2. 科技
  3. netstat

netstat

it2022-05-09  20

下面是netstat 的十个用法 

netstat [options]...  

1. Display routing information maintained by kernel

This information can be retrieved using the -r option along with this command.  Consider the following example : $ netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.1.0 * 255.255.255.0 U 0 0 0 wlan0 link-local * 255.255.0.0 U 0 0 0 wlan0 default 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0 So we see that kernel routing table information was displayed using the -r option. The flag 'U' indicates that this entry is up while the flag 'G' indicates that this entry is not a direct entry i.e. the destination indicated in this route entry is not on the same network. A list of flags is given below :  A Receive all multicast at this interface. B OK broadcast. D Debugging ON.  M Promiscuous Mode. O No ARP at this interface. P P2P connection at this interface.  R Interface is running.  U Interface is up.  G Not a direct entry.  

2. Display multicast group membership information

This information is displayed for both IPv4 and IPv6 and can be retrieved using -g option with this command.  Consider the following example : $ netstat -g IPv6/IPv4 Group Memberships Interface RefCnt Group --------------- ------ --------------------- lo 1 all-systems.mcast.net eth0 1 all-systems.mcast.net wlan0 1 224.0.0.251 wlan0 1 all-systems.mcast.net lo 1 ip6-allnodes eth0 1 ip6-allnodes wlan0 1 ff02::1:ff20:3a8e wlan0 1 ip6-allnodes pan0 1 ip6-allnodes

So we see that the multicast information was displayed in the above output.

 

3. Display information related to all network interfaces

This is made possible using the -i option along with this command.  Consider the following example : $ netstat -i Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 0 0 0 0 0 0 0 0 BMU lo 16436 0 44 0 0 0 44 0 0 0 LRU wlan0 1500 0 166164 0 0 0 152434 0 0 0 BMRU So we see that all the network information related to individual interfaces was displayed in the output. The RX and TX columns are described as follows :  RX-OK   : Correct packets received on this interface.  RX-ERR : Incorrect packets received on this interface  RX-DRP : Packets that were dropped at this interface.  RX-OVR : Packets that this interface was unable to receive.  Similar definition is for the  TX columns that describe the transmitted packets.  

4. Display summary statistics for each protocol

This is very handy information that netstat command provides. This information can be retrieved by using -s option with this command.  Consider the following example : $ netstat -s Ip: 167813 total packets received 1 with invalid addresses 0 forwarded 0 incoming packets discarded 166864 incoming packets delivered 153028 requests sent out Icmp: 12 ICMP messages received 0 input ICMP message failed. ICMP input histogram: destination unreachable: 12 12 ICMP messages sent 0 ICMP messages failed ICMP output histogram: destination unreachable: 12 IcmpMsg: InType3: 12 OutType3: 12 Tcp: 3270 active connections openings 0 passive connection openings 11 failed connection attempts 279 connection resets received 2 connections established 158262 segments received 145989 segments send out 477 segments retransmited 0 bad segments received. 1938 resets sent Udp: 5418 packets received 12 packets to unknown port received. 0 packet receive errors 5387 packets sent UdpLite: TcpExt: 52 packets pruned from receive queue because of socket buffer overrun 1661 TCP sockets finished time wait in fast timer 2 time wait sockets recycled by time stamp 5 packets rejects in established connections because of timestamp 3733 delayed acks sent 1 delayed acks further delayed because of locked socket Quick ack mode was activated 890 times 384 packets directly queued to recvmsg prequeue. 210504 bytes directly received in process context from prequeue 83445 packet headers predicted 153 packets header predicted and directly queued to user 8241 acknowledgments not containing data payload received 1732 predicted acknowledgments 3 congestion windows recovered without slow start by DSACK 203 congestion windows recovered without slow start after partial ack 1 timeouts after reno fast retransmit 9 timeouts after SACK recovery 2 timeouts in loss state 9 retransmits in slow start 428 other TCP timeouts 1782 packets collapsed in receive queue due to low socket buffer 861 DSACKs sent for old packets 22 DSACKs sent for out of order packets 276 DSACKs received 407 connections reset due to unexpected data 272 connections reset due to early user close 4 connections aborted due to timeout TCPDSACKIgnoredOld: 128 TCPDSACKIgnoredNoUndo: 31 TCPSackShiftFallback: 2 IpExt: InMcastPkts: 2370 OutMcastPkts: 1199 InBcastPkts: 2270 OutBcastPkts: 1331 InOctets: 194805011 OutOctets: 15947915 InMcastOctets: 74161 OutMcastOctets: 41385 InBcastOctets: 477074 OutBcastOctets: 194151

So we see that vital statistical information related to each protocol was displayed in the output.

 

5. Monitor continuously

Yes, netstat command provides an option -c using which any type of information can be monitored continuously. Here continuously means that same information would be fetched again and again after each second and the netstat output will grow until you choose to stop the command.  Here is an example where the interface information can be monitored continuously : $ netstat -ic Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 0 0 0 0 0 0 0 0 BMU lo 16436 0 44 0 0 0 44 0 0 0 LRU wlan0 1500 0 167000 0 0 0 153174 0 0 0 BMRU Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 0 0 0 0 0 0 0 0 BMU lo 16436 0 44 0 0 0 44 0 0 0 LRU wlan0 1500 0 167000 0 0 0 153174 0 0 0 BMRU Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 0 0 0 0 0 0 0 0 BMU lo 16436 0 44 0 0 0 44 0 0 0 LRU wlan0 1500 0 167000 0 0 0 153174 0 0 0 BMRU Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 0 0 0 0 0 0 0 0 BMU lo 16436 0 44 0 0 0 44 0 0 0 LRU wlan0 1500 0 167000 0 0 0 153174 0 0 0 BMRU Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 0 0 0 0 0 0 0 0 BMU lo 16436 0 44 0 0 0 44 0 0 0 LRU wlan0 1500 0 167000 0 0 0 153174 0 0 0 BMRU Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 0 0 0 0 0 0 0 0 BMU lo 16436 0 44 0 0 0 44 0 0 0 LRU wlan0 1500 0 167000 0 0 0 153174 0 0 0 BMRU Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 0 0 0 0 0 0 0 0 BMU lo 16436 0 44 0 0 0 44 0 0 0 LRU wlan0 1500 0 167000 0 0 0 153174 0 0 0 BMRU Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 0 0 0 0 0 0 0 0 BMU lo 16436 0 44 0 0 0 44 0 0 0 LRU wlan0 1500 0 167001 0 0 0 153174 0 0 0 BMRU Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 0 0 0 0 0 0 0 0 BMU lo 16436 0 44 0 0 0 44 0 0 0 LRU wlan0 1500 0 167001 0 0 0 153175 0 0 0 BMRU Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 0 0 0 0 0 0 0 0 BMU lo 16436 0 44 0 0 0 44 0 0 0 LRU wlan0 1500 0 167001 0 0 0 153175 0 0 0 BMRU Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 0 0 0 0 0 0 0 0 BMU lo 16436 0 44 0 0 0 44 0 0 0 LRU wlan0 1500 0 167001 0 0 0 153175 0 0 0 BMRU ^C $

So we see that the interface information (using -i) was displayed continuously again and again using -c option. The figure change (highlighted in bold) in the output above gives us an idea how -c option is useful to see updates in statistics in real time.

 

6. Display extra information

Apart from the information that netstat produces in output, Extra information can be produced in output using -e option.  Consider an example below : $ netstat -e Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode tcp 0 0 himanshu-laptop.l:46096 sjc-not16.sjc.dropb:www ESTABLISHED himanshu 88185 tcp 38 0 himanshu-laptop.l:40156 v-d-1a.sjc.dropbo:https CLOSE_WAIT himanshu 88182 tcp 38 0 himanshu-laptop.l:54501 v-client-5a.sjc.d:https CLOSE_WAIT himanshu 247035 tcp 38 0 himanshu-laptop.l:60738 v-client-2b.sjc.d:https CLOSE_WAIT himanshu 10991 tcp 0 0 himanshu-laptop.l:59610 del01s05-in-f22.1:https ESTABLISHED himanshu 186169 Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ] DGRAM 3273 @/org/kernel/udev/udevd unix 20 [ ] DGRAM 4787 /dev/log unix 3 [ ] STREAM CONNECTED 206978 @/tmp/dbus-VwQ8GS3QiP unix 3 [ ] STREAM CONNECTED 206977 unix 3 [ ] STREAM CONNECTED 206943 @/tmp/dbus-VwQ8GS3QiP unix 3 [ ] STREAM CONNECTED 206942 unix 3 [ ] STREAM CONNECTED 206941 @/tmp/.ICE-unix/1543 unix 3 [ ] STREAM CONNECTED 206940 unix 3 [ ] STREAM CONNECTED 206939 @/tmp/.X11-unix/X0 unix 3 [ ] STREAM CONNECTED 206938 unix 3 [ ] STREAM CONNECTED 206937 /tmp/orbit-himanshu/linc-dcf-0-427340219d277 unix 3 [ ] STREAM CONNECTED 206936 unix 3 [ ] STREAM CONNECTED 206933 /tmp/orbit-himanshu/linc-630-0-480531b88e2fc ... ... ...

So we see that lots of extra information related to internet connections (like user, Inode etc) was produced in the output.

 

7. Display network timer related information

This type of information can be produced in output using -o option with this command.  Consider the following example : $ netstat -o Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State Timer tcp 0 0 himanshu-laptop.l:46096 sjc-not16.sjc.dropb:www ESTABLISHED off (0.00/0/0) tcp 38 0 himanshu-laptop.l:40156 v-d-1a.sjc.dropbo:https CLOSE_WAIT off (0.00/0/0) tcp 38 0 himanshu-laptop.l:54501 v-client-5a.sjc.d:https CLOSE_WAIT off (0.00/0/0) tcp 38 0 himanshu-laptop.l:60738 v-client-2b.sjc.d:https CLOSE_WAIT off (0.00/0/0) tcp 0 0 himanshu-laptop.l:59610 del01s05-in-f22.1:https ESTABLISHED off (0.00/0/0) Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ] DGRAM 3273 @/org/kernel/udev/udevd unix 20 [ ] DGRAM 4787 /dev/log unix 3 [ ] STREAM CONNECTED 206978 @/tmp/dbus-VwQ8GS3QiP unix 3 [ ] STREAM CONNECTED 206977 unix 3 [ ] STREAM CONNECTED 206943 @/tmp/dbus-VwQ8GS3QiP unix 3 [ ] STREAM CONNECTED 206942 ... ... ...

So we see that the timer related information (highlighted in bold) was produced in the output.

 

8. Display the PID of the program using socket

The PID of the program using a particular socket can be produced in the output using the option -p with this command.  Consider the following example : $ netstat -p (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 195 himanshu-laptop.l:46096 sjc-not16.sjc.dropb:www ESTABLISHED 1643/dropbox tcp 38 0 himanshu-laptop.l:40156 v-d-1a.sjc.dropbo:https CLOSE_WAIT 1643/dropbox tcp 38 0 himanshu-laptop.l:54501 v-client-5a.sjc.d:https CLOSE_WAIT 1643/dropbox tcp 38 0 himanshu-laptop.l:60738 v-client-2b.sjc.d:https CLOSE_WAIT 1643/dropbox tcp 0 0 himanshu-laptop.l:59610 del01s05-in-f22.1:https ESTABLISHED 1887/firefox Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ ] DGRAM 3273 - @/org/kernel/udev/udevd unix 20 [ ] DGRAM 4787 - /dev/log unix 3 [ ] STREAM CONNECTED 206978 1581/dbus-daemon @/tmp/dbus-VwQ8GS3QiP unix 3 [ ] STREAM CONNECTED 206977 1627/metacity ... ... ...

As suggested by the highlighted portion in the output, the PID related information was produced using -p option.

 

9. Show only listening sockets

This can be made possible by using the -l option with this command.  Consider the following example : $ netstat -l Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 localhost:ipp *:* LISTEN tcp 0 0 *:17500 *:* LISTEN tcp6 0 0 [::]:netbios-ssn [::]:* LISTEN tcp6 0 0 localhost:ipp [::]:* LISTEN tcp6 0 0 [::]:microsoft-ds [::]:* LISTEN ... ... ...

So we see that only those sockets whose state is LISTEN are produced in the output.

 

10. Show routing information from route cache

Information from route cache is produced in the output using -C option with this command.  Consider the following example : $ netstat -C Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 himanshu-laptop.l:46096 sjc-not16.sjc.dropb:www ESTABLISHED tcp 38 0 himanshu-laptop.l:40156 v-d-1a.sjc.dropbo:https CLOSE_WAIT tcp 38 0 himanshu-laptop.l:54501 v-client-5a.sjc.d:https CLOSE_WAIT tcp 38 0 himanshu-laptop.l:60738 v-client-2b.sjc.d:https CLOSE_WAIT tcp 0 0 himanshu-laptop.l:59610 del01s05-in-f22.1:https ESTABLISHED Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ] DGRAM 3273 @/org/kernel/udev/udevd unix 20 [ ] DGRAM 4787 /dev/log unix 3 [ ] STREAM CONNECTED 206978 @/tmp/dbus-VwQ8GS3QiP unix 3 [ ] STREAM CONNECTED 206977 unix 3 [ ] STREAM CONNECTED 206943 @/tmp/dbus-VwQ8GS3QiP unix 3 [ ] STREAM CONNECTED 206942 ... ... ...

The output above is produced using the information from route cache.

 

 

转载于:https://www.cnblogs.com/sunyongjie1984/p/4344840.html

相关资源:数据结构—成绩单生成器

专利

最新回复(0)