In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/03 Report--
Introduction to Netstat command
The Netstat command is used to display all kinds of network-related information, such as network connection, routing table, interface status (Interface Statistics), masquerade connection
Multicast members (Multicast Memberships) and so on.
Meaning of output information
After executing the netstat, the output is
[root@clientA ~] # netstatActive Internet connections (wAccord o servers) Proto Recv-Q Send-Q Local Address Foreign Address Statetcp 0 192.168.20.5:ssh 192.168.20.6 Proto Recv-Q Send-Q Local Address Foreign Address Statetcp 56605 ESTABLISHEDActive UNIX domain sockets (wUnip o servers) Proto RefCnt Flags Type State I-Node Pathunix 2 [] DGRAM 8447 @ / org/kernel/udev/udevdunix 13 [] DGRAM 10614 / dev/logunix 2 [] DGRAM 136984unix 2 [] DGRAM 136953unix 2 [] DGRAM 136889unix 2 [] DGRAM 99938unix 2 [] DGRAM 55471unix 2 [] DGRAM 11897unix 2 [] DGRAM 11882unix 3 [] STREAM CONNECTED 11861unix 3 [] STREAM CONNECTED 11860unix 3 [] STREAM CONNECTED 11857unix 3 [] STREAM CONNECTED 11856 [root@clientA ~] #
Overall, the output of netstat can be divided into two parts:
One is Active Internet connections, which is called an active TCP connection, where "Recv-Q" and "Send-Q" refer to% 0A's receive queue and send queue. These numbers are generally supposed to be zero.
If not, the package is piling up in the queue. This can only be seen in very rare cases. The other is Active UNIX domain sockets, which is called active Unix domain socket
(same as network sockets, but only for native communication, performance can be doubled.) Proto shows the protocol used for the connection, and RefCnt indicates the process number connected to this interface.
Types shows the type of socket, State shows the current state of the socket, and Path represents the pathname used by other processes connected to the socket.
Common parameters
-a (all) shows all options, but does not show LISTEN correlation by default
-t (tcp) displays only tcp related options
-u (udp) shows only udp related options
-n refuses to display aliases and can show that all numbers are converted into numbers.
-l lists only the status of services in Listen (monitoring)
-p displays the name of the program that established the relevant link
-r displays routing information, routing table
-e displays extended information, such as uid, etc.
-s statistics based on each protocol
-c execute the netstat command at regular intervals.
Tip: the status of LISTEN and LISTENING can only be seen with-an or-l
Practical command example
1. List all ports (both monitored and unmonitored)
[list all ports netstat-a]
[root@clientA ~] # netstat-a | moreActive Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address Statetcp 0 0 192.168.20.5:rsync *: * LISTENtcp 0 0 *: sunrpc *: * LISTENtcp 0 *: ssh *: * LISTENtcp 0 0 localhost.localdomain:smtp *: * LISTENtcp 0 0 *: 52923 *: * LISTENtcp 0 0 *: 57214 *: * LISTENtcp 0 *: 51327 *: * LISTENActive UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Pathunix 2 [ACC] STREAM LISTENING 11775 public/cleanupunix 2 [ACC] STREAM LISTENING 11782 private/tlsmgrunix 2 [ACC] STREAM LISTENING 11786 private/rewriteunix 2 [ACC] STREAM LISTENING 11790 private/bounceunix 2 [ACC] STREAM LISTENING 11794 private/defer
[list all tcp ports netstat-at]
[root@clientA ~] # netstat-atActive Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address Statetcp 0 0 192.168.20.5:rsync *: * LISTENtcp 0 0 *: sunrpc *: * LISTENtcp 0 0 *: ssh *: * LISTENtcp 0 0 localhost.localdomain:smtp *: * LISTENtcp 0 0 *: 52923 *: * LISTENtcp 00 *: 57214 *: * LISTENtcp 0 0 *: 51327 *: * LISTENtcp 0 0 *: nfs *: * LISTEN
[list all udp ports netstat-au]
[root@clientA ~] # netstat-auActive Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address Stateudp 0 0 *: sunrpc *: * udp 0 0 *: nfs *: * udp 0 0 *: smpnameres *: * udp 0 0 *: 58775 *: * udp 00 localhost.localdomain:920 *: * udp 00 *: 37294 *: * udp 00 *: 58800 *: *
two。 List all Sockets that are in the listening state
[show only listening port netstat-l]
[root@clientA ~] # netstat-lActive Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address Statetcp 0 0 192.168.20.5:rsync *: * LISTENtcp 0 0 *: sunrpc *: * LISTENtcp 0 0 *: ssh *: * LISTENtcp 0 0 localhost.localdomain:smtp *: * LISTENtcp 0 0 *: 52923 *: * LISTENtcp 00 *: 57214 *: * LISTENtcp 0 0 *: 51327 *: * LISTENActive UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node Pathunix 2 [ACC] STREAM LISTENING 11775 public/cleanupunix 2 [ACC] STREAM LISTENING 11782 private/tlsmgrunix 2 [ACC] STREAM LISTENING 11786 private/rewriteunix 2 [ACC] STREAM LISTENING 11790 private/bounceunix 2 [ACC] STREAM LISTENING 11794 private/deferunix 2 [ACC] STREAM LISTENING 11798 private/traceunix 2 [ACC] STREAM LISTENING 11802 private/verifyunix 2 [ACC] STREAM LISTENING 11806 public/flushunix 2 [ACC] STREAM LISTENING 11810 private/proxymap
[list only all listening tcp ports netstat-lt]
[root@clientA ~] # netstat-ltActive Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address Statetcp 0 0 192.168.20.5:rsync *: * LISTENtcp 0 0 *: sunrpc *: * LISTENtcp 0 0 *: ssh *: * LISTENtcp 0 0 localhost.localdomain:smtp *: * LISTENtcp 0 0 *: 52923 *: * LISTENtcp 00 *: 57214 *: * LISTENtcp 0 0 *: 51327 *: * LISTENtcp 0 0 *: nfs *: * LISTEN
[list only all listening udp ports netstat-lu]
[root@clientA] # netstat-luActive Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address Stateudp 0 0 *: sunrpc *: * udp 0 0 *: nfs *: * udp 0 0 *: smpnameres *: * udp 0 0 * : 58775 *: * udp 00 localhost.localdomain:920 *: * udp 00 *: 37294 *: * udp 00 *: 58800 *: * udp 00 *: 39099 *: * udp 00 *: bootpc *: *
[list only all listening UNIX ports netstat-lx]
[root@clientA] # netstat-lxActive UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node Pathunix 2 [ACC] STREAM LISTENING 11775 public/cleanupunix 2 [ACC] STREAM LISTENING 11782 private/tlsmgrunix 2 [ACC] STREAM LISTENING 11786 private/rewriteunix 2 [ACC] STREAM LISTENING 11790 private/bounceunix 2 [ACC] STREAM LISTENING 11794 private/deferunix 2 [ACC] STREAM LISTENING 11798 private/traceunix 2 [ACC] STREAM LISTENING 11802 private/verify
3. Display statistics for each protocol
[show statistics for all ports netstat-s]
[root@clientA] # netstat-sIp: 25997 total packets received 1 with invalid addresses 0 forwarded 0 incoming packets discarded 23969 incoming packets delivered 20845 requests sent outIcmp: 1539 ICMP messages received 0 input ICMP message failed. ICMP input histogram: destination unreachable: 1539 1539 ICMP messages sent 0 ICMP messages failed ICMP output histogram: destination unreachable: 1539
[display statistics for TCP or UDP ports netstat-st or-su]
4. Display PID and process name netstat-p in netstat output
Netstat-p can be used with other switches to add "PID/ process name" to the netstat output
In this way, you can easily find the programs running on a specific port when you debugging.
[root@clientA ~] # netstat-ptActive Internet connections (wshock o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program nametcp 0 0 192.168.20.5:ssh 192.168.20.6 Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program nametcp 56605 ESTABLISHED 10120 Greg 0
5. Host, port, and user name (host, port or user) are not displayed in the netstat output
When you don't want the host, port and user name to be displayed, use netstat-n. Numbers will be used instead of those names.
The output can also be accelerated because there is no need for a comparison query.
# netstat-an
6. Continuously output netstat information
Netstat will output network information every other second.
# netstat-c
7. Display address families that are not supported by the system (Address Families)
Netstat-verbose
At the end of the output, there will be the following information
[root@clientA] netstat-- verbose
[display core routing information netstat-r]
[root@clientA] # netstat-rKernel IP routing tableDestination Gateway Genmask Flags MSS Window irtt Iface192.168.20.0 * 255.255.255.0 U 000 eth0link-local * 255.255.0.0 U 000 eth0default 192.168.20.1 0.0.0 . 0 UG 0 0 0 eth0
Note: use netstat-rn to display the number format without querying the host name
[9. Find out the port where the program is running]
Not all processes can be found. Those without permissions will not be displayed. Use root permissions to view all the information.
[root@clientA ~] # netstat-ap | grep sshtcp 0 0 *: ssh *: * LISTEN 1284/sshd tcp 0 64 192.168.20.5:ssh 192.168.20.6 ap 56605 ESTABLISHED 10120 ssh 0 tcp 0 *: *: * LISTEN 1284/sshd
Find out which process is running on the specified port
# netstat-an | grep': 80'[root@clientA ~] # netstat-an | grep "80" udp 00 0.0.0.0 grep 2 [ACC] STREAM LISTENING 11802 private/verifyunix 2 [ACC] STREAM LISTENING 11806 public/flushunix 3 [] STREAM CONNECTED 11809
10. Display a list of network interfaces
# netstat-iKernel Interface tableIface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flgeth0 1500 0000 00000 BMUeth3 1500 02619600 026883600 BMRUlo 16436 0400 04000 LRU
Displays details, such as ifconfig using netstat-ie:
# netstat-ie
[IP and TCP analysis]
Check the IP address with the most connections to a service port:
[root@clientA ~] # netstat-nat | grep "192.168.20.5" | awk'{print $5}'| awk-F:'{print $1}'| sort | uniq-c | sort-nr | head-20 1 192.168.20.6 1 0.0.0.0
TCP list of various statuses
[root@clientA ~] # netstat-nat | awk'{print $6} 'established) ForeignLISTENLISTENLISTENLISTEN
Take all the states out first, then use uniq-c statistics, and then sort them.
[root@clientA ~] # netstat-nat | awk'{print $6}'| sort | uniq-c 1 established) 1 ESTABLISHED 1 Foreign 18 LISTEN
The final command is as follows:
Netstat-nat | awk'{print $6}'| sort | uniq-c | sort-rn [root@clientA ~] # netstat-nat | awk'{print $6}'| sort | uniq-c | sort-rn 18 LISTEN 1 Foreign 1 ESTABLISHED 1 established
Analyze the access.log to get the ip address that accesses the first 10 bits
Awk'{print $1} 'access.log | sort | uniq-c | sort-nr | head-10
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
