常用的 Linux netstat 命令
Jan 27, 2019 00:00 · 2073 words · 5 minute read
netstat (network statistics) 是用于监控出入的网络连接,还有路由表和网卡统计数据的工具,也是最基础的网络调试工具。
1. 列出所有 TCP 和 UDP 连接
$ netstat -a | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN
tcp 0 0 perf:domain 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:ipp 0.0.0.0:* LISTEN
tcp 0 0 perf.shared:ssh 10.211.55.2:63952 ESTABLISHED
tcp6 0 0 localhost:smtp [::]:* LISTEN
tcp6 0 0 [::]:sunrpc [::]:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 localhost:ipp [::]:* LISTEN
udp 0 0 0.0.0.0:mdns 0.0.0.0:*
udp 0 0 0.0.0.0:34343 0.0.0.0:*
udp 0 0 perf:domain 0.0.0.0:*
udp 0 0 perf:domain 0.0.0.0:*
udp 0 0 0.0.0.0:bootps 0.0.0.0:*
udp 0 0 0.0.0.0:bootps 0.0.0.0:*
udp 0 0 0.0.0.0:bootpc 0.0.0.0:*
udp 0 0 0.0.0.0:sunrpc 0.0.0.0:*
udp6 0 0 [::]:sunrpc [::]:*
raw6 0 0 [::]:ipv6-icmp [::]:* 7
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 15872 /var/run/avahi-daemon/socket
unix 2 [ ACC ] STREAM LISTENING 15876 /var/run/libvirt/virtlockd-sock
unix 2 [ ACC ] STREAM LISTENING 15880 /var/run/cups/cups.sock
unix 2 [ ACC ] STREAM LISTENING 25429 @/tmp/.ICE-unix/1799
unix 2 [ ACC ] STREAM LISTENING 15884 /var/run/libvirt/virtlogd-sock
unix 2 [ ACC ] STREAM LISTENING 15886 /run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 87830 /var/run/libvirt/libvirt-sock
unix 2 [ ACC ] STREAM LISTENING 92183 /var/run/abrt/abrt.socket
unix 2 [ ACC ] STREAM LISTENING 87832 /var/run/libvirt/libvirt-sock-ro
unix 2 [ ACC ] STREAM LISTENING 87834 /var/run/libvirt/libvirt-admin-sock
unix 2 [ ACC ] STREAM LISTENING 62499 /var/lib/gssproxy/default.sock
unix 2 [ ACC ] STREAM LISTENING 54076 private/tlsmgr
unix 2 [ ACC ] STREAM LISTENING 54079 private/rewrite
unix 2 [ ACC ] STREAM LISTENING 54082 private/bounce
unix 2 [ ACC ] STREAM LISTENING 25780 @/tmp/.X11-unix/X0
unix 3 [ ] DGRAM 8482 /run/systemd/notify
unix 2 [ ACC ] STREAM LISTENING 54085 private/defer
unix 2 [ ACC ] STREAM LISTENING 62500 /run/gssproxy.sock
unix 2 [ ] DGRAM 8484 /run/systemd/cgroups-agent
unix 2 [ ACC ] STREAM LISTENING 54088 private/trace
unix 2 [ ACC ] STREAM LISTENING 54091 private/verify
unix 2 [ ACC ] STREAM LISTENING 54097 private/proxymap
unix 2 [ ACC ] STREAM LISTENING 25781 /tmp/.X11-unix/X0
2. 列出所有 TCP 连接
$ netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN
tcp 0 0 perf:domain 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:ipp 0.0.0.0:* LISTEN
tcp 0 0 perf.shared:ssh 10.211.55.2:63952 ESTABLISHED
tcp6 0 0 localhost:smtp [::]:* LISTEN
tcp6 0 0 [::]:sunrpc [::]:* LISTEN
tcp6 0 0 [::]:http [::]:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 localhost:ipp [::]:* LISTEN
3. 列出所有 UDP 连接
$ netstat -au
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 0.0.0.0:mdns 0.0.0.0:*
udp 0 0 0.0.0.0:34343 0.0.0.0:*
udp 0 0 perf:domain 0.0.0.0:*
udp 0 0 perf:domain 0.0.0.0:*
udp 0 0 0.0.0.0:bootps 0.0.0.0:*
udp 0 0 0.0.0.0:bootps 0.0.0.0:*
udp 0 0 0.0.0.0:bootpc 0.0.0.0:*
udp 0 0 0.0.0.0:sunrpc 0.0.0.0:*
udp6 0 0 [::]:sunrpc [::]:*
4. 列出所有监听中的 TCP 和 UDP 连接(还未建立连接)
-a 包含了正在监听中和已建立两种状态。
$ netstat -l | more
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN
tcp 0 0 perf:domain 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:ipp 0.0.0.0:* LISTEN
tcp6 0 0 localhost:smtp [::]:* LISTEN
tcp6 0 0 [::]:sunrpc [::]:* LISTEN
tcp6 0 0 [::]:http [::]:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 localhost:ipp [::]:* LISTEN
udp 0 0 0.0.0.0:mdns 0.0.0.0:*
udp 0 0 0.0.0.0:34343 0.0.0.0:*
udp 0 0 perf:domain 0.0.0.0:*
udp 0 0 perf:domain 0.0.0.0:*
udp 0 0 0.0.0.0:bootps 0.0.0.0:*
udp 0 0 0.0.0.0:bootps 0.0.0.0:*
udp 0 0 0.0.0.0:bootpc 0.0.0.0:*
udp 0 0 0.0.0.0:sunrpc 0.0.0.0:*
udp6 0 0 [::]:sunrpc [::]:*
raw6 0 0 [::]:ipv6-icmp [::]:* 7
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 15872 /var/run/avahi-daemon/socket
unix 2 [ ACC ] STREAM LISTENING 15876 /var/run/libvirt/virtlockd-sock
unix 2 [ ACC ] STREAM LISTENING 15880 /var/run/cups/cups.sock
unix 2 [ ACC ] STREAM LISTENING 25429 @/tmp/.ICE-unix/1799
unix 2 [ ACC ] STREAM LISTENING 15884 /var/run/libvirt/virtlogd-sock
unix 2 [ ACC ] STREAM LISTENING 15886 /run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 87830 /var/run/libvirt/libvirt-sock
unix 2 [ ACC ] STREAM LISTENING 92183 /var/run/abrt/abrt.socket
unix 2 [ ACC ] STREAM LISTENING 87832 /var/run/libvirt/libvirt-sock-ro
unix 2 [ ACC ] STREAM LISTENING 87834 /var/run/libvirt/libvirt-admin-sock
unix 2 [ ACC ] STREAM LISTENING 62499 /var/lib/gssproxy/default.sock
unix 2 [ ACC ] STREAM LISTENING 54076 private/tlsmgr
unix 2 [ ACC ] STREAM LISTENING 54079 private/rewrite
unix 2 [ ACC ] STREAM LISTENING 54082 private/bounce
unix 2 [ ACC ] STREAM LISTENING 25780 @/tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 54085 private/defer
unix 2 [ ACC ] STREAM LISTENING 62500 /run/gssproxy.sock
unix 2 [ ACC ] STREAM LISTENING 54088 private/trace
unix 2 [ ACC ] STREAM LISTENING 54091 private/verify
unix 2 [ ACC ] STREAM LISTENING 54097 private/proxymap
unix 2 [ ACC ] STREAM LISTENING 25781 /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 54100 private/proxywrite
5. 列出所有监听中的 TCP 连接(还未建立连接)
$ netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN
tcp 0 0 perf:domain 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:ipp 0.0.0.0:* LISTEN
tcp6 0 0 localhost:smtp [::]:* LISTEN
tcp6 0 0 [::]:sunrpc [::]:* LISTEN
tcp6 0 0 [::]:http [::]:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 localhost:ipp [::]:* LISTEN
6. 列出所有监听中的 UDP 连接(还未建立连接)
$ netstat -lu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 0.0.0.0:mdns 0.0.0.0:*
udp 0 0 0.0.0.0:34343 0.0.0.0:*
udp 0 0 perf:domain 0.0.0.0:*
udp 0 0 perf:domain 0.0.0.0:*
udp 0 0 0.0.0.0:bootps 0.0.0.0:*
udp 0 0 0.0.0.0:bootps 0.0.0.0:*
udp 0 0 0.0.0.0:bootpc 0.0.0.0:*
udp 0 0 0.0.0.0:sunrpc 0.0.0.0:*
udp6 0 0 [::]:sunrpc [::]:*
7. 列出所有 UNIX 系统监听中的连接
$ netstat -lx
Active UNIX domain sockets (only servers)
8. 各种协议的数据统计(默认 TCP、UDP、ICMP 和 IP 协议)
$ netstat -s
Ip:
792239 total packets received
0 forwarded
0 incoming packets discarded
792053 incoming packets delivered
306454 requests sent out
Icmp:
21 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
destination unreachable: 21
24 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 24
IcmpMsg:
InType3: 21
OutType3: 24
Tcp:
105 active connections openings
1 passive connection openings
0 failed connection attempts
0 connection resets received
1 connections established
791751 segments received
306688 segments send out
8 segments retransmited
0 bad segments received.
0 resets sent
Udp:
257 packets received
24 packets to unknown port received.
0 packet receive errors
324 packets sent
0 receive buffer errors
0 send buffer errors
UdpLite:
TcpExt:
101 TCP sockets finished time wait in fast timer
54 delayed acks sent
763003 packet headers predicted
8086 acknowledgments not containing data payload received
9067 predicted acknowledgments
1 other TCP timeouts
1 connections aborted due to timeout
TCPRcvCoalesce: 597022
TCPOrigDataSent: 17596
IpExt:
InNoRoutes: 1
InMcastPkts: 54
OutMcastPkts: 40
InBcastPkts: 122
InOctets: 1098121224
OutOctets: 19421397
InMcastOctets: 9676
OutMcastOctets: 5550
InBcastOctets: 23316
InNoECTPkts: 791596
InECT0Pkts: 643
9. TCP 协议的数据统计
$ netstat -st
IcmpMsg:
InType3: 21
OutType3: 24
Tcp:
105 active connections openings
1 passive connection openings
0 failed connection attempts
0 connection resets received
1 connections established
791759 segments received
306694 segments send out
8 segments retransmited
0 bad segments received.
0 resets sent
10. UDP 协议的数据统计
$ netstat -su
IcmpMsg:
InType3: 21
OutType3: 24
Udp:
257 packets received
24 packets to unknown port received.
0 packet receive errors
324 packets sent
0 receive buffer errors
0 send buffer errors
11. 查看已有连接建立的 PID
$ netstat -tp
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 perf.shared:ssh 10.211.55.2:63952 ESTABLISHED 2398/sshd: root@pts
12. 持续监控连接状态
默认每秒刷新一次。
$ netstat -ac 5 | grep tcp
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN
tcp 0 0 perf:domain 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:ipp 0.0.0.0:* LISTEN
tcp 0 0 perf.shared:ssh 10.211.55.2:63952 ESTABLISHED
tcp6 0 0 localhost:smtp [::]:* LISTEN
tcp6 0 0 [::]:sunrpc [::]:* LISTEN
tcp6 0 0 [::]:http [::]:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 localhost:ipp [::]:* LISTEN
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN
tcp 0 0 perf:domain 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:ipp 0.0.0.0:* LISTEN
tcp 0 0 perf.shared:ssh 10.211.55.2:63952 ESTABLISHED
tcp6 0 0 localhost:smtp [::]:* LISTEN
tcp6 0 0 [::]:sunrpc [::]:* LISTEN
tcp6 0 0 [::]:http [::]:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 localhost:ipp [::]:* LISTEN
13. 查看内核路由表
$ netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default prl-local-ns-se 0.0.0.0 UG 0 0 0 eth0
10.211.55.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
14. 统计网卡流量
$ netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 792442 0 0 0 306559 0 0 0 BMRU
lo 65536 84 0 0 0 84 0 0 0 LRU
virbr0 1500 0 0 0 0 0 0 0 0 BMU
15. 查看内核网卡表
和 ifconfig 命令有点像。
$ netstat -ie
Kernel Interface table
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.211.55.52 netmask 255.255.255.0 broadcast 10.211.55.255
inet6 fe80::d41a:a6de:73c6:70fd prefixlen 64 scopeid 0x20<link>
ether 00:1c:42:fd:02:ad txqueuelen 1000 (Ethernet)
RX packets 792455 bytes 1109232863 (1.0 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 306565 bytes 23769137 (22.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 84 bytes 9492 (9.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 84 bytes 9492 (9.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:b9:2f:bb txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
16. 查看多重广播功能群组组员名单(IPv4/IPv6)
$ netstat -g
IPv6/IPv4 Group Memberships
Interface RefCnt Group
--------------- ------ ---------------------
lo 1 all-systems.mcast.net
eth0 1 224.0.0.251
eth0 1 all-systems.mcast.net
virbr0 1 224.0.0.251
virbr0 1 all-systems.mcast.net
lo 1 ff02::1
lo 1 ff01::1
eth0 1 ff02::1:ffc6:70fd
eth0 1 ff02::1
eth0 1 ff01::1
virbr0 1 ff02::1
virbr0 1 ff01::1
virbr0-nic 1 ff02::1
virbr0-nic 1 ff01::1
17. 查找正在监听的程序
$ netstat -ap | grep http
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN 3056/nginx: master
tcp6 0 0 [::]:http [::]:* LISTEN 3056/nginx: master