Shulou(Shulou.com)06/01 Report--

3 、 Netstat.

Without options.

-an option.

-e option.

-n option.

-f option.

-b option.

-O option.

-r option.

-s option.

-t option.

Interval option.

3 、 Netstat

Netstat is a very useful tool for monitoring TCP/IP networks. It can display routing tables, actual TCP network connections, TCP and UDP snooping, process memory management, and status information of each network interface device. Netstat is used to display statistics related to IP, TCP, UDP and ICMP protocols. It is generally used to verify the network connection of each port of the machine and let the user know which network connections are in operation.

If your computer sometimes receives packets that cause errors or failures, you should not be surprised that TCP/IP can tolerate these types of errors and automatically resend packets. But if the cumulative number of error cases accounts for a significant percentage of the IP datagrams received, or if its number is increasing rapidly, then you should use Netstat to find out why these situations occur.

In command line mode, enter netstat /? You can display help information.

Netstat prompts for the following statistics:

1. Protocol (TCP or UDP)

2. Local address: the IP address of the local computer and the port number being used. If you do not specify the-n parameter, the name and port name corresponding to the IP address of the local computer are displayed. If the port has not been established, the port number is displayed as an asterisk.

3. External address: the IP address and port number that the socket connects to the remote computer. If you do not specify the-n parameter, the corresponding IP address and the name of the port are displayed. If the port has not been established, the port number is displayed as an asterisk.

4. Status: indicates the status of a TCP connection. The possible states are as follows:

LISTENING: (Listening for a connection.) Listen for connection requests from remote TCP ports

SYN-SENT: (Active; sent SYN. Waiting for a matching connection request after having sent a connection request.) Then send the connection request and wait for the matching connection request

SYN-RECEIVED: (Sent and received SYN. Waiting for a confirming connection request acknowledgment after having both received and sent connection requests.) After receiving and sending a connection request, wait for the other party to confirm the connection request

ESTABLISHED: (Connection established.) Represents an open connection

FIN-WAIT-1: (Closed; sent FIN.) Wait for remote TCP connection disruption request, or confirmation of previous connection interruption request

FIN-WAIT-2: (Closed; FIN is acknowledged; awaiting FIN.) Wait for connection disconnection request from remote TCP

CLOSE-WAIT: (Received FIN; waiting to receive CLOSE.) Waiting for a connection disconnection request from a local user

CLOSING: (Closed; exchanged FIN; waiting for FIN.) Wait for the remote TCP to confirm the connection break.

LAST-ACK: (Received FIN and CLOSE; waiting for FIN ACK.) Wait for confirmation of the original connection break request sent to the remote TCP

TIME-WAIT: (In 2 MSL (twice the maximum segment length) quiet wait after close. ) wait enough time to ensure that the remote TCP receives an acknowledgement of the connection disconnection request

CLOSED: (Connection is closed.) There is no connection status

For more information about the status of TCP connections, see RFC 793

No option

The netstat command with no arguments, showing the active TCP connection. Official description: Used without parameters, netstat displays active TCP connections.

-an option

Displays all active TCP connections and the TCP and UDP ports on which the computer is listening. Official description: Displays all active TCP connections and the TCP and UDP ports on which the computer is listening.

The-an option is often used to get an open port on your local system, which you can use to check whether it is installed on your system. Ports less than 1024 usually run some network services, and ports greater than 1024 are used to establish connections with remote machines.

-e option

This option is used to display statistics about Ethernet. It lists items including the total number of bytes, errors, deletions, datagrams, and broadcasts of datagrams transmitted. These statistics include both the number of datagrams sent and the number of datagrams received. This option can be used to count some basic network traffic. This option can be used in combination with the-s option. The-s parameters are classified according to different protocols.

If the network becomes slow or abnormal, you can use this command to see the percentage of dropped or incorrect packets. If the received error and the transmitted error are close to zero or all zero, the interface of the network is fine. However, when these two fields have more than 100 error groups, it can be considered as a high error rate. A high transmission error indicates that the local network is saturated or there is a poor physical connection between the host and the network; a high receiving error indicates that the overall network is saturated, the local host is overloaded, or there is a problem with the physical connection. You can use the Ping command to calculate the bit error rate and further determine the degree of the fault. The combination of netstat-e and ping can solve a large part of the network failure.

-n option

Displaying the address and port number in numeric form can basically be seen as the digital form of netstat-a.

It is common to use netstat-an to display all connected ports and use numbers to represent them.

-f option

Displays the fully qualified domain name of the external address

-b option

Displays the executable components contained in creating each connection or listening port. In some cases it is known that the executable component has multiple independent components, and in these cases the sequence of components contained in creating a connection or listening port is displayed. In this case, the executable component name is in [] at the bottom, and at the top is the component it calls, and so on, until the TCP/IP section. Note that this option may take a long time and may fail if you do not have sufficient permissions.

-o option

Displays the owned process ID associated with each connection.

-r option

Displays the routing table, which is the same as the output of the route print command.

-s option

Displays statistics for each protocol.

-t option

Displays the uninstall status of the current connection

Interval option

Redisplays the selected statistics, pausing interval seconds between each display. Press CTRL+C to stop redisplaying statistics. If this parameter is omitted, netstat prints the current configuration information once.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.