
6
[root@master uphie]# netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
docker0 1500 0 0 0 0 0 0 0 0 BMU
eth0 1500 503037 0 0 0 339370 0 0 0 BMRU
lo 65536 263232 0 0 0 263232 0 0 0 LRU
倒序排列TCP连接不同数量的状态情况
1
2
3
4
5
6
7
[root@master uphie]# netstat -nat | awk '{print $6}' | sort | uniq -c | sort -rn
8 LISTEN
7 ESTABLISHED
4 TIME_WAIT
4 SYN_SENT
1 Foreign
1 established)