Shulou(Shulou.com)06/03 Report--

one。 Overview:

The netstat command is used to display statistics related to the IP, TCP, UDP, and ICMP protocols, and is generally used to verify the network connectivity of each port of the machine. Netstat is a program that accesses network and related information in the kernel. It can provide reports on TCP connection, TCP and UDP snooping, and process memory management.

If your computer sometimes receives datagrams that cause errors or failures, you should not be surprised that TCP/IP can allow these types of errors and automatically resend datagrams. But if the cumulative number of error cases accounts for a significant percentage of the IP datagrams received, or if its number is increasing rapidly, then you should use netstat to find out why these situations occur.

two。 Common formats:

-a shows all options and does not display LISTEN correlation by default

-t displays only tcp-related options

-u displays only udp-related options

-n (numeric) refuses to display aliases and can show that all numbers are converted into numbers.

-l lists only the status of services in Listen (monitoring)

-p displays the name of the program that established the relevant link

-r displays routing information, routing table

-e (extend) displays extended information, such as uid, etc.

-s (statistice) statistics based on each protocol

-c (continuous) executes the netstat command at fixed intervals.

three。 Examples of use:

1. List all ports (both monitored and unmonitored)

List all ports netstat-a

# netstat-a | more Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp localhost: *: * LISTEN udp *: bootpc *: * Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix [ACC] STREAM LISTENING / tmp/.X11-unix/X0 unix [ACC] STREAM LISTENING / / run/acpid.socket

List all tcp ports netstat-at

# netstat-at Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp localhost: *: * LISTEN tcp localhost:ipp *: * LISTEN tcp *: smtp *: * LISTEN tcp6 localhost:ipp [:]: * LISTEN

List all udp ports netstat-au

# netstat-au Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State udp *: bootpc *: * udp *: *: * udp *: mdns *: * 2. List all Sockets that are in the listening state

Only the listening port netstat-l is displayed

# netstat-l Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp localhost:ipp *: * LISTEN tcp6 localhost:ipp [::]: * LISTEN udp *: *

List only all listening tcp ports netstat-lt

# netstat-lt Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp localhost: *: * LISTEN tcp *: smtp *: * LISTEN tcp6 localhost:ipp [::]: * LISTEN

List only all listening udp ports netstat-lu

# netstat-lu Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State udp *: *: * udp *: mdns *: *

List only all listening UNIX ports netstat-lx

# netstat-lx Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node Path unix [ACC] STREAM LISTENING / maildrop unix [ACC] STREAM LISTENING / cleanup unix [ACC] STREAM LISTENING / ifmail unix [ACC] STREAM LISTENING / bsmtp

3. Display statistics for each protocol

Display statistics for all ports netstat-s

# netstat-s Ip: total packets received with invalid addresses forwarded incoming packets discarded incoming packets delivered requests sent Icmp: ICMP messages received input ICMP message failed. Tcp: active connections openings failed connection attempts connection resets received Udp: packets received packets to unknown port received. .

Displays statistics for TCP or UDP ports netstat-st or-su

# netstat-st # netstat-su4. Display PID and process name netstat-p in netstat output

Netstat-p can be used with other switches to add the "PID/ process name" to the netstat output, so that you can easily find the program running on a specific port when you debugging.

# netstat-pt Active Internet connections (wampo servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp ramesh-laptop.loc:.: www CLOSE_WAIT / firefox tcp ramesh-laptop.loc: lax:www ESTABLISHED / firefox5. Host, port, and user name (host, port or user) are not displayed in the netstat output

When you don't want the host, port and user name to be displayed, use netstat-n. Numbers will be used instead of those names.

The output can also be accelerated because there is no need for a comparison query.

# netstat-an

If you just don't want one of the three names to be displayed, use the following command

# netsat-a-numeric-ports# netsat-a-numeric-hosts# netsat-a-numeric-users6. Continuously output netstat information

Netstat will output network information every other second.

# netstat-c Active Internet connections (wampo servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp ramesh-laptop.loc:-.ama:www ESTABLISHED tcp ramesh-laptop.loc:.: www CLOSING tcp ramesh-laptop.loc: server----:www ESTABLISHED tcp ramesh-laptop.loc:.: www CLOSING ^ C

7. Display the address family (Address Families) netstat-verbose that is not supported by the system

At the end of the output, there will be the following information

Netstat: no support `AF IPXnetstat: no support `AF AX25netstat: no support `AF X25netstat: no support `AF NETROM8. Displays the core routing information netstat-r # netstat-r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface. *. U eth3 link-local *. U eth3. . UG eth3

Note: use netstat-rn to display the numeric format without querying the host name.

9. Find out the port on which the program runs

Not all processes can be found, those without permissions will not be displayed, and use root permissions to view all the information.

# netstat-ap | grep ssh tcp dev-db:ssh.: CLOSE_WAIT-tcp dev-db:ssh.: CLOSE_WAIT-

Find out which process is running on the specified port

# netstat-an | grep': 80: 10. Displays a list of network interfaces # netstat-i Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 BMU eth3 BMRU lo LRU

Displays details, such as ifconfig using netstat-ie:

# netstat-ie Kernel Interface table eth0 Link encap:Ethernet HWaddr: UP BROADCAST MULTICAST MTU: Metric: RX packets: errors: dropped: overruns: frame: TX packets: errors: dropped: overruns: carrier: collisions: txqueuelen: RX bytes: (B) TX bytes: (B) Memory:f6ae0000-f6b00000

11. IP and TCP analysis

View the IP address with the most connections to a service port

Wss8848@ubuntu:~$ netstat-nat | grep | awk | awk-F: | sort | uniq-c | sort-nr | head -. . . . . . . . . .

TCP list of various statuses

Wss8848@ubuntu:~$ netstat-nat | awk established) ForeignLISTENTIME_WAITESTABLISHEDTIME_WAITSYN_SENT

Take all the states out first, then use uniq-c statistics, and then sort them.

Wss8848@ubuntu:~$ netstat-nat | awk | sort | uniq-c ESTABLISHED FIN_WAIT1 Foreign LAST_ACK LISTEN SYN_SENT TIME_WAIT established)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.