[b] netstat命令用來打印Linux中網絡系統的狀態信息,可讓你得知整個Linux系統的網絡情況。[/b][b](1)用法:[/b]
[b] 用法: netstat [選項參數][/b][b] (2)功能:[/b]
[b] 功能: netstat用於顯示與IP、TCP、UDP和ICMP協議相關的統計數據,一般用於檢驗本機各端口的網絡連接情況。[/b] 如果你的計算機有時候接收到的數據報導致出錯數據或故障,你不必感到奇怪,TCP/IP可以容許這些類型的錯誤,並能夠自動重發數據報。但如果累計的出錯情況數目占到所接收的IP數據報相當大的百分比,或者它的數目正迅速增加,那麼你就應該使用netstat查一查為什麼會出現這些情況了。
[b] (3)選項參數:[/b] 1) -a或–all 顯示所有連線中的Socket。
2) -n或–numeric 直接使用IP地址,而不通過域名服務器。 3) -t或–tcp 顯示TCP傳輸協議的連線狀況。
4) -u或–udp 顯示UDP傳輸協議的連線狀況。 5) -v或–verbose 顯示指令執行過程。
6) -p或–programs 顯示正在使用Socket的程序識別碼和程序名稱。 7) -s或–statistice 顯示網絡工作信息統計表。
[b] (4)實例:[/b] 1)[root@localhost ~]# netstat 無參數的使用
[root@localhost ~]# netstat Active Internet connections (w/o servers) //有源TCP連接 Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 268 192.168.120.204:ssh 10.2.0.68:62420 ESTABLISHED udp 0 0 192.168.120.204:4371 10.58.119.119:domain ESTABLISHED Active UNIX domain sockets (w/o servers) //有源Unix域套接口(和網絡套接字一樣,但是只能用於本機通信,性能可以提高一倍) Proto RefCnt Flags Type State I-Node Path unix 2 [ ] DGRAM 1491 @/org/kernel/udev/udevd unix 4 [ ] DGRAM 7337 /dev/log unix 2 [ ] DGRAM 708823 unix 2 [ ] DGRAM 7539 unix 3 [ ] STREAM CONNECTED 7287 unix 3 [ ] STREAM CONNECTED 7286 [root@localhost ~]#說明:
1."Recv-Q"和"Send-Q"指的是接收隊列和發送隊列。 2.Proto顯示連接使用的協議;RefCnt表示連接到本套接口上的進程號;Types顯示套接口的類型;State顯示套接口當前的狀態;Path表示連接到套接口的其它進程使用的路徑名。
3.套接口類型: -t :TCP
-u :UDP -raw :RAW類型
--unix :UNIX域類型 --ax25 :AX25類型
--ipx :ipx類型 --netrom :netrom類型
4.狀態說明: LISTEN: 偵聽來自遠方的TCP端口的連接請求
SYN-SENT: 再發送連接請求後等待匹配的連接請求(如果有大量這樣的狀態包,檢查是否中招了) SYN-RECEIVED 再收到和發送一個連接請求後等待對方對連接請求的確認(如有大量此狀態,估計被flood攻擊了)
ESTABLISHED: 代表一個打開的連接 FIN-WAIT-1: 等待遠程TCP連接中斷請求,或先前的連接中斷請求的確認
FIN-WAIT-2: 從遠程TCP等待連接中斷請求 CLOSE-WAIT: 等待從本地用戶發來的連接中斷請求
CLOSING: 等待遠程TCP對連接中斷的確認 LAST-ACK: 等待原來的發向遠程TCP的連接中斷請求的確認(不是什麼好東西,此項出現,檢查是否被攻擊)
TIME-WAIT: 等待足夠的時間以確保遠程TCP接收到連接中斷請求的確認 CLOSED: 沒有任何連接狀態
2)[sunjimeng@localhost ~]$ netstat -a 顯示所有已監聽或者沒有監聽的端口
[sunjimeng@localhost ~]$ netstat -a Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN tcp 0 0 localhost:ipp 0.0.0.0:* LISTEN tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN tcp 0 0 192.168.142.128:52328 115.28.122.210:http TIME_WAIT tcp 0 0 192.168.142.128:52836 112.124.140.210:http TIME_WAIT tcp 0 0 192.168.142.128:52334 115.28.122.210:http TIME_WAIT tcp 0 0 192.168.142.128:52329 115.28.122.210:http TIME_WAIT tcp 0 0 192.168.142.128:52839 112.124.140.210:http TIME_WAIT tcp 0 0 192.168.142.128:52336 115.28.122.210:http TIME_WAIT tcp 0 0 192.168.142.128:52844 112.124.140.210:http TIME_WAIT tcp 0 0 192.168.142.128:54198 202.204.80.77:http TIME_WAIT tcp 0 0 192.168.142.128:52326 115.28.122.210:http TIME_WAIT tcp 0 0 192.168.142.128:52842 112.124.140.210:http TIME_WAIT tcp 0 0 192.168.142.128:44060 ec2-52-27-123-81.:https ESTABLISHED tcp 0 0 192.168.142.128:52847 112.124.140.210:http TIME_WAIT tcp 0 0 192.168.142.128:54204 202.204.80.77:http TIME_WAIT tcp 0 0 192.168.142.128:52332 115.28.122.210:http TIME_WAIT tcp 0 0 192.168.142.128:54208 202.204.80.77:http TIME_WAIT tcp6 0 0 [::]:ssh [::]:* LISTEN tcp6 0 0 localhost:ipp [::]:* LISTEN tcp6 0 0 localhost:smtp [::]:* LISTEN udp 0 0 0.0.0.0:bootpc 0.0.0.0:* udp 0 0 0.0.0.0:ntp 0.0.0.0:* udp 0 0 localhost:323 0.0.0.0:* udp 768 0 192.168.142.128:39404 192.168.142.2:domain ESTABLISHED udp 0 0 0.0.0.0:27664 0.0.0.0:* udp 0 0 0.0.0.0:mdns 0.0.0.0:* udp 0 0 0.0.0.0:52525 0.0.0.0:* udp 0 0 0.0.0.0:52525 0.0.0.0:* udp6 0 0 [::]:ntp [::]:* udp6 0 0 localhost:323 [::]:* udp6 0 0 [::]:14031 [::]:* raw6 0 0 [::]:ipv6-icmp [::]:* 7 Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 26013 @/tmp/.ICE-unix/2850 unix 2 [ ACC ] STREAM LISTENING 23031 @/tmp/dbus-XARCfYJ4 unix 2 [ ACC ] STREAM LISTENING 18194 /var/run/abrt/abrt.socket ...... unix 3 [ ] STREAM CONNECTED 16906
3)[sunjimeng@localhost ~]$ netstat -nu 顯示已建立的UDP連接
[sunjimeng@localhost ~]$ netstat -nu Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State udp 768 0 192.168.142.128:39404 192.168.142.2:53 ESTABLISHED [sunjimeng@localhost ~]$ netstat -anu Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 0.0.0.0:68 0.0.0.0:* udp 0 0 0.0.0.0:123 0.0.0.0:* udp 0 0 127.0.0.1:323 0.0.0.0:* udp 768 0 192.168.142.128:39404 192.168.142.2:53 ESTABLISHED udp 0 0 0.0.0.0:27664 0.0.0.0:* udp 0 0 0.0.0.0:5353 0.0.0.0:* udp 0 0 0.0.0.0:52525 0.0.0.0:* udp6 0 0 :::123 :::* udp6 0 0 ::1:323 :::* udp6 0 0 :::14031 :::*
4)[sunjimeng@localhost ~]$ netstat -nt 顯示所有已建立的TCP連接
[sunjimeng@localhost ~]$ netstat -nat Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 192.168.142.128:44060 52.27.123.81:443 ESTABLISHED tcp 0 0 192.168.142.128:52438 115.28.122.210:80 ESTABLISHED tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 ::1:631 :::* LISTEN tcp6 0 0 ::1:25 :::* LISTEN [sunjimeng@localhost ~]$ netstat -nt Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 192.168.142.128:44060 52.27.123.81:443 ESTABLISHED tcp 0 0 192.168.142.128:52438 115.28.122.210:80 ESTABLISHED
5)[sunjimeng@localhost ~]$ netstat -nupa 顯示UDP端口號的使用情況
[sunjimeng@localhost ~]$ netstat -nupa //沒有root權限 (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 0.0.0.0:68 0.0.0.0:* - udp 0 0 0.0.0.0:123 0.0.0.0:* - udp 0 0 127.0.0.1:323 0.0.0.0:* - udp 768 0 192.168.142.128:39404 192.168.142.2:53 ESTABLISHED 18744/netstat udp 0 0 0.0.0.0:27664 0.0.0.0:* - udp 0 0 0.0.0.0:5353 0.0.0.0:* - udp 0 0 0.0.0.0:52525 0.0.0.0:* - udp6 0 0 :::123 :::* - udp6 0 0 ::1:323 :::* - udp6 0 0 :::14031 :::* - [sunjimeng@localhost ~]$ su root 密碼: [root@localhost sunjimeng]# netstat -aunp //有root權限 Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 0.0.0.0:68 0.0.0.0:* 14421/dhclient udp 0 0 0.0.0.0:123 0.0.0.0:* 781/chronyd udp 0 0 127.0.0.1:323 0.0.0.0:* 781/chronyd udp 768 0 192.168.142.128:39404 192.168.142.2:53 ESTABLISHED 18744/netstat udp 0 0 0.0.0.0:27664 0.0.0.0:* 14421/dhclient udp 0 0 0.0.0.0:5353 0.0.0.0:* 797/avahi-daemon: r udp 0 0 0.0.0.0:52525 0.0.0.0:* 797/avahi-daemon: r udp 0 0 192.168.142.128:34639 192.168.142.2:53 ESTABLISHED 20626/python udp6 0 0 :::123 :::* 781/chronyd udp6 0 0 ::1:323 :::* 781/chronyd udp6 0 0 :::14031 :::* 14421/dhclient
6)[root@localhost sunjimeng]# netstat -i 顯示網卡列表
[root@localhost sunjimeng]# netstat -i Kernel Interface table Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eno16777 1500 302197 0 1 0 90150 0 0 0 BMRU lo 65536 2293 0 0 0 2293 0 0 0 LRU
7)[root@localhost sunjimeng]# netstat -s 顯示網絡統計信息
[root@localhost sunjimeng]# netstat -s
Ip:
132373 total packets received
0 forwarded
0 incoming packets discarded
130636 incoming packets delivered
93212 requests sent out
500 outgoing packets dropped
69 dropped because of missing route
Icmp:
1149 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
destination unreachable: 1044
timeout in transit: 28
echo requests: 26
echo replies: 51
1283 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 1066
echo request: 191
echo replies: 26
IcmpMsg:
InType0: 51
InType3: 1044
InType8: 26
InType11: 28
OutType0: 26
OutType3: 1066
OutType8: 191
Tcp:
1330 active connections openings
0 passive connection openings
75 failed connection attempts
9 connection resets received
2 connections established
125542 segments received
86517 segments send out
421 segments retransmited
3 bad segments received.
99 resets sent
Udp:
2894 packets received
1053 packets to unknown port received.
0 packet receive errors
4969 packets sent
0 receive buffer errors
0 send buffer errors
UdpLite:
TcpExt:
706 TCP sockets finished time wait in fast timer
508 delayed acks sent
9 delayed acks further delayed because of locked socket
Quick ack mode was activated 3 times
94581 packet headers predicted
2447 acknowledgments not containing data payload received
2473 predicted acknowledgments
22 congestion windows recovered without slow start after partial ack
174 other TCP timeouts
1 connections reset due to unexpected data
1 connections reset due to early user close
IPReversePathFilter: 1
TCPRcvCoalesce: 44130
TCPChallengeACK: 3
TCPSYNChallenge: 3
IpExt:
InNoRoutes: 382
InMcastPkts: 661
OutMcastPkts: 255
InBcastPkts: 15
OutBcastPkts: 15
InOctets: 420174480
OutOctets: 5078197
InMcastOctets: 101685
OutMcastOctets: 39453
InBcastOctets: 1170
OutBcastOctets: 1170 8)[root@localhost sunjimeng]# netstat -r 顯示路由表的信息[root@localhost sunjimeng]# netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface default 192.168.142.2 0.0.0.0 UG 0 0 0 eno16777736 192.168.142.0 0.0.0.0 255.255.255.0 U 0 0 0 eno16777736 192.168.142.0 0.0.0.0 255.255.255.0 U 0 0 0 eno16777736 [root@localhost sunjimeng]# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.142.2 0.0.0.0 UG 100 0 0 eno16777736 192.168.142.0 0.0.0.0 255.255.255.0 U 0 0 0 eno16777736 192.168.142.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777736[b] (5)其他:[/b]
Linux網絡套接字:
套接字連接的過程如同(客戶)打一個電話到一個大公司,接線員(服務器進程)接聽電話並把它轉接到你要找的部門,然後再從那裡轉到你要找的人(服務器套接字),然後接線員(服務器進程)再繼續轉接其它(客戶)的電話。 套接字有本地套接字和網絡套接字兩種。本地套接字的名字是Linux文件系統中的文件名,一般放在/tmp或/usr/tmp目錄中;網絡套接字的名字是與客戶連接的特定網絡有關的服務標識符(端口號或訪問點)。這個標識符允許Linux將進入的針對特定端口號的連接轉到正確的服務器進程。
套接字的連接建立過程:http://blog.chinaunix.net/uid-25829053-id-3015832.html; Java通信中的套接字連接過程:http://www.cnblogs.com/MenAngel/p/5317082.html;
