linux用netstat查看服务及监听端口
2018-06-04 本文已影响1050人
SunnyMore
转自:https://www.cnblogs.com/echo1937/p/6677325.html
常用命令
[root@localhost ~]# netstat -nlp
netstat命令各个参数说明如下:
-t : 指明显示TCP端口
-u : 指明显示UDP端口
-l : 仅显示监听套接字(所谓套接字就是使应用程序能够读写与收发通讯协议(protocol)与资料的程序)
-p : 显示进程标识符和程序名称,每一个套接字/端口都属于一个程序。
-n : 不进行DNS轮询(可以加速操作)
即可显示当前服务器上所有端口及进程服务,于grep结合可查看某个具体端口及服务情况··
[root@localhost ~]# netstat -nlp |grep LISTEN //查看当前所有监听端口·
[root@localhost ~]# netstat -nlp |grep 80 //查看所有80端口使用情况·
[root@localhost ~]# netstat -an | grep 3306 //查看所有3306端口使用情况·
简介
Netstat 命令用于显示各种网络相关信息,如网络连接,路由表,接口状态 (Interface Statistics),masquerade 连接,多播成员 (Multicast Memberships) 等等。
输出信息含义
执行netstat后,其输出结果
[iotspark@iotsparknode1 conf]$netstat|more
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 96 iotsparknode1:ssh laptop-4h9v96gg.z:63571 ESTABLISHED
tcp 0 0 iotsparknode1:14007 iotsparkmast:cslistener ESTABLISHED
tcp6 0 0 iotsparknode1:63631 iotsparkmaster:7077 ESTABLISHED
tcp6 0 0 iotsparknode1:19421 iotsparkmaster:8031 ESTABLISHED
udp 0 0 iotsparknode1:22614 cn.ntp.faelix.net:ntp ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 10277 /run/systemd/notify
unix 2 [ ] DGRAM 10279 /run/systemd/cgroups-agent
unix 6 [ ] DGRAM 10294 /run/systemd/journal/socket
unix 18 [ ] DGRAM 10296 /dev/log
unix 2 [ ] DGRAM 17799 /run/systemd/shutdownd
unix 3 [ ] DGRAM 19763
unix 3 [ ] STREAM CONNECTED 19100 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 26137 /run/user/42/pulse/native
unix 3 [ ] STREAM CONNECTED 23514
unix 3 [ ] STREAM CONNECTED 29474 @/tmp/dbus-4pZGq3vUpS
unix 3 [ ] STREAM CONNECTED 21325 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 23110
unix 3 [ ] STREAM CONNECTED 26161
unix 3 [ ] STREAM CONNECTED 20369 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 20223
unix 3 [ ] STREAM CONNECTED 20220
unix 3 [ ] STREAM CONNECTED 26071
unix 3 [ ] STREAM CONNECTED 20195
unix 3 [ ] STREAM CONNECTED 12258
unix 3 [ ] STREAM CONNECTED 15282
unix 3 [ ] STREAM CONNECTED 26160
unix 3 [ ] STREAM CONNECTED 24085
unix 3 [ ] STREAM CONNECTED 19712
unix 3 [ ] STREAM CONNECTED 28870
unix 3 [ ] STREAM CONNECTED 26942 @/tmp/dbus-4pZGq3vUpS
unix 3 [ ] STREAM CONNECTED 26041
unix 2 [ ] DGRAM 20970
unix 3 [ ] STREAM CONNECTED 19106 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 19102 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 27956 @/tmp/dbus-iiwiux8q
unix 3 [ ] STREAM CONNECTED 24954 /var/run/pcscd/pcscd.comm
unix 3 [ ] STREAM CONNECTED 20196
unix 3 [ ] STREAM CONNECTED 27959
unix 3 [ ] STREAM CONNECTED 26162
unix 3 [ ] STREAM CONNECTED 26115 @/tmp/dbus-4pZGq3vUpS
--more--
从整体上看,netstat的输出结果可以分为两个部分:
OUTPUT
Active Internet connections (TCP, UDP, raw)
Proto
The protocol (tcp, udp, raw) used by the socket.
Recv-Q
The count of bytes not copied by the user program connected to this socket.
Send-Q
The count of bytes not acknowledged by the remote host.
一个是Active Internet connections,称为有源TCP连接,其中"Recv-Q"和"Send-Q"指的是接收队列和发送队列,这些数字一般都应该是0。如果不是则表示软件包正在队列中堆积,这种情况非常少见。
Active UNIX domain Sockets
Proto
The protocol (usually unix) used by the socket.
RefCnt
The reference count (i.e. attached processes via this socket).
Flags
The flags displayed is SO_ACCEPTON (displayed as ACC), SO_WAITDATA (W) or SO_NOSPACE (N). SO_ACCECPTON is used on
unconnected sockets if their corresponding processes are waiting for a connect request. The other flags are not of nor-
mal interest.
Type
There are several types of socket access:
SOCK_DGRAM
The socket is used in Datagram (connectionless) mode.
SOCK_STREAM
This is a stream (connection) socket.
SOCK_RAW
The socket is used as a raw socket.
另一个是Active UNIX domain sockets,称为有源Unix域套接口(和网络套接字一样,但是只能用于本机通信,性能可以提高一倍)。
Proto显示连接使用的协议,
RefCnt表示连接到本套接口上的进程数量,
Types显示套接口的类型,
State显示套接口当前的状态,
Path表示连接到套接口的其它进程使用的路径名。
常见参数
-a (all)显示所有选项, netstat默认不显示LISTEN相关
-t (tcp)仅显示tcp相关选项
-u (udp)仅显示udp相关选项
-n 拒绝显示别名,能显示数字的全部转化成数字。(重要)
-l 仅列出有在 Listen (监听) 的服務状态
-p 显示建立相关链接的程序名(macOS中表示协议 -p protocol)
-r 显示路由信息,路由表
-e 显示扩展信息,例如uid等
-s 按各个协议进行统计 (重要)
-c 每隔一个固定时间,执行该netstat命令。
提示:LISTEN和LISTENING的状态只有用-a或者-l才能看到
实用命令实例
-
1. 列出所有端口 (包括监听和未监听的)
列出所有端口: netstat -a
列出所有tcp端口: netstat -at
列出所有udp端口: netstat -au
-
2. 列出所有处于监听状态的 Sockets
只显示监听端口: netstat -l
只列出所有监听tcp端口: netstat -lt
只列出所有监听udp端口: netstat -lu
只列出所有监听UNIX端口: netstat -lx
-
3. 显示每个协议的统计信息
显示所有端口的统计信息 netstat -s
[iotspark@iotsparknode1 conf]$netstat -s
Ip:
2530010 total packets received
0 forwarded
0 incoming packets discarded
2529906 incoming packets delivered
4703167 requests sent out
16 dropped because of missing route
Icmp:
12 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
echo requests: 12
14 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 2
echo replies: 12
IcmpMsg:
InType8: 12
OutType0: 12
OutType3: 2
Tcp:
10123 active connections openings
14342 passive connection openings
0 failed connection attempts
11 connection resets received
4 connections established
2514027 segments received
4706175 segments send out
4230 segments retransmited
0 bad segments received.
151 resets sent
Udp:
5826 packets received
2 packets to unknown port received.
0 packet receive errors
7037 packets sent
0 receive buffer errors
0 send buffer errors
UdpLite:
TcpExt:
3 invalid SYN cookies received
14616 TCP sockets finished time wait in fast timer
1542 delayed acks sent
2 delayed acks further delayed because of locked socket
Quick ack mode was activated 723 times
26 packets directly queued to recvmsg prequeue.
43685 packet headers predicted
113862 acknowledgments not containing data payload received
51313 predicted acknowledgments
21 times recovered from packet loss by selective acknowledgements
7 congestion windows recovered without slow start by DSACK
3 congestion windows recovered without slow start after partial ack
1 timeouts after SACK recovery
21 fast retransmits
674 other TCP timeouts
TCPLossProbes: 1502
TCPLossProbeRecovery: 837
724 DSACKs sent for old packets
1 DSACKs sent for out of order packets
59 DSACKs received
1 connections reset due to unexpected data
1 connections reset due to early user close
3 connections aborted due to timeout
TCPDSACKIgnoredOld: 2
TCPDSACKIgnoredNoUndo: 21
TCPSackShiftFallback: 32
TCPRcvCoalesce: 740
TCPOFOQueue: 2
TCPOFOMerge: 1
TCPAutoCorking: 44274
TCPSynRetrans: 2645
TCPOrigDataSent: 2422327
TCPHystartTrainDetect: 6
TCPHystartTrainCwnd: 100
IpExt:
InMcastPkts: 4
InBcastPkts: 10035
InOctets: 311044196
OutOctets: 849775247
InMcastOctets: 144
InBcastOctets: 1655422
InNoECTPkts: 2554217
[iotspark@iotsparknode1 conf]$
显示 TCP 或 UDP 端口的统计信息 netstat -st 或 -su
# netstat -st
# netstat -su
-
4. 显示 PID 和进程名称
netstat -p 可以与其它开关一起使用,就可以添加 “PID/进程名称” 到 netstat 输出中,这样 debugging 的时候可以很方便的发现特定端口运行的程序。
[iotspark@iotsparknode1 conf]$netstat -pt
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 96 iotsparknode1:ssh laptop-4h9v96gg.z:63571 ESTABLISHED -
tcp 0 0 iotsparknode1:14007 iotsparkmast:cslistener ESTABLISHED 18309/java
tcp6 0 0 iotsparknode1:63631 iotsparkmaster:7077 ESTABLISHED 38349/java
tcp6 0 0 iotsparknode1:19421 iotsparkmaster:8031 ESTABLISHED 11975/java
-
5. 不显示主机,端口和用户名 (host, port or user)
当你不想让主机,端口和用户名显示,使用 netstat -n。将会使用数字代替那些名称。该参数可以加速output的输出,因为不用进行比对查询。
# netstat -an
# 如果只是不想让这三个名称中的一个被显示,使用以下命令
# netsat -a --numeric-ports
# netsat -a --numeric-hosts
# netsat -a --numeric-users
-
6. 持续输出 netstat 信息
netstat 将每隔一秒输出网络信息。
# netstat -t -c 2
-
7. 显示系统不支持的地址族 (Address Families)
netstat --verbose
-
8. 显示核心路由信息
[iotspark@iotsparknode1 conf]$netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 172.16.23.254 0.0.0.0 UG 0 0 0 ens192
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 ens192
172.16.22.0 0.0.0.0 255.255.254.0 U 0 0 0 ens192
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
# 注意: 使用 netstat -rn 显示数字格式,不查询主机名称,效果等价于route -n
-
9. 找出程序运行的端口
并不是所有的进程都能找到,没有权限的会不显示,使用 root 权限查看所有的信息。
[root@iotsparknode1 ~]$netstat -apn | grep ssh
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2263/sshd
tcp 0 96 172.16.22.51:22 10.45.20.15:65407 ESTABLISHED 38666/sshd: root@pt
tcp 0 0 172.16.22.51:22 10.45.20.15:63571 ESTABLISHED 38183/sshd: iotspar
tcp6 0 0 :::22 :::* LISTEN 2263/sshd
unix 2 [ ] DGRAM 3813244 38666/sshd: root@pt
unix 3 [ ] STREAM CONNECTED 3789794 38185/sshd: iotspar
unix 2 [ ] DGRAM 3789791 38183/sshd: iotspar
unix 3 [ ] STREAM CONNECTED 3789795 38183/sshd: iotspar
找出运行在指定端口的进程
[root@iotsparknode1 ~]$netstat -an | grep ':22'
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 96 172.16.22.51:22 10.45.20.15:65407 ESTABLISHED
tcp 0 0 172.16.22.51:22 10.45.20.15:63571 ESTABLISHED
tcp6 0 0 172.16.22.51:22612 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
udp 0 0 172.16.22.51:22614 185.134.197.4:123 ESTABLISHED
-
10. 显示网络接口列表
[root@iotsparknode1 ~]$netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
docker0 1500 0 0 0 0 0 0 0 0 BMU
ens192 1500 3224348 0 920 0 4708892 0 0 0 BMRU
lo 65536 119 0 0 0 119 0 0 0 LRU
[root@iotsparknode1 ~]$netstat -ie
Kernel Interface table
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
ether 02:42:50:77:d1:d6 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.22.51 netmask 255.255.254.0 broadcast 172.16.23.255
inet6 fe80::250:56ff:fea0:585e prefixlen 64 scopeid 0x20<link>
ether 00:50:56:a0:58:5e txqueuelen 1000 (Ethernet)
RX packets 3224385 bytes 388281156 (370.2 MiB)
RX errors 0 dropped 920 overruns 0 frame 0
TX packets 4708952 bytes 916013626 (873.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 119 bytes 24904 (24.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 119 bytes 24904 (24.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
