In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-17 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >
Share
Shulou(Shulou.com)05/31 Report--
This article introduces the relevant knowledge of "case analysis of the use of netstat commands in Linux". In the operation of actual cases, many people will encounter this dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!
Brief introduction
The netstat command is used to display a variety of network-related information, such as network connections, routing tables, interface status (interface statistics), masquerade connections, multicast members (multicast memberships), and so on.
Meaning of output information
After executing the netstat, the output is
The copy code is as follows:
Active internet connections (w _ servers)
Proto recv-q send-q local address foreign address state
Tcp 0 2 210.34.6.89:telnet 210.34.6.96:2873 established
Tcp 296 0 210.34.6.89:1165 210.34.6.84:netbios-ssn established
Tcp 00 localhost.localdom:9001 localhost.localdom:1162 established
Tcp 00 localhost.localdom:1162 localhost.localdom:9001 established
Tcp 0 80 210.34.6.89:1161 210.34.6.10:netbios-ssn close
Active unix domain sockets (w _ servers)
Proto refcnt flags type state i-node path
Unix 1 [] stream connected 16178 @ 000000dd
Unix 1 [] stream connected 16176 @ 000000dc
Unix 9 [] dgram 5292 / dev/log
Unix 1 [] stream connected 16182 @ 000000df
Overall, the output of netstat can be divided into two parts:
One is active internet connections, which is called an active tcp connection, where "recv-q" and "send-q" refer to the receive queue and send queue of% 0a. These numbers are generally supposed to be zero. If not, the package is piling up in the queue. This can only be seen in very rare cases.
The other is active unix domain sockets, called the active unix domain socket (like network sockets, but only for native communication, and performance can be doubled).
Proto shows the protocol used for the connection, refcnt indicates the process number connected to this socket, types shows the type of socket, state shows the current status of the socket, and path indicates the path name used by other processes connected to the socket.
Common parameters
-a (all) shows all options, but does not show listen correlation by default
-t (tcp) displays only tcp related options
-u (udp) shows only udp related options
-n refuses to display aliases and can show that all numbers are converted into numbers.
-l lists only the status of services in listen (monitoring)
-p displays the name of the program that established the relevant link
-r displays routing information, routing table
-e displays extended information, such as uid, etc.
-s statistics based on each protocol
-c execute the netstat command at regular intervals.
Tip: the status of listen and listening can only be seen with-an or-l
Practical command example
1. List all ports (both monitored and unmonitored)
List all ports netstat-a
The copy code is as follows:
# netstat-a | more
Active internet connections (servers and established)
Proto recv-q send-q local address foreign address state
Tcp 00 localhost:30037 *: * listen
Udp 0 0 *: bootpc *: *
Active unix domain sockets (servers and established)
Proto refcnt flags type state i-node path
Unix 2 [acc] stream listening 6135 / tmp/.x11-unix/x0
Unix 2 [acc] stream listening 5140 / var/run/acpid.socket
List all tcp ports netstat-at
The copy code is as follows:
# netstat-at
Active internet connections (servers and established)
Proto recv-q send-q local address foreign address state
Tcp 00 localhost:30037 *: * listen
Tcp 0 0 localhost:ipp *: * listen
Tcp 0 0 *: smtp *: * listen
Tcp6 0 0 localhost:ipp [:]: * listen
List all udp ports netstat-au
The copy code is as follows:
# netstat-au
Active internet connections (servers and established)
Proto recv-q send-q local address foreign address state
Udp 0 0 *: bootpc *: *
Udp 0 0 *: 49119 *: *
Udp 0 0 *: mdns *: *
two。 List all sockets that are in the listening state
Only the listening port netstat-l is displayed
The copy code is as follows:
# netstat-l
Active internet connections (only servers)
Proto recv-q send-q local address foreign address state
Tcp 0 0 localhost:ipp *: * listen
Tcp6 0 0 localhost:ipp [:]: * listen
Udp 0 0 *: 49119 *: *
List only all listening tcp ports netstat-lt
The copy code is as follows:
# netstat-lt
Active internet connections (only servers)
Proto recv-q send-q local address foreign address state
Tcp 00 localhost:30037 *: * listen
Tcp 0 0 *: smtp *: * listen
Tcp6 0 0 localhost:ipp [:]: * listen
List only all listening udp ports netstat-lu
The copy code is as follows:
# netstat-lu
Active internet connections (only servers)
Proto recv-q send-q local address foreign address state
Udp 0 0 *: 49119 *: *
Udp 0 0 *: mdns *: *
List only all listening unix ports netstat-lx
The copy code is as follows:
# netstat-lx
Active unix domain sockets (only servers)
Proto refcnt flags type state i-node path
Unix 2 [acc] stream listening 6294 private/maildrop
Unix 2 [acc] stream listening 6203 public/cleanup
Unix 2 [acc] stream listening 6302 private/ifmail
Unix 2 [acc] stream listening 6306 private/bsmtp
3. Display statistics for each protocol
Display statistics for all ports netstat-s
The copy code is as follows:
# netstat-s
Ip:
Total packets received
With invalid addresses
Forwarded
Incoming packets discarded
Incoming packets delivered
Requests sent out
Icmp:
Icmp messages received
Input icmp message failed.
Tcp:
Active connections openings
Failed connection attempts
Connection resets received
Udp:
Packets received
Packets to unknown port received.
.
Displays statistics for tcp or udp ports netstat-st or-su
The copy code is as follows:
# netstat-st
# netstat-su
4. Display pid and process name netstat-p in netstat output
Netstat-p can be used with other switches to add the "pid/ process name" to the netstat output, so that you can easily find the program running on a specific port when you debugging.
The copy code is as follows:
# netstat-pt
Active internet connections (w _ servers)
Proto recv-q send-q local address foreign address state pid/program name
Tcp 10 ramesh-laptop.loc:47212 192.168.185.75:www close_wait 2109/firefox
Tcp 0 0 ramesh-laptop.loc:52750 lax:www established 2109/firefox
5. Host, port, and user name (host, port or user) are not displayed in the netstat output
When you don't want the host, port and user name to be displayed, use netstat-n. Numbers will be used instead of those names.
The output can also be accelerated because there is no need for a comparison query.
The copy code is as follows:
# netstat-an
If you just don't want one of the three names to be displayed, use the following command
The copy code is as follows:
# netsat-a-numeric-ports
# netsat-a-numeric-hosts
# netsat-a-numeric-users
6. Continuously output netstat information
Netstat will output network information every other second.
The copy code is as follows:
# netstat-c
Active internet connections (w _ servers)
Proto recv-q send-q local address foreign address state
Tcp 0 0 ramesh-laptop.loc:36130 101101-181181225.ama:www established
Tcp 11 ramesh-laptop.loc:52564 101.11.169.230:www closing
Tcp 0 0 ramesh-laptop.loc:43758 server-101-101-43-2:www established
Tcp 1 1 ramesh-laptop.loc:42367 101.101.34.101:www closing
^ c
7. Display address families that are not supported by the system (address families)
The copy code is as follows:
Netstat-verbose
At the end of the output, there will be the following information
The copy code is as follows:
Netstat: no support for `af ipx' on this system.
Netstat: no support for `af ax25' on this system.
Netstat: no support for `af x25' on this system.
Netstat: no support for `af netrom' on this system.
8. Display core routing information netstat-r
The copy code is as follows:
# netstat-r
Kernel ip routing table
Destination gateway genmask flags mss window irtt iface
192.168.1.0 * 255.255.255.0 u 000 eth2
Link-local * 255.255.0.0 u 0 000 eth2
Default 192.168.1.1 0.0.0.0 ug 0 0 0 eth2
Note: use netstat-rn to display the numeric format without querying the host name.
9. Find out the port on which the program runs
Not all processes can be found, those without permissions will not be displayed, and use root permissions to view all the information.
The copy code is as follows:
# netstat-ap | grep ssh
Tcp 10 dev-db:ssh 101.174.100.22 close_wait 39213-
Tcp 10 dev-db:ssh 101.174.100.22 close_wait 57643-
Find out which process is running on the specified port
The copy code is as follows:
# netstat-an | grep': 80'
10. Display a list of network interfaces
The copy code is as follows:
# netstat-I
Kernel interface table
Iface mtu met rx-ok rx-err rx-drp rx-ovr tx-ok tx-err tx-drp tx-ovr flg
Eth0 1500 00 00 00 0 bmu
Eth2 1500 0 26196 00 0 26883 6 00 bmru
Lo 16436 0 4 0 0 0 4 0 0 0 lru
Displays details, such as ifconfig using netstat-ie:
The copy code is as follows:
# netstat-ie
Kernel interface table
Eth0 link encap:ethernet hwaddr 00:10:40:11:11:11
Up broadcast multicast mtu:1500 metric:1
Rx packets:0 errors:0 dropped:0 overruns:0 frame:0
Tx packets:0 errors:0 dropped:0 overruns:0 carrier:0
Collisions:0 txqueuelen:1000
Rx bytes:0 (0.0b) tx bytes:0 (0.0b)
Memory:f6ae0000-f6b00000
11. Ip and tcp analysis
View the ip address with the most connections to a service port
The copy code is as follows:
Wss8848@ubuntu:~$ netstat-nat | grep "192.168.1.15 awk 22" | awk'{print $5}'| awk-f:'{print $1}'| sort | uniq-c | sort-nr | head-20
221.136.168.36
154.74.45.242
78.173.31.236
62.183.207.98
192.168.1.14
182.48.111.215
124.193.219.34
119.145.41.2
114.255.41.30
75.102.11.99
Tcp list of various statuses
The copy code is as follows:
Wss8848@ubuntu:~$ netstat-nat | awk'{print $6}'
Established)
Foreign
Listen
Time_wait
Established
Time_wait
Syn_sent
Take all the states out first, then use uniq-c statistics, and then sort them.
The copy code is as follows:
Wss8848@ubuntu:~$ netstat-nat | awk'{print $6}'| sort | uniq-c
Established
Fin_wait1
Foreign
Last_ack
Listen
Syn_sent
Time_wait
Established)
The final command is as follows:
The copy code is as follows:
Netstat-nat | awk'{print $6}'| sort | uniq-c | sort-rn
Analyze the access.log to get the ip address that accesses the first 10 bits
The copy code is as follows:
Awk'{print $1} 'access.log | sort | uniq-c | sort-nr | head-10
This is the end of the content of "netstat Command usage case Analysis of Linux". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.