linux网络管理的20个netstat命令

netstat (network statistics) 是一个命令行工具，用于监视传入和传出的网络连接以及查看路由表、接口统计信息等。
netstat可在所有类Unix操作系统上使用，也可在Windows OS以及。它在网络故障排除和性能测量方面非常有用。netstat是最基本的网络服务调试工具之一，告诉你哪些端口是开放的，是否有程序在监听端口。

常见参数

代码语言：javascript复制

-a (all)显示所有选项，默认不显示LISTEN相关
-t (tcp)仅显示tcp相关选项
-u (udp)仅显示udp相关选项
-n 拒绝显示别名，能显示数字的全部转化成数字。
-l 仅列出有在 Listen (监听) 的服务状态

-p 显示建立相关链接的程序名
-r 显示路由信息，路由表
-e 显示扩展信息，例如uid等
-s 按各个协议进行统计
-c 每隔一个固定时间，执行该netstat命令。

提示：LISTEN和LISTENING的状态只有用-a或者-l才能看到

1. 列出所有TCP和UDP连接的监听端口

使用以下命令列出所有端口（TCP 和 UDP）netstat

代码语言：javascript复制

# netstat -a | more

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 *:sunrpc                    *:*                         LISTEN
tcp        0     52 192.168.0.2:ssh             192.168.0.1:egs             ESTABLISHED
tcp        1      0 192.168.0.2:59292           www.gov.com:http            CLOSE_WAIT
tcp        0      0 localhost:smtp              *:*                         LISTEN
tcp        0      0 *:59482                     *:*                         LISTEN
udp        0      0 *:35036                     *:*
udp        0      0 *:npmp-local                *:*

Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     16972  /tmp/orbit-root/linc-76b-0-6fa08790553d6
unix  2      [ ACC ]     STREAM     LISTENING     17149  /tmp/orbit-root/linc-794-0-7058d584166d2
unix  2      [ ACC ]     STREAM     LISTENING     17161  /tmp/orbit-root/linc-792-0-546fe905321cc
unix  2      [ ACC ]     STREAM     LISTENING     15938  /tmp/orbit-root/linc-74b-0-415135cb6aeab

2. 列出TCP端口连接

TCP(Transmission Control Protocol) 端口连接使用netstat -at.

代码语言：javascript复制

# netstat -at

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 *:ssh                       *:*                         LISTEN
tcp        0      0 localhost:ipp               *:*                         LISTEN
tcp        0      0 localhost:smtp              *:*                         LISTEN
tcp        0     52 192.168.0.2:ssh             192.168.0.1:egs             ESTABLISHED
tcp        1      0 192.168.0.2:59292           www.gov.com:http            CLOSE_WAIT

3. 列出UDP端口连接

UDP(User Datagram Protocol) 端口连接使用netstat -au.

代码语言：javascript复制

# netstat -au

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
udp        0      0 *:35036                     *:*
udp        0      0 *:npmp-local                *:*
udp        0      0 *:mdns                      *:*

4. 列出所有LISTENING连接

列出所有活动的监听端口连接netstat -l.

代码语言：javascript复制

# netstat -l

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 *:sunrpc                    *:*                         LISTEN
tcp        0      0 *:58642                     *:*                         LISTEN
tcp        0      0 *:ssh                       *:*                         LISTEN
udp        0      0 *:35036                     *:*
udp        0      0 *:npmp-local                *:*

Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     16972  /tmp/orbit-root/linc-76b-0-6fa08790553d6
unix  2      [ ACC ]     STREAM     LISTENING     17149  /tmp/orbit-root/linc-794-0-7058d584166d2
unix  2      [ ACC ]     STREAM     LISTENING     17161  /tmp/orbit-root/linc-792-0-546fe905321cc
unix  2      [ ACC ]     STREAM     LISTENING     15938  /tmp/orbit-root/linc-74b-0-415135cb6aeab

5. 列出所有TCP监听端口

使用选项列出所有活动的监听 TCP 端口netstat -lt.

代码语言：javascript复制

# netstat -lt

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 *:dctp                      *:*                         LISTEN
tcp        0      0 *:mysql                     *:*                         LISTEN
tcp        0      0 *:sunrpc                    *:*                         LISTEN
tcp        0      0 *:munin                     *:*                         LISTEN
tcp        0      0 *:ftp                       *:*                         LISTEN
tcp        0      0 localhost.localdomain:ipp   *:*                         LISTEN
tcp        0      0 localhost.localdomain:smtp  *:*                         LISTEN
tcp        0      0 *:http                      *:*                         LISTEN
tcp        0      0 *:ssh                       *:*                         LISTEN
tcp        0      0 *:https                     *:*                         LISTEN

6. 列出所有UDP监听端口

使用选项列出所有活动的监听UDP端口netstat -lu.

代码语言：javascript复制

# netstat -lu

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
udp        0      0 *:39578                     *:*
udp        0      0 *:meregister                *:*
udp        0      0 *:vpps-qua                  *:*
udp        0      0 *:openvpn                   *:*
udp        0      0 *:mdns                      *:*
udp        0      0 *:sunrpc                    *:*
udp        0      0 *:ipp                       *:*
udp        0      0 *:60222                     *:*
udp        0      0 *:mdns                      *:*

7. 列出所有UNIX监听端口

使用列出所有活动的UNIX监听端口netstat -lx.

代码语言：javascript复制

# netstat -lx

Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     4171   @ISCSIADM_ABSTRACT_NAMESPACE
unix  2      [ ACC ]     STREAM     LISTENING     5767   /var/run/cups/cups.sock
unix  2      [ ACC ]     STREAM     LISTENING     7082   @/tmp/fam-root-
unix  2      [ ACC ]     STREAM     LISTENING     6157   /dev/gpmctl
unix  2      [ ACC ]     STREAM     LISTENING     6215   @/var/run/hald/dbus-IcefTIUkHm
unix  2      [ ACC ]     STREAM     LISTENING     6038   /tmp/.font-unix/fs7100
unix  2      [ ACC ]     STREAM     LISTENING     6175   /var/run/avahi-daemon/socket
unix  2      [ ACC ]     STREAM     LISTENING     4157   @ISCSID_UIP_ABSTRACT_NAMESPACE
unix  2      [ ACC ]     STREAM     LISTENING     60835836 /var/lib/mysql/mysql.sock
unix  2      [ ACC ]     STREAM     LISTENING     4645   /var/run/audispd_events
unix  2      [ ACC ]     STREAM     LISTENING     5136   /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     6216   @/var/run/hald/dbus-wsUBI30V2I
unix  2      [ ACC ]     STREAM     LISTENING     5517   /var/run/acpid.socket
unix  2      [ ACC ]     STREAM     LISTENING     5531   /var/run/pcscd.comm

8. 按协议显示统计数据

按协议显示统计信息。默认情况下，会显示 TCP、UDP、ICMP 和 IP 协议的统计信息。-s 参数可用于指定一组协议。

代码语言：javascript复制

# netstat -s

Ip:
2461 total packets received
0 forwarded
0 incoming packets discarded
2431 incoming packets delivered
2049 requests sent out
Icmp:
0 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
1 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
    destination unreachable: 1
Tcp:
159 active connections openings
1 passive connection openings
4 failed connection attempts
0 connection resets received
1 connections established
2191 segments received
1745 segments send out
24 segments retransmited
0 bad segments received.
4 resets sent
Udp:
243 packets received
1 packets to unknown port received.
0 packet receive errors
281 packets sent

9. 按TCP协议显示统计信息

使用选项仅显示TCP协议的统计信息netstat -st.

代码语言：javascript复制

# netstat -st

Tcp:
2805201 active connections openings
1597466 passive connection openings
1522484 failed connection attempts
37806 connection resets received
1 connections established
57718706 segments received
64280042 segments send out
3135688 segments retransmited
74 bad segments received.
17580 resets sent

10. UDP统计

代码语言：javascript复制

# netstat -su

Udp:
1774823 packets received
901848 packets to unknown port received.
0 packet receive errors
2968722 packets sent

11. 用PID显示服务名称

使用选项显示服务名称及其PID编号netstat -tp将显示PID/程序名称。

代码语言：javascript复制

# netstat -tp

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 192.168.0.2:ssh             192.168.0.1:egs             ESTABLISHED 2179/sshd
tcp        1      0 192.168.0.2:59292           www.gov.com:http            CLOSE_WAIT  1939/clock-applet

12. 显示混杂模式

使用-ac开关显示混杂模式，netstat每五秒打印一次选定的信息或刷新屏幕。默认屏幕每秒刷新一次。

代码语言：javascript复制

# netstat -ac 5 | grep tcp

tcp        0      0 *:sunrpc                    *:*                         LISTEN
tcp        0      0 *:58642                     *:*                         LISTEN
tcp        0      0 *:ssh                       *:*                         LISTEN
tcp        0      0 localhost:ipp               *:*                         LISTEN
tcp        0      0 localhost:smtp              *:*                         LISTEN
tcp        1      0 192.168.0.2:59447           www.gov.com:http            CLOSE_WAIT
tcp        0     52 192.168.0.2:ssh             192.168.0.1:egs             ESTABLISHED
tcp        0      0 *:sunrpc                    *:*                         LISTEN
tcp        0      0 *:ssh                       *:*                         LISTEN
tcp        0      0 localhost:ipp               *:*                         LISTEN
tcp        0      0 localhost:smtp              *:*                         LISTEN
tcp        0      0 *:59482                     *:*                         LISTEN

13. 显示内核 IP 路由

使用netstat和route命令显示内核 IP 路由表。

代码语言：javascript复制

# netstat -r

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.0.0     *               255.255.255.0   U         0 0          0 eth0
link-local      *               255.255.0.0     U         0 0          0 eth0
default         192.168.0.1     0.0.0.0         UG        0 0          0 eth0

14. 显示网络接口事务

显示网络接口数据包事务，包括传输和接收具有 MTU 大小的数据包。

代码语言：javascript复制

# netstat -i

Kernel Interface table
Iface       MTU Met    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500   0     4459      0      0      0     4057      0      0      0 BMRU
lo        16436   0        8      0      0      0        8      0      0      0 LRU

15. 显示内核接口表

显示内核接口表，类似于ifconfig命令。

代码语言：javascript复制

# netstat -ie

Kernel Interface table
br-e059a2d63b1e: flags=4355<UP,BROADCAST,PROMISC,MULTICAST>  mtu 1500
        inet 172.18.1.1  netmask 255.255.0.0  broadcast 172.18.255.255
        inet6 fe80::42:81ff:fece:ec18  prefixlen 64  scopeid 0x20<link>
        ether 02:42:81:ce:ec:18  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

br-f99ee05905fa: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.18.1.1  netmask 255.255.0.0  broadcast 172.18.255.255
        inet6 fe80::42:85ff:feef:8f9c  prefixlen 64  scopeid 0x20<link>
        ether 02:42:85:ef:8f:9c  txqueuelen 0  (Ethernet)
        RX packets 99361793  bytes 36125845748 (33.6 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 99361793  bytes 36125845748 (33.6 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1450
        inet 192.168.0.3  netmask 255.255.240.0  broadcast 192.168.15.255
        inet6 fe80::d662:97b7:3976:db84  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:7c:d0:42  txqueuelen 1000  (Ethernet)
        RX packets 11653213466  bytes 5112384579320 (4.6 TiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 11634733071  bytes 4992127805775 (4.5 TiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 99361793  bytes 36125845748 (33.6 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 99361793  bytes 36125845748 (33.6 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

16. 显示IPv4和IPv6信息

显示IPv4和IPv6的多播组成员信息。

代码语言：javascript复制

# netstat -g

IPv6/IPv4 Group Memberships
Interface       RefCnt Group
--------------- ------ ---------------------
lo              1      224.0.0.1
eth0            1      224.0.0.1
br-e059a2d63b1e 1      224.0.0.1
br-f99ee05905fa 1      224.0.0.1
lo              1      ff02::1
lo              1      ff01::1
eth0            1      ff02::1:ff76:db84
eth0            1      ff02::1
eth0            1      ff01::1
docker0         1      ff02::1
docker0         1      ff01::1
br-e059a2d63b1e 1      ff02::1:ffce:ec18
br-e059a2d63b1e 1      ff02::1
br-e059a2d63b1e 1      ff01::1
br-f99ee05905fa 1      ff02::1:ffef:8f9c
br-f99ee05905fa 1      ff02::1
br-f99ee05905fa 1      ff01::1

17. 连续打印`netstat`信息

要每隔几秒获取一次netstat信息，然后使用以下命令，它将连续打印netstat信息，例如每隔几秒。

代码语言：javascript复制

# netstat -c

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 JD:6379                 114.67.65.213:60534     ESTABLISHED
tcp        0     64 JD:ssh                  27.17.211.71:5996       ESTABLISHED
tcp        0      0 JD:13980                218.207.144.248:39538   ESTABLISHED

18. 寻找不支持的地址

使用一些有用的信息查找未配置的地址族。

代码语言：javascript复制

# netstat --verbose

netstat: no support for `AF IPX' on this system.
netstat: no support for `AF AX25' on this system.
netstat: no support for `AF X25' on this system.
netstat: no support for `AF NETROM' on this system.

19. 找出程序运行的端口

找出在一个端口上运行的监听程序。

代码语言：javascript复制

# netstat -ap | grep http

tcp        0      0 JD.com:radan-http       0.0.0.0:*               LISTEN      3144/influxd        
tcp        0      0 0.0.0.0:http            0.0.0.0:*               LISTEN      13360/nginx: master 
tcp        0      0 JD:49236                100.67.239.135:http     ESTABLISHED -

20. 显示RAW网络统计信息

代码语言：javascript复制

# netstat --statistics --raw

Ip:
    12027754111 total packets received
    4073035 forwarded
    0 incoming packets discarded
    12008317607 incoming packets delivered
    11036880089 requests sent out
    2957857 outgoing packets dropped
    1 dropped because of missing route
    18474 fragments dropped after timeout
    29861895 reassemblies required
    14899673 packets reassembled ok
    18498 packet reassembles failed
    725852528 fragments received ok
    414 fragments failed
    1451705056 fragments created
Icmp:
    81169352 ICMP messages received
    5022325 input ICMP message failed.
    InCsumErrors: 23
    ICMP input histogram:
        destination unreachable: 55591037
        timeout in transit: 5402249
        wrong parameters: 199
        source quenches: 42
        redirects: 38799
        echo requests: 14289982
        echo replies: 251764
        timestamp request: 93
    117932136 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 49879683
        time exceeded: 4979
        echo request: 174053
        echo replies: 14289982
        timestamp replies: 93
IcmpMsg:
        InType0: 251764
        InType3: 55591037
        InType4: 42
        InType5: 38799
        InType8: 14289982
        InType11: 5402249
        InType12: 199
        InType13: 93
        InType15: 5595164
        OutType0: 14289982
        OutType3: 49879683
        OutType8: 174053
        OutType11: 4979
        OutType14: 93
        OutType69: 53583346
UdpLite:
IpExt:
    InNoRoutes: 27
    OutMcastPkts: 15
    InBcastPkts: 279100451
    OutBcastPkts: 279100451
    InOctets: 5026681712589
    OutOctets: 4855303523603
    OutMcastOctets: 1170
    InBcastOctets: 44368686653
    OutBcastOctets: 44368686653
    InNoECTPkts: 12028075355
    InECT0Pkts: 22692

相关文章

Linux之netstat命令

Linux之ss命令

udp ipv6 unix linux tcp/ip

0 人点赞

linux网络管理的20个netstat命令

常见参数

1. 列出所有TCP和UDP连接的监听端口

2. 列出TCP端口连接

3. 列出UDP端口连接

4. 列出所有LISTENING连接

5. 列出所有TCP监听端口

6. 列出所有UDP监听端口

7. 列出所有UNIX监听端口

8. 按协议显示统计数据

9. 按TCP协议显示统计信息

10. UDP统计

11. 用PID显示服务名称

12. 显示混杂模式

13. 显示内核 IP 路由

14. 显示网络接口事务

15. 显示内核接口表

16. 显示IPv4和IPv6信息

17. 连续打印netstat信息

18. 寻找不支持的地址

19. 找出程序运行的端口

20. 显示RAW网络统计信息

17. 连续打印`netstat`信息