FreeABC
记忆重叠

netstat手册

netstat 常用命令

  $sudo netstat -antp|grep 8080   查找占用8080端口的程序   这个最常用
  $sudo netstat -np|grep java|wc -l  查看java的并发数
  
  查看80端口请求数最高的20个ip (查找攻击源)
  $netstat -anlp|grep 80|grep tcp|awk '{print $5}'|awk -F: '{print $1}'|sort|uniq -c|sort -nr|head -n20
    
  查看tcp端口的状态
  $netstat -nat |awk '{print $6}'|sort|uniq -c|sort -rn

参数汇总

   
  -a  show both listening and none-listening sockets.默认是不显示listening sockets
  -t  仅显示tcp相关  默认是都显示
  -u  仅显示udp相关  默认是都显示
  -n  拒绝显示别名,显示数字
  -l  仅列出有在Listen(监听)的服务状态
  -p  显示建立相关连接的程序名   需要sudo才能看到其他用户起动的程序pid

  -r  显示路由表
  -c  每隔一段时间(秒),执行该netstat命令
  -i  显示各个网络接口的状况 
  -s  按照协议进行统计

  
  前面锁所示的 -antp  大家可以对照看一下

TCP端口状态

  TCP端口有如下几个常见的状态
  1.LISTENING    对应netstat的LISTEN   我们开一个80端口的服务,也就是使80端口处于LISTEN状态,
                 这样浏览器就可以与我们的80端口进行连接
  2.ESTABLISED   表示两个端口建立连接成功,正在通信
  3.CLOSE_WAIT   对方主动关闭连接或者网络异常导致连接中断,这时我方的状态就会变为CLOSE_WAIT, 
                 此时我方要主动调用close()来关闭连接
  4.TIME_WAIT    我方主动调用close()断开连接,收到对方确认后变为TIME_WAIT. 
                 TCP协议规定TIME_WAIT状态会一直持续2MSL(两倍的分段最大生存期),
                 以此确保旧的连接状态不会对新连接产生影响。处于TIME_WAIT状态的连接不会被内核释放,
                 所以作为服务器,在可能的情况下,尽量不要主动断开连接,以减少TIME_WAIT状态造成的资源浪费。

-a 参数

  show both listening and none-listening sockets.默认是不显示listening sockets
  
  $netstat 
  Proto Recv-Q Send-Q Local Address               Foreign Address             State
  tcp        0      0 hu_bo1:47054                hu_bo1:8961                 TIME_WAIT
  tcp        0      0 hu_bo1:6981                 192.168.6.80:54645          ESTABLISHED
  tcp       41      0 localhost:8092              localhost:25272             CLOSE_WAIT
  
  $netstat -a
  tcp        0      0 *:acnet                     *:*                         LISTEN    #多了这个
  tcp        0      0 hu_bo1:47054                hu_bo1:8961                 TIME_WAIT
  tcp        0      0 hu_bo1:6981                 192.168.6.80:54645          ESTABLISHED
  tcp       41      0 localhost:8092              localhost:25272             CLOSE_WAIT

  其中Recv-Q 表示接受队列  Send-Q表示发送队列  这些数字一般是0,如果不是则表示网络包正在堆积

-t 参数

  只显示tcp端口 默认是全部显示
  $netstat 
  Proto Recv-Q Send-Q Local Address               Foreign Address             State
  tcp        0      0 hu_bo1:47054                hu_bo1:8961                 TIME_WAIT
  tcp        0      0 hu_bo1:6981                 192.168.6.80:54645          ESTABLISHED
  tcp       41      0 localhost:8092              localhost:25272             CLOSE_WAIT
  tcp        0      0 SHTU-ABC-05.abc:griffin     SHTU-REDIS-21-104.abc:6062 ESTABLISHED
  Active UNIX domain sockets (w/o servers)
  Proto RefCnt Flags       Type       State         I-Node Path               
  unix  7      [ ]         DGRAM                    74370628 /dev/log
  unix  2      [ ]         DGRAM                    834846110
  
  其中Active UNIX doamin sockets 为Unix域套接字,只能用于本机进程间通讯,性能比TCP高
  
  $netstat -t
  Proto Recv-Q Send-Q Local Address               Foreign Address             State
  tcp        0      0 hu_bo1:47054                hu_bo1:8961                 TIME_WAIT
  tcp        0      0 hu_bo1:6981                 192.168.6.80:54645          ESTABLISHED
  tcp       41      0 localhost:8092              localhost:25272             CLOSE_WAIT
  tcp        0      0 SHTU-ABC-05.abc:griffin     SHTU-REDIS-91-14.abc:6062   ESTABLISHED

-u 参数

  只显示udp 端口,默认是全部显示

-n 参数

  -n  拒绝显示别名,显示数字
  $netstat
  Proto Recv-Q Send-Q Local Address               Foreign Address             State
  tcp        0      0 hu_bo1:47054                hu_bo1:8961                 TIME_WAIT
  tcp        0      0 hu_bo1:6981                 192.168.6.80:54645          ESTABLISHED
  tcp       41      0 localhost:8092              localhost:25272             CLOSE_WAIT
  tcp        0      0 SHTU-ABC-05.abc:griffin     SHTU-REDIS-21-104.abc:6062 ESTABLISHED
  
  
  如下所示,显示的都是ip地址
  $netstat -n
  tcp        0      0 192.168.17.13:47054         192.168.17.13:8961          TIME_WAIT
  tcp        0      0 192.168.17.13:6981          192.168.6.80:54645          ESTABLISHED
  tcp       41      0 127.0.0.1:8092              127.0.0.1:25272             CLOSE_WAIT

-l 参数

  -l  仅列出有在Listen(监听)的服务状态
  
  $netstat -l
  tcp        0      0 hu_bo1:6981                 *:*                         LISTEN
  tcp        0      0 *:2189                      *:*                         LISTEN
  tcp        0      0 hu_bo1:11213                *:*                         LISTEN
  tcp        0      0 hu_bo1:6586                 *:*                         LISTEN

-p 参数

  -p  显示建立相关连接的程序名   需要sudo才能看到其他用户起动的程序pid
  
  $sudo netstat -p
  tcp        0      0 hu_bo1:6981                 192.168.77.80:52256         ESTABLISHED 6458/redis-server 1
  tcp        0      0 hu_bo1:6980                 hu_bo1:11802                ESTABLISHED 6418/redis-server 1
  tcp        0      0 hu_bo1:6980                 192.168.77.80:65120         ESTABLISHED 6418/redis-server 1

-r 参数

  -r 显示路由表
  $ netstat -r
  Kernel IP routing table
  Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
  192.168.77.0     *              255.255.255.0   U         0 0          0 em2
  link-local      *               255.255.0.0     U         0 0          0 em1
  link-local      *               255.255.0.0     U         0 0          0 em2
  192.168.0.0     192.168.77.1    255.255.0.0     UG        0 0          0 em2

-i 参数

  -i 显示各个网络接口的状况
  
  $netstat -i
  Kernel Interface table
  Iface       MTU  Met  RX-OK      RX-ERR RX-DRP RX-OVR   TX-OK       TX-ERR TX-DRP TX-OVR  Flg
  em1        1500   0 120567162       0      0      0     90527177      0      0      0     BMRU
  em2        1500   0 5357249686      0      0      0     4400173145    0      0      0     BMRU
  lo        65536   0 49625810403     0      0      0     49625810403   0      0      0     LRU
  
  参数解释
  RX-OK   接收时,正确的数据包数
  RX-ERR  接受时,错误的数据包数
  RX-DRP  接受时,丢弃的数据包数
  RX-OVR  接收时,由于过速(在数据传输中,由于接收设备不能接收按照发送速率传送来的数据而使数据丢失)而丢失的数据包数。
  TX-OK   发送时,正确的数据包数。
  TX-ERR  发送时,产生错误的数据包数。
  TX-DRP  发送时,丢弃的数据包数。
  TX-OVR  发送时,由于过速而丢失的数据包数。
  
  Flg
  标志。
  B 已经设置了一个广播地址。
  L 该接口是一个回送设备。
  M 接收所有数据包(混乱模式)。
  N 避免跟踪。
  O 在该接口上,禁用ARP。
  P 这是一个点到点链接。
  R 接口正在运行。
  U 接口处于“活动”状态。

-c 参数

  $netstat -p -c 10   每隔10秒执行一次该命令

-s 参数

  -s 按照协议进行统计   如果机器网络不太好的情况下,我们可以使用此参数来进行分析
  
  $netstat -s 
  Ip:
      54102745340 total packets received
      0 forwarded
      0 incoming packets discarded
      54086127151 incoming packets delivered
      54101665338 requests sent out
  Icmp:         #Internet Control Message Protocol, Internet 控制报文协议 用于在IP主机、路由器之间传递控制消息
      1077840 ICMP messages received
      2145 input ICMP message failed.
      ICMP input histogram:
          destination unreachable: 2475
          timeout in transit: 248
          wrong parameters: 1
          source quenches: 3
          redirects: 1
          echo requests: 1075034
          echo replies: 69
          timestamp request: 3
      1129878 ICMP messages sent
      0 ICMP messages failed
      ICMP output histogram:
          destination unreachable: 54769
          echo request: 72
          echo replies: 1075034
          timestamp replies: 3
  IcmpMsg:
          InType0: 69
          InType3: 2475
          InType4: 3
          InType5: 1
          InType8: 1075034
          InType11: 248
          InType12: 1
          InType13: 3
          OutType0: 1075034
          OutType3: 54769
          OutType8: 72
          OutType14: 3
  Tcp:
      4149941351 active connections openings
      1022620333 passive connection openings
      3095563980 failed connection attempts
      100271379 connection resets received
      1084 connections established    #目前有多少个连接
      54083689577 segments received
      54084074455 segments send out
      15055961 segments retransmited
      195874 bad segments received.
      3856575743 resets sent
  Udp:
      1241256 packets received
      54773 packets to unknown port received.
      0 packet receive errors
      1405039 packets sent
  UdpLite:
  TcpExt:
      247872 invalid SYN cookies received
      16618 resets received for embryonic SYN_RECV sockets
      1240 packets pruned from receive queue because of socket buffer overrun
      60 packets pruned from receive queue
      1 packets dropped from out-of-order queue because of socket buffer overrun
      29 ICMP packets dropped because they were out-of-window
      78559379 TCP sockets finished time wait in fast timer
      883371423 time wait sockets recycled by time stamp
      1535 packets rejects in established connections because of timestamp
      182605148 delayed acks sent
      32564 delayed acks further delayed because of locked socket
      Quick ack mode was activated 821546 times
      2675061 times the listen queue of a socket overflowed
      2675061 SYNs to LISTEN sockets ignored
      19271359 packets directly queued to recvmsg prequeue.
      7399328202 packets directly received from backlog
      6765697193 packets directly received from prequeue
      35764943050 packets header predicted
      6579353 packets header predicted and directly queued to user
      4032336419 acknowledgments not containing data received
      34697552082 predicted acknowledgments
      2816 times recovered from packet loss due to SACK data
      Detected reordering 15 times using FACK
      Detected reordering 89 times using SACK
      Detected reordering 81 times using time stamp
      194 congestion windows fully recovered
      1916 congestion windows partially recovered using Hoe heuristic
      TCPDSACKUndo: 9657
      4637954 congestion windows recovered after partial ack
      37163 TCP data loss events
      TCPLostRetransmit: 503
      46377 timeouts after SACK recovery
      442 timeouts in loss state
      13532 fast retransmits
      4104 forward retransmits
      10183 retransmits in slow start
      13670540 other TCP timeouts
      192 sack retransmits failed
      1 times receiver scheduled too late for direct processing
      256454 packets collapsed in receive queue due to low socket buffer
      822253 DSACKs sent for old packets
      1212 DSACKs sent for out of order packets
      42832 DSACKs received
      18 DSACKs for out of order packets received
      85408336 connections reset due to unexpected data
      251901 connections reset due to early user close
      8215 connections aborted due to timeout
      TCPDSACKIgnoredOld: 105
      TCPDSACKIgnoredNoUndo: 4023
      TCPSpuriousRTOs: 389
      TCPSackShifted: 38352
      TCPSackMerged: 77354
      TCPSackShiftFallback: 285038
      TCPBacklogDrop: 4806
      TCPChallengeACK: 599326
      TCPSYNChallenge: 503530
      TCPFromZeroWindowAdv: 52647
      TCPToZeroWindowAdv: 52647
      TCPWantZeroWindowAdv: 12002148
  IpExt:
      InBcastPkts: 37
      InOctets: 12648107098338
      OutOctets: 10787636949021
      InBcastOctets: 19328
未经允许不得转载:Free-Abc智能 » netstat手册
分享到: 更多 (0)