netstat 命令
2014-03-10 by dongnan
举个栗子
查看当前网络并发连接数:
netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'
TIME_WAIT 17
ESTABLISHED 3254
LAST_ACK 236
FIN_WAIT_1 648
FIN_WAIT_2 581
CLOSING 7
CLOSE_WAIT 4916
按IP地址连接数量排序:
# 倒序 sort -rn
netstat -an | awk '/ESTABLISHED/ {print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -rn | head -n10
40 222.73.61.24
21 113.107.239.172
19 119.84.76.204
14 111.178.145.147
10 221.228.248.54
9 222.186.54.144
9 119.97.153.143
8 122.225.38.201
7 60.190.118.206
查看监听的端口:
netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:9200 0.0.0.0:* LISTEN 1412/java
tcp 0 0 0.0.0.0:9300 0.0.0.0:* LISTEN 1412/java
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1080/sshd
查看队列信息:
netstat -antp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
#...省略
tcp 0 0 123.57.x.54:10050 58.83.x.221:56101 TIME_WAIT -
tcp 0 3152 123.57.x.54:22 58.83.x.221:61625 ESTABLISHED 2526/sshd
通过netstat两个值就可以简单判断程序收不到包到底是包没到还是包没有被进程recv:
Recv-Q:表示收到的数据已经在本地接收缓冲,但是还有多少没有被进程取走。Send-Q:对方没有收到的数据或者说没有Ack的,还是本地缓冲区。
查看内核路由信息:
netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default localhost 0.0.0.0 UG 0 0 0 enp0s31f6
link-local 0.0.0.0 255.255.0.0 U 0 0 0 enp0s31f6
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
统计协议信息:
netstat -s
Ip:
817639057 total packets received
770 with invalid headers
309471566 forwarded
0 incoming packets discarded
490106819 incoming packets delivered
803927416 requests sent out
923 fragments dropped after timeout
6141 reassemblies required
2606 packets reassembled ok
923 packet reassembles failed
2 fragments received ok
4 fragments created
Icmp:
1889258 ICMP messages received
4 input ICMP message failed.
ICMP input histogram:
destination unreachable: 2928
timeout in transit: 64
echo requests: 682608
echo replies: 1203658
1923892 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 4150
time exceeded: 1103
echo request: 1236031
echo replies: 682608
IcmpMsg:
InType0: 1203658
InType3: 2928
InType8: 682608
InType11: 64
OutType0: 682608
OutType3: 4150
OutType8: 1236031
OutType11: 1103
Tcp:
86054275 active connections openings
6463578 passive connection openings
47908 failed connection attempts
22739 connection resets received
35 connections established
477887051 segments received
484059391 segments send out
1467721 segments retransmited
2309 bad segments received.
92897 resets sent
Udp:
7585579 packets received
3507 packets to unknown port received.
0 packet receive errors
8120973 packets sent
#...省略
netstat 状态含义
CLOSED:无连接是活动的或正在进行LISTEN:服务器在等待进入呼叫SYN_RECV:一个连接请求已经到达,等待确认SYN_SENT:应用已经开始,打开一个连接ESTABLISHED:正常数据传输状态/当前并发连接数FIN_WAIT1:应用说它已经完成FIN_WAIT2:另一边已同意释放ITMED_WAIT:等待所有分组死掉CLOSING:两边同时尝试关闭TIME_WAIT:另一边已初始化一个释放LAST_ACK:等待所有分组死掉
命令帮助
NAME
netstat - Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships
--numeric , -n
Show numerical addresses instead of trying to determine symbolic host, port or user names.
-l, --listening
Show only listening sockets. (These are omitted by default.)
-p, --program
Show the PID and name of the program to which each socket belongs.
-t, --tcp tcp协议
-u, --udp udp协议
-r, --route
Display the kernel routing tables. See the description in route(8) for details.
netstat -r and route -e produce the same output.
-s, --statistics
Display summary statistics for each protocol.