Shulou(Shulou.com)06/02 Report--

What is netstat?

If you have a linux system on hand, you can type man netstat directly and you can get help information. Man's explanation of netstat is very concise, with only a brief description:

"netstat-Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships"

Netstat can be used to display network connections, routing tables, interface statistics, pseudo connections, and multicast members.

The netstat command is used to display statistics related to the IP, TCP, UDP, and ICMP protocols, and is generally used to check the network connectivity of each port of the machine. Netstat is a program that accesses network and related information in the kernel. It can provide reports on TCP connection, TCP and UDP snooping, and process memory management.

If your computer sometimes receives datagrams that cause errors or failures, you should not be surprised that TCP/IP can allow these types of errors and automatically resend datagrams. But if the cumulative number of errors accounts for a significant percentage of accepted IP datagrams, or if its number is growing rapidly, then you should use netstat to find out why this is happening.

[command format]

Netstat [- cCeFghilMnNoprstuvVwx] [- A] [--ip]

[command function]

Netstat is used to display statistics related to IP, TCP, UDP and ICMP protocols, and is generally used to verify the connectivity of local ports.

[command parameters]

-an or-all displays the socket in all connections

-An or-lists the relevant addresses in the network type connection.

-c or-continuous continuously lists the network status.

-C or-cache displays the cache information configured by the router.

-e or-extend displays other relevant information about the network.

-F or-fib displays FIB.

-g or-groups displays the list of group members of the multi-broadcast function.

-h or-help online help.

-I or-interfaces displays a form of web interface information.

-l or-listening displays the socket of the server in monitoring.

-M or-masquerade displays a camouflaged network connection.

-n or-numeric uses the IP address directly, not through the domain name server.

-N or-netlink or-symbolic displays the symbolic connection name of the network hardware peripheral.

-o or-timers displays the timer.

-p or-programs displays the program identification number and program name of the socket being used.

-r or-route displays Routing Table.

-s or-statistice displays statistical tables of network work information.

-t or-tcp displays the connection status of the tcp transport protocol.

-u or-udp displays the connection status of the udp transport protocol.

-v or-verbose displays the instruction execution process.

-V or-version displays version information.

-w or-raw displays the connection status of the RAW transport protocol.

-x or-unix this parameter has the same effect as the specified "- A unix" parameter.

-ip or-inet this parameter has the same effect as specifying the "- An inet" parameter.

[example demonstration]

Netstat

[root@node1 ~] # netstatActive Internet connections (wAccord o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 52 node1.magedu.com:ssh 172.16.18.2 Proto Recv-Q Send-Q Local Address Foreign Address State tcp 50297 ESTABLISHEDActive UNIX domain sockets (wAccord o servers) Proto RefCnt Flags Type State I-Node Pathunix 14 [] DGRAM 9828 / dev/logunix 2 [] DGRAM 7786 @ / org/kernel/udev/udevdunix 2 [] DGRAM 10754 @ / org/freedesktop/hal/udev_event

Overall, the output of netstat can be divided into two parts:

One is Active Internet connections, called an active TCP connection, where "Recv-Q" and "Send-Q" refer to the receive queue and the send queue. These numbers are generally supposed to be zero. If not, the package is piling up in the queue. This can only be seen in very rare cases.

The other is Active UNIX domain sockets, called the active Unix domain socket (like network sockets, but only for native communication, and performance can be doubled).

Proto shows the protocol used for the connection, RefCnt indicates the process number connected to this socket, Types shows the type of socket, State shows the current status of the socket, and Path indicates the path name used by other processes connected to the socket.

Status description:

LISTEN: listen for connection requests from remote TCP ports

SYN-SENT: wait for a matching connection request after sending a connection request (if there are a large number of such status packets, check whether they have been hit)

SYN-RECEIVED: after receiving and sending a connection request, wait for the other party to confirm the connection request (if there are a large number of this status, it is estimated to be flood***)

ESTABLISHED: represents an open connection

FIN-WAIT-1: wait for remote TCP connection disruption request, or confirmation of previous connection interruption request

FIN-WAIT-2: waiting for a connection break request from a remote TCP

CLOSE-WAIT: waiting for a connection disconnection request from a local user

CLOSING: wait for the remote TCP to confirm the connection break

LAST-ACK: wait for the confirmation of the original connection disconnection request sent to the remote TCP (not a good thing, this item appears, check whether it has been *)

TIME-WAIT: wait enough time to ensure that the remote TCP receives an acknowledgement of the connection disconnection request

CLOSED: no connection status

Netstat-s

[root@node1] # netstat-sIp: 125329 total packets received 14383 with invalid addresses 0 forwarded 0 incoming packets discarded 97126 incoming packets delivered 33554 requests sent out 10 dropped because of missing routeIcmp: 457 ICMP messages received 72 input ICMP message failed. ICMP input histogram: destination unreachable: 457 373 ICMP messages sent 0 ICMP messages failed ICMP output histogram: destination unreachable: 373IcmpMsg: InType3: 457 OutType3: 373Tcp: 139 active connections openings 20 passive connection openings 31 failed connection attempts 23 connection resets received 1 connections established 91423 segments received 32616 segments send out 73 segments retransmited 0 bad segments received. 23 resets sentUdp: 56 packets received 0 packets to unknown port received. 0 packet receive errors 492 packets sentUdpLite:TcpExt: 145 packets pruned from receive queue because of socket buffer overrun 8 ICMP packets dropped because they were out-of-window 3 TCP sockets finished time wait in fast timer 183 delayed acks sent 5 delayed acks further delayed because of locked socket Quick ack mode was activated 8 times 28 packets directly queued to recvmsg prequeue. 4 packets directly received from prequeue 81707 packets header predicted 1925 acknowledgments not containing data received 708 predicted acknowledgments TCPDSACKUndo: 10 1 congestion windows recovered after partial ack 0 TCP data loss events 1 retransmits in slow start 42 other TCP timeouts 17054 packets collapsed in receive queue due to low socket buffer 9 DSACKs sent for old packets 12 DSACKs received 1 connections reset due to unexpected data 19 connections reset due to early user close 3 connections aborted due to timeout TCPSackShiftFallback: 1 TCPBacklogDrop: 16IpExt: InMcastPkts: 35 InBcastPkts: 5155 InOctets: 135205393 OutOctets: 2321147 InMcastOctets: 1120 InBcastOctets: 800085

This option can display its statistics according to each protocol. If our application (such as a web browser) is slow or cannot display data such as web pages, then we can use this option to view the information displayed. We need to look carefully at the lines of the statistics to find the keywords that went wrong, and then to determine where the problem lies.

Netstat-e

[root@node1] # netstat-eActive Internet connections (w servers) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode tcp 0 52 node1.magedu.com:ssh 172.16.18.2 servers 50297 ESTABLISHED root 64806 Active UNIX domain sockets (w bank o servers) Proto RefCnt Flags Type State I-Node Pathunix 14 [] DGRAM 9828 / dev/logunix 2 [] DGRAM 7786 @ / org/kernel/udev/udevdunix 2 [] DGRAM 10754 @ / org/freedesktop/hal/udev_eventunix 2 [] DGRAM 64850unix 2 [] DGRAM 64713unix 3 [] STREAM CONNECTED 57258 / var/run/dbus/system_bus_socketunix 3 [] STREAM CONNECTED 57257unix 2 [] DGRAM 41768unix 3 [] STREAM CONNECTED 11830 / var/run/dbus/system_bus_socket

This option is used to display statistics about Ethernet. It lists the total number of bytes, errors, deletions, packets, and broadcasts of packets transmitted. These statistics include both the number of datagrams sent and the number of datagrams received. This option can be used to count some basic network traffic.

Netstat-r

[root@node1 ~] # netstat-rKernel IP routing tableDestination Gateway Genmask Flags MSS Window irtt Iface172.16.0.0 * 255.255.0.0 U 000 eth0

This option displays information about the routing table, similar to what you see when you use the route print command later. In addition to displaying valid routes, currently valid links are also displayed.

Netstat-a

[root@node1 ~] # netstat-aActive Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *: sunrpc *: * LISTEN tcp 0 0 *: 56818 *: * LISTEN tcp 0 *: ssh *: * LISTEN tcp 0 0 localhost:ipp *: * LISTEN tcp 0 0 localhost:smtp *: * LISTEN tcp 0 0 localhost:x11- Ssh-offset *: * LISTEN tcp 0 0 node1.magedu.com:ssh 172.16.18.2 ESTABLISHEDtcp 0 0 *: sunrpc *: * LISTEN tcp 0 0 *: 49906 *: * LISTEN tcp 0 0 *: ssh *: * LISTEN tcp 0 0 localhost:ipp *: * LISTEN tcp 0 0 localhost:smtp *: * LISTEN tcp 0 localhost:x11-ssh-offset *: * LISTEN udp 0 0 *: sunrpc *: * udp 0 0 *: ipp *: * udp 0 *: con *: * udp 0 1536 *: ntp *: * udp 0 0 *: 817 *: * Udp 0 0 *: 50398 *: * udp 0 0 *: sunrpc *: * udp 0 0 *: con *: * Udp 0 0 *: ntp *: * udp 0 0 *: 33805 *: * Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Pathunix 2 [ACC] STREAM LISTENING 10732 @ / var/run/hald/dbus-LUTxU382Gzunix 2 [ACC] STREAM LISTENING 10727 @ / var/run/hald/dbus-blwR0z9jUZunix 2 [ACC] STREAM LISTENING 10063 / var/run/rpcbind.sockunix 2 [ACC] STREAM LISTENING 11336 public/cleanupunix 2 [ACC] STREAM LISTENING 10163 / var/run/dbus/system_bus_socket

This option displays a list of all valid connection information, including established connections (ESTABLISHED) and which connections are listening for connection requests (LISTENING).

Netstat-n

[root@node1] # netstat-nActive Internet connections (wUnip o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 52 172.16.18.7 Proto Recv-Q Send-Q Local Address Foreign Address State tcp 22 172.16.18.2 nActive Internet connections 50297 ESTABLISHEDActive UNIX domain sockets (wUnip o servers) Proto RefCnt Flags Type State I-Node Pathunix 14 [] DGRAM 9828 / dev/logunix 2 [] DGRAM 7786 @ / org/kernel/udev/udevdunix 2 [] DGRAM 10754 @ / org/freedesktop/hal/udev_eventunix 2 [] DGRAM 64850unix 2 [] DGRAM 64713unix 3 [] STREAM CONNECTED 57258 / var/run/dbus/system_bus_socketunix 3 [] STREAM CONNECTED 57257unix 2 [] DGRAM 41768unix 3 [] STREAM CONNECTED 11830 / var/run/dbus/system_bus_socket

This option displays all valid connections that have been established.

Find out the port on which the program runs

[root@node1 ~] # netstat-ap | grep sshtcp 0 0 *: ssh *: * LISTEN 1688/sshd tcp 0 0 localhost:x11-ssh-offset *: * LISTEN 20222/sshd tcp 0 52 node1.magedu.com:ssh 172.16 .18.2 ESTABLISHED 20222/sshd tcp 50297 0 *: ssh *: * LISTEN 1688/sshd tcp 0 0 localhost:x11-ssh-offset *: * LISTEN 20222/sshd unix 2 [] DGRAM 64850 20222/sshd

Find the process running on the specified port

[root@node1 ~] # netstat-anpt | grep 80tcp 0 0: 80: * LISTEN 20841/httpd

More examples here will not be cited one by one, more content will continue to update!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.