简介
netstat全称是:network statistics是一个用于监控、排除网络连接故障、路由表的命令行工具,它提供关于网络统计和socket连接的详细信息。
用法
windows中
1netstat [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-t] [-x] [-y] [interval]linux中
1 2 3 4 5 6 7 8 9 10 11 12netstat [-vWeenNcCF] [<Af>] -r netstat {-V|--version|-h|--help} netstat [-vWnNcaeol] [<Socket> ...] netstat { [-vWeenNac] -I[<Iface>] | [-veenNac] -i | [-cnNe] -M | -s [-6tuw] } [delay] <Socket>={-t|--tcp} {-u|--udp} {-U|--udplite} {-S|--sctp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom <AF>=Use '-6|-4' or '-A <af>' or '--<af>'; default: inet List of possible address families (which support routing): inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25) netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP) x25 (CCITT X.25)
各参数说明
| 参数 | 说明(windows,只支持单字符命令) | 说明(linux) |
|---|---|---|
| -a, –all | 显示所有连接和侦听端口(只支持单字符命令) | |
| -b | 显示在创建每个连接或侦听端口时涉及的 可执行文件。在某些情况下,已知可执行文件托管 多个独立的组件,此时会 显示创建连接或侦听端口时 涉及的组件序列。在此情况下,可执行文件的 名称位于底部 [] 中,它调用的组件位于顶部, 直至达到 TCP/IP。注意,此选项 可能很耗时,并且可能因为你没有足够的 权限而失败。 | 不支持 |
| -c, –continuous | 不支持 | continuous listening |
| -C, –cache | 不支持 | display routing cache instead of FIB |
| -e,–extend | 显示以太网统计信息。此选项可以与 -s 选项组合使用 | 显示更多信息 |
| -f | 显示外部地址的完全限定域名(FQDN)。 | 不支持 |
| -F, –fib | 不支持 | 显示转发信息 |
| -l, –listening | 不支持 | diplay listening server sockets |
| -n, –numeric –numeric-hosts –numeric-ports –numeric-users | 以数字形式显示地址和端口号。 | don’t resolve names don’t resolve host names don’t resolve port names don’t resolve user names |
| -g, –groups | 不支持 | display multicast group memberships |
| -M, –masquerade | 不支持 | display masqueraded connections |
| -i, –interfaces | 不支持 | display interface table |
| -I, –interfaces= | 不支持 | display interface table for |
| -N, –symbolic | 不支持 | resolve hardware names |
| -o, –timers | 显示拥有的与每个连接关联的进程 ID。 | display timers |
| -p proto , –programs | 显示 proto 指定的协议的连接;proto 可以是下列任何一个: TCP、UDP、TCPv6 或 UDPv6。如果与 -s 选项一起用来显示每个协议的统计信息,proto 可以是下列任何一个: IP、IPv6、ICMP、ICMPv6、TCP、TCPv6、UDP 或 UDPv6。 | display PID/Program name for sockets |
| -q | 显示所有连接、侦听端口和绑定的 非侦听 TCP 端口。绑定的非侦听端口 不一定与活动连接相关联。 | 不支持 |
| -r,–route | 显示路由表。 | |
| -s, –statistics | 显示每个协议的统计信息。默认情况下, 显示 IP、IPv6、ICMP、ICMPv6、TCP、TCPv6、UDP 和 UDPv6 的统计信息; -p 选项可用于指定默认的子网。 | display networking statistics (like SNMP) |
| -t | 显示当前连接卸载状态。 | 不支持 |
| -v, –verbose | 不支持 | be verbose |
| -W, –wide | 不支持 | don‘t truncate IP address |
| -x | 显示 NetworkDirect 连接、侦听器和共享终结点。 | 不支持 |
| -y | 显示所有连接的 TCP 连接模板。无法与其他选项结合使用。 | 不支持 |
| -Z,–context | 不支持 | display SELinux security context for sockets |
| interval | 重新显示选定的统计信息,各个显示间暂停的间隔秒数。按 CTRL+C 停止重新显示统计信息。如果省略,则 netstat 将打印当前的 配置信息一次。 | 不支持 |
常用命令
查看所有连接
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33netstat -a windows下输出部分截取如下: TCP 192.168.1.47:64823 183.47.99.22:https CLOSE_WAIT TCP 192.168.1.47:64914 ecs-124-70-83-207:21116 ESTABLISHED TCP 192.168.1.47:65036 183.47.109.26:https CLOSE_WAIT TCP 192.168.1.47:65329 119.147.12.144:http ESTABLISHED TCP 192.168.1.47:65417 113.24.210.95:https ESTABLISHED TCP 192.168.1.47:65471 220.181.174.38:https ESTABLISHED TCP [::]:135 PS2021VRFKHEJT:0 LISTENING TCP [::]:445 PS2021VRFKHEJT:0 LISTENING TCP [::]:5357 PS2021VRFKHEJT:0 LISTENING TCP [::]:7680 PS2021VRFKHEJT:0 LISTENING TCP [::]:49664 PS2021VRFKHEJT:0 LISTENING TCP [::]:49665 PS2021VRFKHEJT:0 LISTENING TCP [::]:49666 PS2021VRFKHEJT:0 LISTENING TCP [::]:49667 PS2021VRFKHEJT:0 LISTENING TCP [::]:49668 PS2021VRFKHEJT:0 LISTENING TCP [::]:49675 PS2021VRFKHEJT:0 LISTENING TCP [::]:64952 PS2021VRFKHEJT:0 LISTENING TCP [::1]:1883 PS2021VRFKHEJT:0 LISTENING TCP [::1]:49669 PS2021VRFKHEJT:0 LISTENING UDP 0.0.0.0:123 *:* UDP 0.0.0.0:500 *:* UDP 0.0.0.0:3600 *:* UDP 0.0.0.0:3602 *:* UDP 0.0.0.0:3702 *:* UDP 0.0.0.0:3702 *:* UDP 0.0.0.0:3702 *:* UDP 0.0.0.0:3702 *:* UDP 0.0.0.0:4500 *:* UDP 0.0.0.0:5050 *:* UDP 0.0.0.0:5353 *:*仅显示监听的端口(只支持linux)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74netstat -l linux下输出结果示例: [root@VM-12-13-opencloudos ~]# netstat -l Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:ddi-tcp-1 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:cddbp 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:ftp 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN tcp 0 0 VM-12-13-openclou:redis 0.0.0.0:* LISTEN tcp 0 0 VM-12-13-opencloud:smtp 0.0.0.0:* LISTEN tcp6 0 0 [::]:rtsp [::]:* LISTEN tcp6 0 0 10.0.12.13:25060 [::]:* LISTEN tcp6 0 0 [::]:macromedia-fcs [::]:* LISTEN tcp6 0 0 VM-12-13-opencloud:smtp [::]:* LISTEN tcp6 0 0 [::]:ndmp [::]:* LISTEN tcp6 0 0 [::]:29443 [::]:* LISTEN tcp6 0 0 [::]:irdmi [::]:* LISTEN tcp6 0 0 [::]:mysql [::]:* LISTEN tcp6 0 0 [::]:ftp [::]:* LISTEN tcp6 0 0 [::]:ssh [::]:* LISTEN tcp6 101 0 [::]:28080 [::]:* LISTEN tcp6 0 0 [::]:bingbang [::]:* LISTEN udp 0 0 VM-12-13-opencloudo:323 0.0.0.0:* udp6 0 0 VM-12-13-opencloudo:323 [::]:* udp6 132864 0 10.0.12.13:25060 [::]:* udp6 0 0 [::]:ndmp [::]:* udp6 0 0 [::]:cslistener [::]:* udp6 0 0 [::]:irdmi [::]:* raw6 0 0 [::]:ipv6-icmp [::]:* 7 Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 8053964 /run/user/0/systemd/private unix 2 [ ACC ] STREAM LISTENING 8053974 /run/user/0/bus unix 2 [ ACC ] STREAM LISTENING 4408 /run/systemd/io.systemd.sysext unix 2 [ ACC ] STREAM LISTENING 42169 private/tlsmgr unix 2 [ ACC ] STREAM LISTENING 42172 private/rewrite unix 2 [ ACC ] STREAM LISTENING 42181 private/bounce unix 2 [ ACC ] STREAM LISTENING 42184 private/defer unix 2 [ ACC ] STREAM LISTENING 42187 private/trace unix 2 [ ACC ] STREAM LISTENING 42190 private/verify unix 2 [ ACC ] STREAM LISTENING 42196 private/proxymap unix 2 [ ACC ] STREAM LISTENING 42199 private/proxywrite unix 2 [ ACC ] STREAM LISTENING 42202 private/smtp unix 2 [ ACC ] STREAM LISTENING 42205 private/relay unix 2 [ ACC ] STREAM LISTENING 42211 private/error unix 2 [ ACC ] STREAM LISTENING 42214 private/retry unix 2 [ ACC ] STREAM LISTENING 42217 private/discard unix 2 [ ACC ] STREAM LISTENING 42220 private/local unix 2 [ ACC ] STREAM LISTENING 42223 private/virtual unix 2 [ ACC ] STREAM LISTENING 2413 /run/systemd/userdb/io.systemd.DynamicUser unix 2 [ ACC ] STREAM LISTENING 42226 private/lmtp unix 2 [ ACC ] STREAM LISTENING 2414 /run/systemd/io.systemd.ManagedOOM unix 2 [ ACC ] STREAM LISTENING 42229 private/anvil unix 2 [ ACC ] STREAM LISTENING 42232 private/scache unix 2 [ ACC ] STREAM LISTENING 129018 /tmp/mysql.sock unix 2 [ ACC ] STREAM LISTENING 2429 /run/systemd/journal/stdout unix 2 [ ACC ] STREAM LISTENING 4764 /run/acpid.socket unix 2 [ ACC ] STREAM LISTENING 4772 /run/dbus/system_bus_socket unix 2 [ ACC ] STREAM LISTENING 253843305 /usr/local/qcloud/YunJing/conf/ydrpc_1 unix 2 [ ACC ] STREAM LISTENING 3227825 /tmp/php-cgi-82.sock unix 2 [ ACC ] STREAM LISTENING 5095 /var/run/mcelog-client unix 2 [ ACC ] STREAM LISTENING 42158 public/pickup unix 2 [ ACC ] STREAM LISTENING 42162 public/cleanup unix 2 [ ACC ] STREAM LISTENING 42165 public/qmgr unix 2 [ ACC ] STREAM LISTENING 42193 public/flush unix 2 [ ACC ] STREAM LISTENING 42208 public/showq unix 2 [ ACC ] STREAM LISTENING 3849 /run/systemd/private unix 2 [ ACC ] STREAM LISTENING 3873 /run/lvm/lvmpolld.socket unix 2 [ ACC ] SEQPACKET LISTENING 3875 /run/systemd/coredump unix 2 [ ACC ] SEQPACKET LISTENING 3877 /run/udev/control unix 2 [ ACC ] STREAM LISTENING 4172 /run/systemd/journal/io.systemd.journal只显示tcp
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101netstat -t linux下部分输出示例: [root@VM-12-13-opencloudos ~]# netstat -t Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 VM-12-13-open:ddi-tcp-1 223.104.68.225:61150 ESTABLISHED tcp 0 0 VM-12-13-openclou:34938 211.99.98.160:https TIME_WAIT tcp 0 0 VM-12-13-openclou:54448 211.99.98.160:https TIME_WAIT tcp 0 0 VM-12-13-openclou:54480 211.99.98.160:https TIME_WAIT tcp 0 0 VM-12-13-open:ddi-tcp-1 194.48.251.14:15692 ESTABLISHED tcp 0 0 VM-12-13-openclou:49656 36.133.1.8:https TIME_WAIT tcp 0 7 VM-12-13-open:ddi-tcp-1 113.87.81.112:58648 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 113.84.8.167:41789 ESTABLISHED tcp 0 0 VM-12-13-openclou:54484 211.99.98.160:https TIME_WAIT tcp 0 0 VM-12-13-open:ddi-tcp-1 154.213.187.55:11482 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 host-95-234-172-8:38686 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 azpdcsc10.stretch:44440 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 113.87.81.112:58329 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 113.87.81.112:58610 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 server.brstej.com:40116 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 167.94.145.96:53878 ESTABLISHED tcp 0 0 VM-12-13-openclou:54472 211.99.98.160:https TIME_WAIT tcp 0 0 VM-12-13-open:ddi-tcp-1 111.7.96.147:25814 ESTABLISHED tcp 0 0 VM-12-13-openclou:58352 211.99.98.159:https TIME_WAIT tcp 0 0 VM-12-13-openclou:redis VM-12-13-openclou:51112 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 5.181.190.29:50914 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 ec2-18-171-60-82.:21872 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 5.181.190.29:37684 ESTABLISHED tcp 0 0 VM-12-13-openclou:redis VM-12-13-openclou:51124 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 server.brstej.com:50640 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 223.104.68.225:41095 ESTABLISHED tcp 0 0 VM-12-13-openclou:57634 169.254.0.138:8186 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 5.181.190.29:52126 ESTABLISHED tcp 0 0 VM-12-13-openclou:46472 169.254.0.55:lsi-bobcat ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 167.94.146.49:44206 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 167.94.138.163:50508 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 113.87.81.112:58328 ESTABLISHED tcp 0 1 VM-12-13-openclou:39077 VM-12-13-openclou:28080 SYN_SENT tcp 0 0 VM-12-13-open:ddi-tcp-1 internettl.org:52099 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 5.181.190.29:39246 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 113.84.8.167:41842 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 113.84.129.245:40763 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 45.140.17.52:60413 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 113.87.81.112:58273 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 167.94.145.107:51484 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 154.213.187.55:23206 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 113.87.81.112:58611 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 internettl.org:49184 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 45.140.17.52:62405 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 5.181.190.29:43046 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 server.brstej.com:55758 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 171.37.47.250:16715 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 113.84.40.108:54505 ESTABLISHED tcp 0 0 VM-12-13-openclou:46488 169.254.0.55:lsi-bobcat ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 113.84.8.167:41788 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 2.125.179.213:50686 ESTABLISHED tcp 0 144 VM-12-13-opencloudo:ssh VM-12-13-openclou:59578 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 hn.kd.ny.adsl:54221 ESTABLISHED tcp 144 0 VM-12-13-openclou:59578 VM-12-13-opencloudo:ssh ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 ec2-18-175-221-40:21062 ESTABLISHED tcp 0 1 VM-12-13-openclou:37243 VM-12-13-openclou:28080 SYN_SENT tcp 0 0 VM-12-13-open:ddi-tcp-1 49.113.94.229:32004 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 server.brstej.com:34648 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 crawler039.deepfi:21439 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 113.84.2.2:42393 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 ec2-35-178-164-86:21895 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 server.brstej.com:53132 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 113.84.8.167:41787 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 113.87.81.112:58331 ESTABLISHED tcp 0 0 VM-12-13-open:ddi-tcp-1 167.94.145.106:34548 ESTABLISHED tcp 0 0 VM-12-13-openclou:52804 211.99.98.187:https TIME_WAIT tcp 0 0 VM-12-13-openclou:39335 unassigned.ps:ddi-tcp-1 CLOSE_WAIT tcp6 0 0 VM-12-13-openclou:51124 VM-12-13-openclou:redis ESTABLISHED tcp6 0 0 10.0.12.13:28080 113.84.8.167:41790 ESTABLISHED tcp6 0 0 VM-12-13-openclou:mysql VM-12-13-openclou:49062 ESTABLISHED tcp6 0 0 VM-12-13-openclou:56426 VM-12-13-openclou:mysql ESTABLISHED tcp6 0 0 VM-12-13-openclou:36570 VM-12-13-openclou:mysql ESTABLISHED tcp6 0 0 VM-12-13-openclou:48664 VM-12-13-openclou:mysql ESTABLISHED tcp6 0 0 VM-12-13-openclou:mysql VM-12-13-openclou:60344 ESTABLISHED tcp6 0 0 VM-12-13-openclou:44570 VM-12-13-openclou:mysql ESTABLISHED tcp6 0 0 VM-12-13-openclou:mysql VM-12-13-openclou:60338 ESTABLISHED tcp6 0 0 VM-12-13-openclou:mysql VM-12-13-openclou:56426 ESTABLISHED tcp6 0 0 VM-12-13-openclou:33326 VM-12-13-openclou:mysql ESTABLISHED tcp6 0 0 10.0.12.13:28080 83.144.136.219:csnotify ESTABLISHED tcp6 1 0 VM-12-13-openclou:36244 VM-12-13-openc:bingbang CLOSE_WAIT tcp6 0 0 VM-12-13-openclou:49062 VM-12-13-openclou:mysql ESTABLISHED tcp6 0 0 VM-12-13-openclou:60344 VM-12-13-openclou:mysql ESTABLISHED tcp6 0 0 VM-12-13-openclou:51112 VM-12-13-openclou:redis ESTABLISHED tcp6 0 0 VM-12-13-openclou:mysql VM-12-13-openclou:33326 ESTABLISHED tcp6 0 0 VM-12-13-openclou:mysql VM-12-13-openclou:60348 ESTABLISHED tcp6 0 0 VM-12-13-openclou:mysql VM-12-13-openclou:36570 ESTABLISHED tcp6 0 0 10.0.12.13:28080 113.84.40.108:54616 ESTABLISHED tcp6 0 0 VM-12-13-openclou:33318 VM-12-13-openclou:mysql ESTABLISHED tcp6 0 0 VM-12-13-openclou:mysql VM-12-13-openclou:33318 ESTABLISHED tcp6 0 0 VM-12-13-openclou:60348 VM-12-13-openclou:mysql ESTABLISHED tcp6 0 0 VM-12-13-openclou:60338 VM-12-13-openclou:mysql ESTABLISHED tcp6 0 0 10.0.12.13:28080 119.136.207.250:54251 ESTABLISHED tcp6 0 0 VM-12-13-openclou:mysql VM-12-13-openclou:44570 ESTABLISHED tcp6 0 0 VM-12-13-openclou:mysql VM-12-13-openclou:48664 ESTABLISHED tcp6 0 0 10.0.12.13:28080 163.144.1:appswitch-emp ESTABLISHED只显示udp
1 2 3 4 5 6 7netstat -u linux下输出示例: [root@iZuf63nttsg6lc8na3fsg1Z ~]# netstat -u Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 iZuf63nttsg6lc8n:bootpc _gateway:bootps ESTABLISHED显示带数字地址的连接
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70netstat -an linux下部分输出示例: [root@VM-12-13-opencloudos ~]# netstat -an Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:888 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 10.0.12.13:8888 223.104.68.225:61150 ESTABLISHED tcp 0 0 10.0.12.13:8888 194.48.251.14:15692 ESTABLISHED tcp 0 0 10.0.12.13:80 114.132.203.138:33090 TIME_WAIT tcp 0 0 10.0.12.13:8888 113.87.81.112:58648 ESTABLISHED tcp 0 0 10.0.12.13:8888 113.84.8.167:41789 ESTABLISHED tcp 0 0 10.0.12.13:8888 154.213.187.55:11482 ESTABLISHED tcp 0 0 10.0.12.13:8888 95.234.172.88:38686 ESTABLISHED tcp 0 0 10.0.12.13:8888 52.228.152.126:44440 ESTABLISHED tcp 0 0 10.0.12.13:8888 113.87.81.112:58329 ESTABLISHED tcp 0 0 10.0.12.13:8888 113.87.81.112:58610 ESTABLISHED tcp 0 0 10.0.12.13:8888 185.16.38.232:40116 ESTABLISHED tcp 0 0 10.0.12.13:8888 167.94.145.96:53878 ESTABLISHED tcp 0 0 10.0.12.13:8888 111.7.96.147:25814 ESTABLISHED tcp 0 0 127.0.0.1:6379 127.0.0.1:51112 ESTABLISHED tcp 0 0 10.0.12.13:8888 5.181.190.29:50914 ESTABLISHED tcp 0 0 10.0.12.13:8888 18.171.60.82:21872 ESTABLISHED tcp 0 1 127.0.0.1:39045 127.0.0.1:28080 SYN_SENT tcp 0 0 10.0.12.13:8888 5.181.190.29:37684 ESTABLISHED tcp 0 0 127.0.0.1:6379 127.0.0.1:51124 ESTABLISHED tcp 0 0 10.0.12.13:8888 185.16.38.232:50640 ESTABLISHED tcp 0 0 10.0.12.13:8888 223.104.68.225:41095 ESTABLISHED tcp 0 0 10.0.12.13:57634 169.254.0.138:8186 ESTABLISHED tcp 0 0 10.0.12.13:8888 5.181.190.29:52126 ESTABLISHED tcp 0 0 10.0.12.13:46472 169.254.0.55:5574 ESTABLISHED tcp 0 0 10.0.12.13:8888 167.94.146.49:44206 ESTABLISHED tcp 0 0 10.0.12.13:8888 167.94.138.163:50508 ESTABLISHED tcp 0 0 10.0.12.13:8888 113.87.81.112:58328 ESTABLISHED tcp 0 0 10.0.12.13:8888 104.152.52.139:52099 ESTABLISHED tcp 0 0 10.0.12.13:8888 5.181.190.29:39246 ESTABLISHED tcp 0 0 10.0.12.13:8888 113.84.8.167:41842 ESTABLISHED tcp 0 0 10.0.12.13:8888 113.84.129.245:40763 ESTABLISHED tcp 0 0 10.0.12.13:8888 45.140.17.52:60413 ESTABLISHED tcp 0 0 10.0.12.13:8888 113.87.81.112:58273 ESTABLISHED tcp 0 0 10.0.12.13:8888 167.94.145.107:51484 ESTABLISHED tcp 0 0 10.0.12.13:8888 154.213.187.55:23206 ESTABLISHED tcp 0 0 10.0.12.13:8888 113.87.81.112:58611 ESTABLISHED tcp 0 0 10.0.12.13:80 114.132.203.153:42750 TIME_WAIT tcp 0 0 10.0.12.13:8888 104.152.52.198:49184 ESTABLISHED tcp 0 0 10.0.12.13:8888 45.140.17.52:62405 ESTABLISHED tcp 0 0 10.0.12.13:8888 5.181.190.29:43046 ESTABLISHED tcp 0 0 10.0.12.13:8888 185.16.38.232:55758 ESTABLISHED tcp 0 0 10.0.12.13:8888 171.37.47.250:16715 ESTABLISHED tcp 0 0 10.0.12.13:8888 113.84.40.108:54505 ESTABLISHED tcp 0 0 10.0.12.13:46488 169.254.0.55:5574 ESTABLISHED tcp 0 0 10.0.12.13:8888 113.84.8.167:41788 ESTABLISHED tcp 0 1 127.0.0.1:42775 127.0.0.1:28080 SYN_SENT tcp 0 0 10.0.12.13:8888 2.125.179.213:50686 ESTABLISHED tcp 0 0 127.0.0.1:22 127.0.0.1:59578 ESTABLISHED tcp 0 0 10.0.12.13:8888 123.14.254.161:54221 ESTABLISHED tcp 464 0 127.0.0.1:59578 127.0.0.1:22 ESTABLISHED tcp 0 0 10.0.12.13:8888 18.175.221.40:21062 ESTABLISHED tcp 0 0 10.0.12.13:8888 49.113.94.229:32004 ESTABLISHED tcp 0 0 10.0.12.13:8888 185.16.38.232:34648 ESTABLISHED tcp 0 0 10.0.12.13:8888 104.234.115.39:21439 ESTABLISHED tcp 0 0 10.0.12.13:8888 113.84.2.2:42393 ESTABLISHED tcp 0 0 10.0.12.13:8888 35.178.164.86:21895 ESTABLISHED tcp 0 0 10.0.12.13:8888 185.16.38.232:53132 ESTABLISHED显示连接时包括进程名和PID
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19netstat -p linux下部分输出示例: [root@VM-12-13-opencloudos ~]# netstat -p Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 VM-12-13-open:ddi-tcp-1 223.104.68.225:61150 ESTABLISHED 31217/python3 tcp 0 0 VM-12-13-open:ddi-tcp-1 194.48.251.14:15692 ESTABLISHED 31217/python3 tcp 0 7 VM-12-13-open:ddi-tcp-1 113.87.81.112:58648 ESTABLISHED 31217/python3 tcp 0 0 VM-12-13-open:ddi-tcp-1 113.84.8.167:41789 ESTABLISHED 31217/python3 tcp 0 0 VM-12-13-open:ddi-tcp-1 154.213.187.55:11482 ESTABLISHED 31217/python3 tcp 0 0 VM-12-13-open:ddi-tcp-1 host-95-234-172-8:38686 ESTABLISHED 31217/python3 tcp 0 0 VM-12-13-open:ddi-tcp-1 azpdcsc10.stretch:44440 ESTABLISHED 31217/python3 tcp 0 0 VM-12-13-open:ddi-tcp-1 113.87.81.112:58329 ESTABLISHED 31217/python3 tcp 0 0 VM-12-13-open:ddi-tcp-1 113.87.81.112:58610 ESTABLISHED 31217/python3 tcp 0 0 VM-12-13-open:ddi-tcp-1 server.brstej.com:40116 ESTABLISHED 31217/python3 tcp 0 0 VM-12-13-open:ddi-tcp-1 167.94.145.96:53878 ESTABLISHED 31217/python3 tcp 0 0 VM-12-13-open:ddi-tcp-1 111.7.96.147:25814 ESTABLISHED 31217/python3 tcp 0 0 VM-12-13-openclou:redis VM-12-13-openclou:51112 ESTABLISHED 57574/redis-server显示路由表
1 2 3 4 5 6 7 8netstat -r linux下输出示例: [root@VM-12-13-opencloudos ~]# netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface default _gateway 0.0.0.0 UG 0 0 0 eth0 10.0.12.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0查看网络统计信息
1 2 3 4 5 6 7 8netstat -i linux下示例输出: [root@VM-12-13-opencloudos ~]# netstat -i Kernel Interface table Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 49950139 0 0 0 43579720 0 0 0 BMRU lo 65536 118363777 0 0 0 118363777 0 0 0 LRU持续监控
1 2 3netstat -c //每秒刷新一次合并多个选项输出
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37netstat -tunlp # -t: TCP # -u: UDP # -n: 数字地址 # -l: 监听的端口 # -p: PID和进程名称 linux下输出示例: [root@VM-12-13-opencloudos ~]# netstat -tunlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN 31217/python3 tcp 0 0 0.0.0.0:888 0.0.0.0:* LISTEN 26655/nginx: master tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 39510/pure-ftpd (SE tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 992/sshd: /usr/sbin tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 26655/nginx: master tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 57574/redis-server tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 8589/master tcp6 0 0 :::554 :::* LISTEN 1531317/./MediaServ tcp6 0 0 10.0.12.13:25060 :::* LISTEN 2898370/java tcp6 0 0 :::1935 :::* LISTEN 1531317/./MediaServ tcp6 0 0 ::1:25 :::* LISTEN 8589/master tcp6 0 0 :::10000 :::* LISTEN 1531317/./MediaServ tcp6 0 0 :::29443 :::* LISTEN 1531317/./MediaServ tcp6 0 0 :::8000 :::* LISTEN 1531317/./MediaServ tcp6 0 0 :::3306 :::* LISTEN 33179/mysqld tcp6 0 0 :::21 :::* LISTEN 39510/pure-ftpd (SE tcp6 0 0 :::22 :::* LISTEN 992/sshd: /usr/sbin tcp6 101 0 :::28080 :::* LISTEN 2898370/java tcp6 0 0 :::29999 :::* LISTEN 1531317/./MediaServ udp 0 0 127.0.0.1:323 0.0.0.0:* 559/chronyd udp6 0 0 ::1:323 :::* 559/chronyd udp6 132864 0 10.0.12.13:25060 :::* 2898370/java udp6 0 0 :::10000 :::* 1531317/./MediaServ udp6 0 0 :::9000 :::* 1531317/./MediaServ udp6 0 0 :::8000 :::* 1531317/./MediaServ
关键输出字段解释
Proto: 协议类型:TCP或UDPRecv-Q: 接收队列大小(等待读取的数据)Send-Q: 发送队列大小(等待发送的数据)Local Address: 连接本地的地址和端口。Foreign Address: 连接远程的地址和端口State: 连接的状态,LISTEN、ESTABLISHED等PID/Program name: 进程的ID和进程名称
连接状态解析
- ESTABLISHED (已建立)状态
- 含义: 表示两台主机之间的连接已经成功建立,数据可以在它们之间进行传输。这个状态是网络通信中最常见的有效状态,代表双方已经完成了三次握手过程。例如,当你使用浏览器访问网页时,浏览器和网页服务器之间成功建立连接后,在
netstat查看对应的连接状态就会显示为ESTABLISHED。 - 应用场景: 适用于各种基于 TCP 协议的网络应用,如 HTTP(网页浏览)、FTP(文件传输)、SMTP(邮件发送)和 POP3/IMAP(邮件接收)等。在服务器端监控中,大量的
ESTABLISHED连接通常表示服务器正在正常处理客户端请求。
- 含义: 表示两台主机之间的连接已经成功建立,数据可以在它们之间进行传输。这个状态是网络通信中最常见的有效状态,代表双方已经完成了三次握手过程。例如,当你使用浏览器访问网页时,浏览器和网页服务器之间成功建立连接后,在
- SYN_SENT(同步已发送)状态
- 含义:这是 TCP 三次握手过程中的一个中间状态。当客户端向服务器发送一个
SYN(同步)数据包,请求建立连接,但是还没有收到服务器的SYN + ACK(同步 - 确认)响应时,连接处于SYN_SENT状态。也就是说,客户端正在积极尝试启动一个 TCP 连接。 - 应用场景:在网络故障排查中,如果看到大量的
SYN_SENT状态连接,可能表示客户端无法与目标服务器建立连接。这可能是由于网络配置错误、目标服务器未开启相应服务或者防火墙阻止了连接请求等原因造成的。
- 含义:这是 TCP 三次握手过程中的一个中间状态。当客户端向服务器发送一个
- SYN_RECV(同步收到)状态
- 含义:此状态出现在服务器端,当服务器接收到客户端发送的
SYN数据包后,回复了SYN + ACK数据包,但还没有收到客户端的ACK(确认)数据包时,连接处于SYN_RECV状态。这也是 TCP 三次握手过程中的一个阶段,意味着服务器已经收到了连接请求并做出了响应,正在等待客户端的最后确认。 - 应用场景:在服务器性能监控中,过多的
SYN_RECV状态连接可能暗示服务器正遭受 TCP SYN 洪水攻击。这种攻击方式是攻击者发送大量伪造的SYN请求,使服务器资源耗尽,因为服务器会为每个SYN请求分配一定的资源来等待后续的ACK确认。
- 含义:此状态出现在服务器端,当服务器接收到客户端发送的
- FIN_WAIT_1(终止等待1)状态
- 含义:当一方(可以是客户端或者服务器)主动发起关闭连接请求,发送了
FIN(结束)数据包后,等待对方的ACK确认时,连接进入FIN_WAIT_1状态。这是 TCP 连接关闭过程中的一个步骤,表示发起关闭的一方已经完成了自己的部分关闭操作,正在等待对方确认收到FIN数据包。 - 应用场景:在分析网络应用的正常关闭流程或者排查网络连接异常关闭的原因时会涉及此状态。如果一个连接长时间处于
FIN_WAIT_1状态,可能表示对方没有正确接收或者处理FIN数据包,这可能是由于网络延迟、对方应用程序故障或者中间设备(如防火墙)干扰等原因造成的。
- 含义:当一方(可以是客户端或者服务器)主动发起关闭连接请求,发送了
- FIN_WAIT_2(终止等待2)状态
- 含义:在收到对方对
FIN数据包的ACK确认后,主动关闭连接的一方进入FIN_WAIT_2状态。此时,它已经确认对方收到了自己的关闭请求,正在等待对方也发送FIN数据包来完成整个连接关闭过程。 - 应用场景:与
FIN_WAIT_1类似,在监控网络连接关闭过程中,FIN_WAIT_2状态的连接如果长时间存在,可能表示对方没有及时或者正确地发起自己的关闭请求,这可能会导致资源占用,特别是在处理大量连接的服务器上可能会影响性能。
- 含义:在收到对方对
- TIME_WAIT (时间等待) 状态
- 含义:在 TCP 连接关闭过程中,主动关闭连接的一方收到对方的
FIN数据包并发送ACK确认后,进入TIME_WAIT状态。这个状态会持续一段时间(通常是 2MSL,其中 MSL 是最大报文段生存时间),主要目的是为了确保最后一个ACK数据包能够正确到达对方,并且防止旧的连接数据包在网络中残留,避免对新建立的相同端口号的连接造成干扰。 - 应用场景:在高并发的网络服务器环境中,大量的
TIME_WAIT状态连接可能会占用系统资源,因为在这个状态下,连接所占用的端口等资源不会立即释放。不过,这个状态是 TCP 协议为了保证网络通信的可靠性而设计的必要环节,在一定程度上可以通过调整系统参数(如缩短TIME_WAIT时间)来缓解资源占用问题,但需要谨慎操作,以免影响网络通信的稳定性。
- 含义:在 TCP 连接关闭过程中,主动关闭连接的一方收到对方的
- CLOSE_WAIT(关闭等待)状态
- 含义:当一方(通常是服务器)收到对方发送的
FIN数据包后,回复ACK确认,然后进入CLOSE_WAIT状态。此时,它表示正在等待本地应用程序关闭连接。也就是说,网络层已经收到了关闭请求,但应用层还没有完成相应的关闭操作。 - 应用场景:在服务器端,如果出现大量的
CLOSE_WAIT状态连接,通常意味着应用程序存在问题,可能是应用程序没有正确处理连接关闭事件,导致连接一直处于等待关闭的状态。这可能会导致服务器资源被大量占用,最终影响服务器的性能和可用性。
- 含义:当一方(通常是服务器)收到对方发送的
- LAST_ACK(最后确认)状态
- 含义:在 TCP 连接关闭过程中,被动关闭连接的一方(收到对方
FIN数据包的一方)在发送完自己的FIN数据包后,等待对方的ACK确认时,连接处于LAST_ACK状态。这是连接关闭的最后一个步骤,一旦收到ACK确认,连接就彻底关闭。 - 应用场景:与其他连接关闭状态类似,在排查网络连接关闭异常时,如果发现连接长时间处于
LAST_ACK状态,可能表示最后一个ACK数据包没有正确发送或者接收,这可能是由于网络问题或者对方应用程序故障等原因造成的。
- 含义:在 TCP 连接关闭过程中,被动关闭连接的一方(收到对方
TCP三次握手和四次挥手示意图
三次握手
四次挥手
