跳转至

netstat 命令


2014-03-10 by dongnan

举个栗子

查看当前网络并发连接数:

netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'

TIME_WAIT 17
ESTABLISHED 3254
LAST_ACK 236
FIN_WAIT_1 648
FIN_WAIT_2 581
CLOSING 7
CLOSE_WAIT 4916

按IP地址连接数量排序:

# 倒序 sort -rn
netstat  -an | awk '/ESTABLISHED/ {print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -rn | head -n10

40 222.73.61.24
21 113.107.239.172
19 119.84.76.204
14 111.178.145.147
10 221.228.248.54
 9 222.186.54.144
 9 119.97.153.143
 8 122.225.38.201
 7 60.190.118.206

查看监听的端口:

netstat -nltp

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name  
tcp        0      0 0.0.0.0:9200                0.0.0.0:*                   LISTEN      1412/java          
tcp        0      0 0.0.0.0:9300                0.0.0.0:*                   LISTEN      1412/java          
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1080/sshd

查看队列信息:

netstat -antp

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address             Foreign Address           State       PID/Program name  
#...省略                 
tcp        0      0 123.57.x.54:10050         58.83.x.221:56101         TIME_WAIT   -                  
tcp        0   3152 123.57.x.54:22            58.83.x.221:61625         ESTABLISHED 2526/sshd

通过netstat两个值就可以简单判断程序收不到包到底是包没到还是包没有被进程recv

  • Recv-Q:表示收到的数据已经在本地接收缓冲,但是还有多少没有被进程取走。
  • Send-Q:对方没有收到的数据或者说没有Ack的,还是本地缓冲区。

查看内核路由信息:

netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         localhost       0.0.0.0         UG        0 0          0 enp0s31f6
link-local      0.0.0.0         255.255.0.0     U         0 0          0 enp0s31f6
172.17.0.0      0.0.0.0         255.255.0.0     U         0 0          0 docker0

统计协议信息:

netstat -s

Ip:
    817639057 total packets received
    770 with invalid headers
    309471566 forwarded
    0 incoming packets discarded
    490106819 incoming packets delivered
    803927416 requests sent out
    923 fragments dropped after timeout
    6141 reassemblies required
    2606 packets reassembled ok
    923 packet reassembles failed
    2 fragments received ok
    4 fragments created
Icmp:
    1889258 ICMP messages received
    4 input ICMP message failed.
    ICMP input histogram:
        destination unreachable: 2928
        timeout in transit: 64
        echo requests: 682608
        echo replies: 1203658
    1923892 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 4150
        time exceeded: 1103
        echo request: 1236031
        echo replies: 682608
IcmpMsg:
        InType0: 1203658
        InType3: 2928
        InType8: 682608
        InType11: 64
        OutType0: 682608
        OutType3: 4150
        OutType8: 1236031
        OutType11: 1103
Tcp:
    86054275 active connections openings
    6463578 passive connection openings
    47908 failed connection attempts
    22739 connection resets received
    35 connections established
    477887051 segments received
    484059391 segments send out
    1467721 segments retransmited
    2309 bad segments received.
    92897 resets sent
Udp:
    7585579 packets received
    3507 packets to unknown port received.
    0 packet receive errors
    8120973 packets sent
#...省略

netstat 状态含义

  • CLOSED:无连接是活动的或正在进行
  • LISTEN:服务器在等待进入呼叫
  • SYN_RECV:一个连接请求已经到达,等待确认
  • SYN_SENT:应用已经开始,打开一个连接
  • ESTABLISHED:正常数据传输状态/当前并发连接数
  • FIN_WAIT1:应用说它已经完成
  • FIN_WAIT2:另一边已同意释放
  • ITMED_WAIT:等待所有分组死掉
  • CLOSING:两边同时尝试关闭
  • TIME_WAIT:另一边已初始化一个释放
  • LAST_ACK:等待所有分组死掉

命令帮助

NAME
netstat - Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships

--numeric , -n
Show numerical addresses instead of trying to determine symbolic host, port or user names.

-l, --listening
Show only listening sockets.  (These are omitted by default.)

-p, --program
Show the PID and name of the program to which each socket belongs.

-t, --tcp tcp协议
-u, --udp udp协议

-r, --route
Display the kernel routing tables. See the description in route(8) for details.  
netstat -r and route -e produce the same output.

-s, --statistics
Display summary statistics for each protocol.

欢迎关注微信公众号: 运维录

Back to top