Unix / Linux上的10个Netstat命令示例

Netstat命令显示各种网络数据,例如网络连接,路由表,接口统计信息,掩码连接,多播空间等。

在本文中,让我们看一下10个实用的命令示例 网络统计 在Unix上。

1.所有端口的列表(监听和非监听端口)

使用Netstat -a命令列出所有端口

# netstat -a | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 localhost:30037         *:*                     LISTEN
udp        0      0 *:bootpc                *:*                                

Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     6135     /tmp/.X11-unix/X0
unix  2      [ ACC ]     STREAM     LISTENING     5140     /var/run/acpid.socket

使用netstat -at列出所有TCP端口

# netstat -at
Active Internet connections (servers and established)                     
Proto Recv-Q Send-Q Local Address           Foreign Address         State 
tcp        0      0 0.0.0.0:http            0.0.0.0:*               LISTEN
tcp        0      0 localhost:webcache      0.0.0.0:*               LISTEN
tcp        0      0 andreyex.ru:domain      0.0.0.0:*               LISTEN
tcp        0      0 localhost:domain        0.0.0.0:*               LISTEN

使用netstat -au列出所有UDP端口

# netstat -au
Active Internet connections (servers and established)                           
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
udp        0      0 andreyex.ru:49419       google-public-dn:domain ESTABLISHED 
udp        0      0 andreyex.ru:39293       google-public-dn:domain ESTABLISHED 
udp        0      0 andreyex.ru:50053       google-public-dn:domain ESTABLISHED

2.处于侦听状态的套接字列表

仅列出带有netstat -l的侦听端口

# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:http            0.0.0.0:*               LISTEN
tcp        0      0 localhost:webcache      0.0.0.0:*               LISTEN
tcp        0      0 andreyex.ru:domain      0.0.0.0:*               LISTEN
tcp        0      0 localhost:domain        0.0.0.0:*               LISTEN

仅列出带有netstat -lt的侦听TCP端口

# netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:http            0.0.0.0:*               LISTEN
tcp        0      0 localhost:webcache      0.0.0.0:*               LISTEN
tcp        0      0 andreyex.ru:domain      0.0.0.0:*               LISTEN
tcp        0      0 localhost:domain        0.0.0.0:*               LISTEN

使用netstat -lu仅列出侦听的UDP端口

# netstat -lu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
udp        0      0 andreyex.ru:domain      0.0.0.0:*
udp        0      0 localhost:domain        0.0.0.0:*
udp        0      0 andreyex.ru:ntp         0.0.0.0:*

使用netstat -lx仅列出正在侦听的UNIX端口

# netstat -lx
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     19693    tmp/core.adm.internal 
unix  2      [ ACC ]     SEQPACKET  LISTENING     8723     /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     12566    /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     16948    /var/run/fail2ban/fail2ban.sock
unix  2      [ ACC ]     STREAM     LISTENING     19702    tmp/core.sock

3.显示每个协议的统计信息

使用netstat -s显示所有端口的统计信息

# netstat -s
Ip:                                                                                                                                                           
    190566 total packets received                                                                                                                             
    0 forwarded                                                                                                                                               
    0 incoming packets discarded                                                                                                                              
    189618 incoming packets delivered                                                                                                                         
    170462 requests sent out                                                                                                                                  
    16 dropped because of missing route                                                                                                                       
Icmp:                                                                                                                                                         
    74 ICMP messages received                                                                                                                                 
    0 input ICMP message failed.                                                                                                                              
    ICMP input histogram:                                                                                                                                     
        destination unreachable: 22                                                                                                                           
        echo requests: 52
.....

使用netstat -st(或)-su显示TCP(或)UDP端口的统计信息

# netstat -st

# netstat -su

4.使用netstat -p命令在netstat输出中显示PID和程序名称

netstat -p选项可以与任何其他netstat选项结合使用。 这会将“ PID /程序名称”添加到netstat输出中。 这在调试以确定哪个程序在特定端口上运行时非常有用。

# netstat -pt
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 localhost:56642         localhost:46846         TIME_WAIT   -                                                                             
tcp        0      0 localhost:56642         localhost:46748         TIME_WAIT   -

5.在netstat输出中不允许主机,端口和用户名

如果不想显示主机名,端口或用户名,请使用netstat和-n选项。 它将以数字显示,并且不允许主机名,端口名和用户名。

由于netstat不执行任何查找,因此这也加快了注销速度。

# netstat -an

如果您不希望这三个项目之一(端口,主机或用户),请使用以下命令。

# netsat -a --numeric-ports

# netsat -a --numeric-hosts

# netsat -a --numeric-users

6.连续打印netstat信息

netstat将每隔几秒钟连续打印一次信息。

# netstat -c
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 localhost:37840         localhost:webcache      ESTABLISHED                                                                               
tcp        0      0 andreyex.ru:vlsi-lm     213.132.93.178:24080    ESTABLISHED                                                                               
tcp        0      0 localhost:56642         localhost:47258         TIME_WAIT                                                                                 
tcp        0      0 localhost:56642         localhost:47150         TIME_WAIT
^C

退出打印:Ctrl +C。

7.在系统中查找支持家庭住址的数字

netstat --verbose

最后,您将拥有类似的东西。

netstat: no support for `AF IPX' on this system.
netstat: no support for `AF AX25' on this system.
netstat: no support for `AF X25' on this system.
netstat: no support for `AF NETROM' on this system.

8.使用netstat -r显示内核路由信息

# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         gw.msk.ispsyste 0.0.0.0         UG        0 0          0 eth0
213.159.208.0   0.0.0.0         255.255.254.0   U         0 0          0 eth0

注意:使用netstat -rn以数字形式显示路由,而无需主机名解析。

9.找出程序在哪个端口上运行

# netstat -ap | grep ssh
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp        0      0 0.0.0.0:28456           0.0.0.0:*               LISTEN      779/sshd            
tcp        0      0 andreyex.ru:28456       213.132.93.178:13430    ESTABLISHED 2893/sshd: andreyex 
tcp        0      0 andreyex.ru:28456       213.132.93.178:13106    ESTABLISHED 2393/sshd: andreyex 
tcp6       0      0 [::]:28456              [::]:*                  LISTEN      779/sshd

找出哪个进程正在使用特定端口:

# netstat -an | grep ':80'

10.显示网络接口列表

# netstat -i
Kernel Interface table
Iface      MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg 
eth0      1555  2765202      0      0 0         86602      0      0      0 BMRU
lo       65536    93149      0      0 0         93149      0      0      0 LRU

使用netstat -ie显示有关接口的扩展信息(类似于ifconfig):

# netstat -ie
Kernel Interface table
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1550 
        inet 213.159.209.228  netmask 255.255.254.0  broadcast 213.159.209.255
        inet6 fe80::5054:ff:fe80:19a4  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:80:19:a4  txqueuelen 1000  (Ethernet)      
        RX packets 2772322  bytes 189451708 (180.6 MiB)           
        RX errors 0  dropped 0  overruns 0  frame 0               
        TX packets 86767  bytes 137897931 (131.5 MiB)             
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Sidebar