Unix / Linux上的10個Netstat命令示例

Netstat命令顯示各種網絡數據,例如網絡連接,路由表,接口統計信息,掩碼連接,多播空間等。

在本文中,讓我們看一下10個實用的命令示例 網絡統計 在Unix上。

1.所有端口的列表(監聽和非監聽端口)

使用Netstat -a命令列出所有端口

# netstat -a | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 localhost:30037         *:*                     LISTEN
udp        0      0 *:bootpc                *:*                                

Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     6135     /tmp/.X11-unix/X0
unix  2      [ ACC ]     STREAM     LISTENING     5140     /var/run/acpid.socket

使用netstat -at列出所有TCP端口

# netstat -at
Active Internet connections (servers and established)                     
Proto Recv-Q Send-Q Local Address           Foreign Address         State 
tcp        0      0 0.0.0.0:http            0.0.0.0:*               LISTEN
tcp        0      0 localhost:webcache      0.0.0.0:*               LISTEN
tcp        0      0 andreyex.ru:domain      0.0.0.0:*               LISTEN
tcp        0      0 localhost:domain        0.0.0.0:*               LISTEN

使用netstat -au列出所有UDP端口

# netstat -au
Active Internet connections (servers and established)                           
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
udp        0      0 andreyex.ru:49419       google-public-dn:domain ESTABLISHED 
udp        0      0 andreyex.ru:39293       google-public-dn:domain ESTABLISHED 
udp        0      0 andreyex.ru:50053       google-public-dn:domain ESTABLISHED

2.處於偵聽狀態的套接字列表

僅列出帶有netstat -l的偵聽端口

# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:http            0.0.0.0:*               LISTEN
tcp        0      0 localhost:webcache      0.0.0.0:*               LISTEN
tcp        0      0 andreyex.ru:domain      0.0.0.0:*               LISTEN
tcp        0      0 localhost:domain        0.0.0.0:*               LISTEN

僅列出帶有netstat -lt的偵聽TCP端口

# netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:http            0.0.0.0:*               LISTEN
tcp        0      0 localhost:webcache      0.0.0.0:*               LISTEN
tcp        0      0 andreyex.ru:domain      0.0.0.0:*               LISTEN
tcp        0      0 localhost:domain        0.0.0.0:*               LISTEN

使用netstat -lu僅列出偵聽的UDP端口

# netstat -lu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
udp        0      0 andreyex.ru:domain      0.0.0.0:*
udp        0      0 localhost:domain        0.0.0.0:*
udp        0      0 andreyex.ru:ntp         0.0.0.0:*

使用netstat -lx僅列出正在偵聽的UNIX端口

# netstat -lx
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     19693    tmp/core.adm.internal 
unix  2      [ ACC ]     SEQPACKET  LISTENING     8723     /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     12566    /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     16948    /var/run/fail2ban/fail2ban.sock
unix  2      [ ACC ]     STREAM     LISTENING     19702    tmp/core.sock

3.顯示每個協議的統計信息

使用netstat -s顯示所有端口的統計信息

# netstat -s
Ip:                                                                                                                                                           
    190566 total packets received                                                                                                                             
    0 forwarded                                                                                                                                               
    0 incoming packets discarded                                                                                                                              
    189618 incoming packets delivered                                                                                                                         
    170462 requests sent out                                                                                                                                  
    16 dropped because of missing route                                                                                                                       
Icmp:                                                                                                                                                         
    74 ICMP messages received                                                                                                                                 
    0 input ICMP message failed.                                                                                                                              
    ICMP input histogram:                                                                                                                                     
        destination unreachable: 22                                                                                                                           
        echo requests: 52
.....

使用netstat -st(或)-su顯示TCP(或)UDP端口的統計信息

# netstat -st

# netstat -su

4.使用netstat -p命令在netstat輸出中顯示PID和程序名稱

netstat -p選項可以與任何其他netstat選項結合使用。 這會將“ PID /程序名稱”添加到netstat輸出中。 這在調試以確定哪個程序在特定端口上運行時非常有用。

# netstat -pt
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 localhost:56642         localhost:46846         TIME_WAIT   -                                                                             
tcp        0      0 localhost:56642         localhost:46748         TIME_WAIT   -

5.在netstat輸出中不允許主機,端口和用戶名

如果不想顯示主機名,端口或用戶名,請使用netstat和-n選項。 它將以數字顯示,並且不允許主機名,端口名和用戶名。

由於netstat不執行任何查找,因此這也加快了註銷速度。

# netstat -an

如果您不希望這三個項目之一(端口,主機或用戶),請使用以下命令。

# netsat -a --numeric-ports

# netsat -a --numeric-hosts

# netsat -a --numeric-users

6.連續打印netstat信息

netstat將每隔幾秒鐘連續打印一次信息。

# netstat -c
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 localhost:37840         localhost:webcache      ESTABLISHED                                                                               
tcp        0      0 andreyex.ru:vlsi-lm     213.132.93.178:24080    ESTABLISHED                                                                               
tcp        0      0 localhost:56642         localhost:47258         TIME_WAIT                                                                                 
tcp        0      0 localhost:56642         localhost:47150         TIME_WAIT
^C

退出打印:Ctrl +C。

7.在系統中查找支持家庭住址的數字

netstat --verbose

最後,您將擁有類似的東西。

netstat: no support for `AF IPX' on this system.
netstat: no support for `AF AX25' on this system.
netstat: no support for `AF X25' on this system.
netstat: no support for `AF NETROM' on this system.

8.使用netstat -r顯示內核路由信息

# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         gw.msk.ispsyste 0.0.0.0         UG        0 0          0 eth0
213.159.208.0   0.0.0.0         255.255.254.0   U         0 0          0 eth0

注意:使用netstat -rn以數字形式顯示路由,而無需主機名解析。

9.找出程序在哪個端口上運行

# netstat -ap | grep ssh
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp        0      0 0.0.0.0:28456           0.0.0.0:*               LISTEN      779/sshd            
tcp        0      0 andreyex.ru:28456       213.132.93.178:13430    ESTABLISHED 2893/sshd: andreyex 
tcp        0      0 andreyex.ru:28456       213.132.93.178:13106    ESTABLISHED 2393/sshd: andreyex 
tcp6       0      0 [::]:28456              [::]:*                  LISTEN      779/sshd

找出哪個進程正在使用特定端口:

# netstat -an | grep ':80'

10.顯示網絡接口列表

# netstat -i
Kernel Interface table
Iface      MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg 
eth0      1555  2765202      0      0 0         86602      0      0      0 BMRU
lo       65536    93149      0      0 0         93149      0      0      0 LRU

使用netstat -ie顯示有關接口的擴展信息(類似於ifconfig):

# netstat -ie
Kernel Interface table
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1550 
        inet 213.159.209.228  netmask 255.255.254.0  broadcast 213.159.209.255
        inet6 fe80::5054:ff:fe80:19a4  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:80:19:a4  txqueuelen 1000  (Ethernet)      
        RX packets 2772322  bytes 189451708 (180.6 MiB)           
        RX errors 0  dropped 0  overruns 0  frame 0               
        TX packets 86767  bytes 137897931 (131.5 MiB)             
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Sidebar