netstat
Netstat 簡介
Netstat 是一款命令行工具,可用于列出系統(tǒng)上所有的網(wǎng)絡(luò)套接字連接情況,包括 tcp, udp 以及 unix 套接字,另外它還能列出處于監(jiān)聽狀態(tài)(即等待接入請求)的套接字。如果你想確認(rèn)系統(tǒng)上的 Web 服務(wù)有沒有起來,你可以查看80端口有沒有打開。以上功能使 netstat 成為網(wǎng)管和系統(tǒng)管理員的必備利器。在這篇教程中,我會列出幾個例子,教大家如何使用 netstat 去查找網(wǎng)絡(luò)連接信息和系統(tǒng)開啟的端口號。
以下的簡單介紹來自 netstat 的 man 手冊:
netstat - 打印網(wǎng)絡(luò)連接、路由表、連接的數(shù)據(jù)統(tǒng)計、偽裝連接以及廣播域成員。
1. 列出所有連接
第一個要介紹的,是最簡單的命令:列出所有當(dāng)前的連接。使用 -a 選項即可。
$?netstat?-a?Active?Internet?connections?(servers?and?established)Proto?Recv-Q?Send-Q?Local?Address???????????Foreign?Address?????????State??????tcp????????0??????0?enlightened:domain??????*:*?????????????????????LISTEN?????tcp????????0??????0?localhost:ipp???????????*:*?????????????????????LISTEN?????tcp????????0??????0?enlightened.local:54750?li240-5.members.li:http?ESTABLISHEDtcp????????0??????0?enlightened.local:49980?del01s07-in-f14.1:https?ESTABLISHEDtcp6???????0??????0?ip6-localhost:ipp???????[::]:*??????????????????LISTEN?????udp????????0??????0?enlightened:domain??????*:*????????????????????????????????udp????????0??????0?*:bootpc????????????????*:*????????????????????????????????udp????????0??????0?enlightened.local:ntp???*:*????????????????????????????????udp????????0??????0?localhost:ntp???????????*:*????????????????????????????????udp????????0??????0?*:ntp???????????????????*:*????????????????????????????????udp????????0??????0?*:58570?????????????????*:*????????????????????????????????udp????????0??????0?*:mdns??????????????????*:*????????????????????????????????udp????????0??????0?*:49459?????????????????*:*????????????????????????????????udp6???????0??????0?fe80::216:36ff:fef8:ntp?[::]:*?????????????????????????????udp6???????0??????0?ip6-localhost:ntp???????[::]:*?????????????????????????????udp6???????0??????0?[::]:ntp????????????????[::]:*?????????????????????????????udp6???????0??????0?[::]:mdns???????????????[::]:*?????????????????????????????udp6???????0??????0?[::]:63811??????????????[::]:*?????????????????????????????udp6???????0??????0?[::]:54952??????????????[::]:*?????????????????????????????Active?UNIX?domain?sockets?(servers?and?established)Proto?RefCnt?Flags???????Type???????State?????????I-Node???Pathunix??2??????[?ACC?]?????STREAM?????LISTENING?????12403????@/tmp/dbus-IDgfj3UGXXunix??2??????[?ACC?]?????STREAM?????LISTENING?????40202????@/dbus-vfs-daemon/socket-6nUC6CCx上述命令列出 tcp, udp 和 unix 協(xié)議下所有套接字的所有連接。然而這些信息還不夠詳細(xì),管理員往往需要查看某個協(xié)議或端口的具體連接情況。
2. 只列出 TCP 或 UDP 協(xié)議的連接
使用?-t?選項列出 TCP 協(xié)議的連接:
$?netstat?-atActive?Internet?connections?(servers?and?established)Proto?Recv-Q?Send-Q?Local?Address???????????Foreign?Address?????????State??????tcp????????0??????0?enlightened:domain??????*:*?????????????????????LISTEN?????tcp????????0??????0?localhost:ipp???????????*:*?????????????????????LISTEN?????tcp????????0??????0?enlightened.local:36310?del01s07-in-f24.1:https?ESTABLISHEDtcp????????0??????0?enlightened.local:45038?a96-17-181-10.depl:http?ESTABLISHEDtcp????????0??????0?enlightened.local:37892?ABTS-North-Static-:http?ESTABLISHED.....使用?-u?選項列出 UDP 協(xié)議的連接:
$?netstat?-auActive?Internet?connections?(servers?and?established)Proto?Recv-Q?Send-Q?Local?Address???????????Foreign?Address?????????State??????udp????????0??????0?*:34660?????????????????*:*????????????????????????????????udp????????0??????0?enlightened:domain??????*:*????????????????????????????????udp????????0??????0?*:bootpc????????????????*:*????????????????????????????????udp????????0??????0?enlightened.local:ntp???*:*????????????????????????????????udp????????0??????0?localhost:ntp???????????*:*????????????????????????????????udp????????0??????0?*:ntp???????????????????*:*????????????????????????????????udp6???????0??????0?fe80::216:36ff:fef8:ntp?[::]:*?????????????????????????????udp6???????0??????0?ip6-localhost:ntp???????[::]:*?????????????????????????????udp6???????0??????0?[::]:ntp????????????????[::]:*上面同時顯示了 IPv4 和 IPv6 的連接。
3. 禁用反向域名解析,加快查詢速度
默認(rèn)情況下 netstat 會通過反向域名解析技術(shù)查找每個 IP 地址對應(yīng)的主機名。這會降低查找速度。如果你覺得 IP 地址已經(jīng)足夠,而沒有必要知道主機名,就使用?-n?選項禁用域名解析功能。
$?netstat?-antActive?Internet?connections?(servers?and?established)Proto?Recv-Q?Send-Q?Local?Address???????????Foreign?Address?????????State??????tcp????????0??????0?127.0.1.1:53????????????0.0.0.0:*???????????????LISTEN?????tcp????????0??????0?127.0.0.1:631???????????0.0.0.0:*???????????????LISTEN?????tcp????????0??????0?192.168.1.2:49058???????173.255.230.5:80????????ESTABLISHEDtcp????????0??????0?192.168.1.2:33324???????173.194.36.117:443??????ESTABLISHEDtcp6???????0??????0?::1:631?????????????????:::*????????????????????LISTEN上述命令列出所有 TCP 協(xié)議的連接,沒有使用域名解析技術(shù)。So easy ? 非常好。
4. 只列出監(jiān)聽中的連接
任何網(wǎng)絡(luò)服務(wù)的后臺進程都會打開一個端口,用于監(jiān)聽接入的請求。這些正在監(jiān)聽的套接字也和連接的套接字一樣,也能被 netstat 列出來。使用?-l?選項列出正在監(jiān)聽的套接字。
$?netstat?-tnlActive?Internet?connections?(only?servers)Proto?Recv-Q?Send-Q?Local?Address???????????Foreign?Address?????????State??????tcp????????0??????0?127.0.1.1:53????????????0.0.0.0:*???????????????LISTEN?????tcp????????0??????0?127.0.0.1:631???????????0.0.0.0:*???????????????LISTEN?????tcp6???????0??????0?::1:631?????????????????:::*????????????????????LISTEN現(xiàn)在我們可以看到處于監(jiān)聽狀態(tài)的 TCP 端口和連接。如果你查看所有監(jiān)聽端口,去掉?-t?選項。如果你只想查看 UDP 端口,使用?-u?選項,代替?-t?選項。
注意:不要使用?-a?選項,否則 netstat 會列出所有連接,而不僅僅是監(jiān)聽端口。
5. 獲取進程名、進程號以及用戶 ID
查看端口和連接的信息時,能查看到它們對應(yīng)的進程名和進程號對系統(tǒng)管理員來說是非常有幫助的。舉個栗子,Apache 的 httpd 服務(wù)開啟80端口,如果你要查看 http 服務(wù)是否已經(jīng)啟動,或者 http 服務(wù)是由 apache 還是 nginx 啟動的,這時候你可以看看進程名。
使用?-p?選項查看進程信息。
~$?sudo?netstat?-nlptActive?Internet?connections?(only?servers)Proto?Recv-Q?Send-Q?Local?Address???????????Foreign?Address?????????State???????PID/Program?nametcp????????0??????0?127.0.1.1:53????????????0.0.0.0:*???????????????LISTEN??????1144/dnsmasq????tcp????????0??????0?127.0.0.1:631???????????0.0.0.0:*???????????????LISTEN??????661/cupsd???????tcp6???????0??????0?::1:631?????????????????:::*????????????????????LISTEN??????661/cupsd使用?-p?選項時,netstat 必須運行在 root 權(quán)限之下,不然它就不能得到運行在 root 權(quán)限下的進程名,而很多服務(wù)包括 http 和 ftp 都運行在 root 權(quán)限之下。
相比進程名和進程號而言,查看進程的擁有者會更有用。使用?-ep?選項可以同時查看進程名和用戶名。
$?sudo?netstat?-ltpeActive?Internet?connections?(only?servers)Proto?Recv-Q?Send-Q?Local?Address???????????Foreign?Address?????????State???????User???????Inode???????PID/Program?nametcp????????0??????0?enlightened:domain??????*:*?????????????????????LISTEN??????root???????11090???????1144/dnsmasq????tcp????????0??????0?localhost:ipp???????????*:*?????????????????????LISTEN??????root???????9755????????661/cupsd???????tcp6???????0??????0?ip6-localhost:ipp???????[::]:*??????????????????LISTEN??????root???????9754????????661/cupsd上面列出 TCP 協(xié)議下的監(jiān)聽套接字,同時顯示進程信息和一些額外信息。
這些額外的信息包括用戶名和進程的索引節(jié)點號。這個命令對網(wǎng)管來說很有用。
注意?- 假如你將?-n?和?-e?選項一起使用,User 列的屬性就是用戶的 ID 號,而不是用戶名。
6. 打印統(tǒng)計數(shù)據(jù)
netstat 可以打印出網(wǎng)絡(luò)統(tǒng)計數(shù)據(jù),包括某個協(xié)議下的收發(fā)包數(shù)量。
下面列出所有網(wǎng)絡(luò)包的統(tǒng)計情況:
$?netstat?-sIp:????32797?total?packets?received????0?forwarded????0?incoming?packets?discarded????32795?incoming?packets?delivered????29115?requests?sent?out????60?outgoing?packets?droppedIcmp:????125?ICMP?messages?received????0?input?ICMP?message?failed.????ICMP?input?histogram:????????destination?unreachable:?125????125?ICMP?messages?sent????0?ICMP?messages?failed????ICMP?output?histogram:????????destination?unreachable:?125...?OUTPUT?TRUNCATED?...如果想只打印出 TCP 或 UDP 協(xié)議的統(tǒng)計數(shù)據(jù),只要加上對應(yīng)的選項(-t?和?-u)即可,so easy。
7. 顯示內(nèi)核路由信息
使用?-r?選項打印內(nèi)核路由信息。打印出來的信息與 route 命令輸出的信息一樣。我們也可以使用?-n?選項禁止域名解析。
$?netstat?-rnKernel?IP?routing?tableDestination?????Gateway?????????Genmask?????????Flags???MSS?Window??irtt?Iface0.0.0.0?????????192.168.1.1?????0.0.0.0?????????UG????????0?0??????????0?eth0192.168.1.0?????0.0.0.0?????????255.255.255.0???U?????????0?0??????????0?eth08. 打印網(wǎng)絡(luò)接口
netstat 也能打印網(wǎng)絡(luò)接口信息,-i?選項就是為這個功能而生。
$?netstat?-iKernel?Interface?tableIface???MTU?Met???RX-OK?RX-ERR?RX-DRP?RX-OVR????TX-OK?TX-ERR?TX-DRP?TX-OVR?Flgeth0???????1500?0?????31611??????0??????0?0?????????27503??????0??????0??????0?BMRUlo????????65536?0??????2913??????0??????0?0??????????2913??????0??????0??????0?LRU上面輸出的信息比較原始。我們將?-e?選項和?-i?選項搭配使用,可以輸出用戶友好的信息。
$?netstat?-ieKernel?Interface?tableeth0??????Link?encap:Ethernet??HWaddr?00:16:36:f8:b2:64????????????inet?addr:192.168.1.2??Bcast:192.168.1.255??Mask:255.255.255.0??????????inet6?addr:?fe80::216:36ff:fef8:b264/64?Scope:Link??????????UP?BROADCAST?RUNNING?MULTICAST??MTU:1500??Metric:1??????????RX?packets:31682?errors:0?dropped:0?overruns:0?frame:0??????????TX?packets:27573?errors:0?dropped:0?overruns:0?carrier:0??????????collisions:0?txqueuelen:1000???????????RX?bytes:29637117?(29.6?MB)??TX?bytes:4590583?(4.5?MB)??????????Interrupt:18?Memory:da000000-da020000??lo????????Link?encap:Local?Loopback????????????inet?addr:127.0.0.1??Mask:255.0.0.0??????????inet6?addr:?::1/128?Scope:Host??????????UP?LOOPBACK?RUNNING??MTU:65536??Metric:1??????????RX?packets:2921?errors:0?dropped:0?overruns:0?frame:0??????????TX?packets:2921?errors:0?dropped:0?overruns:0?carrier:0??????????collisions:0?txqueuelen:0???????????RX?bytes:305297?(305.2?KB)??TX?bytes:305297?(305.2?KB)上面的輸出信息與 ifconfig 輸出的信息一樣。
9. netstat 持續(xù)輸出
我們可以使用 netstat 的?-c?選項持續(xù)輸出信息。
$?netstat?-ct這個命令可持續(xù)輸出 TCP 協(xié)議信息。
10. 顯示多播組信息
選項?-g?會輸出 IPv4 和 IPv6 的多播組信息。
$?netstat?-gIPv6/IPv4?Group?MembershipsInterface???????RefCnt?Group---------------?------?---------------------lo??????????????1??????all-systems.mcast.neteth0????????????1??????224.0.0.251eth0????????????1??????all-systems.mcast.netlo??????????????1??????ip6-allnodeslo??????????????1??????ff01::1eth0????????????1??????ff02::fbeth0????????????1??????ff02::1:fff8:b264eth0????????????1??????ip6-allnodeseth0????????????1??????ff01::1wlan0???????????1??????ip6-allnodeswlan0???????????1??????ff01::1更多用法
目前為止我們列出了 netstat 的基本用法,現(xiàn)在讓我們一起來 geek 吧~
打印 active 狀態(tài)的連接
active 狀態(tài)的套接字連接用 "ESTABLISHED" 字段表示,所以我們可以使用 grep 命令獲得 active 狀態(tài)的連接:
$?netstat?-atnp?|?grep?ESTA(Not?all?processes?could?be?identified,?non-owned?process?info?will?not?be?shown,?you?would?have?to?be?root?to?see?it?all.)tcp????????0??????0?192.168.1.2:49156???????173.255.230.5:80????????ESTABLISHED?1691/chrome?????tcp????????0??????0?192.168.1.2:33324???????173.194.36.117:443??????ESTABLISHED?1691/chrome配合 watch 命令監(jiān)視 active 狀態(tài)的連接:
$?watch?-d?-n0?"netstat?-atnp?|?grep?ESTA"查看服務(wù)是否在運行
如果你想看看 http,smtp 或 ntp 服務(wù)是否在運行,使用 grep。
$?sudo?netstat?-aple?|?grep?ntpudp????????0??????0?enlightened.local:ntp???*:*?????????????????????????????????root???????17430???????1789/ntpd???????udp????????0??????0?localhost:ntp???????????*:*?????????????????????????????????root???????17429???????1789/ntpd???????udp????????0??????0?*:ntp???????????????????*:*?????????????????????????????????root???????17422???????1789/ntpd???????udp6???????0??????0?fe80::216:36ff:fef8:ntp?[::]:*??????????????????????????????root???????17432???????1789/ntpd???????udp6???????0??????0?ip6-localhost:ntp???????[::]:*??????????????????????????????root???????17431???????1789/ntpd???????udp6???????0??????0?[::]:ntp????????????????[::]:*??????????????????????????????root???????17423???????1789/ntpd???????unix??2??????[?]?????????DGRAM????????????????????17418????1789/ntpd從這里可以看到 ntp 服務(wù)正在運行。使用 grep 命令你可以查看 http 或 smtp 或其它任何你想查看的服務(wù)。
好了,netstat 的大部分功能都介紹過了,如果你想知道 netstat 更高級的功能,閱讀它的手冊吧(man netstat)。
轉(zhuǎn)載于:https://blog.51cto.com/hope1/1908774
總結(jié)
- 上一篇: 『神器』如何免费下载百度文库付费资料?
- 下一篇: latex符号正下方下标