Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to use the Netstat command". The content in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn how to use the Netstat command.

Netstat is a console command and a very useful tool for monitoring TCP/IP networks. It can display the routing table, the actual network connections, and the status information of each network interface device. Netstat is used to display statistics related to IP, TCP, UDP and ICMP protocols, and is generally used to verify the network connectivity of each port of the machine.

1. List all connections

The first thing to introduce is the simplest command: list all current connections. Use the-an option.

$netstat-aActive Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 enlightened:domain *: * LISTEN tcp 0 0 localhost:ipp *: * LISTEN tcp 0 0 enlightened.local:54750 li240-5.members.li:http ESTABLISHEDtcp 0 enlightened.local:49980 del01s07-in-f14.1:https ESTABLISHEDtcp6 0 0 ip6-localhost:ipp [::]: * LISTEN udp 0 0 enlightened:domain *: * udp 0 0 *: bootpc *: * Udp 0 0 enlightened.local:ntp *: * udp 0 0 localhost:ntp *: * udp 0 0 *: ntp *: * udp 0 0 *: 58570 *: * udp 0 0 *: mdns *: * udp 0 0 *: 49459 *: * udp6 0 0 fe80::216:36ff:fef8 Ntp [::]: * udp6 0 ip6-localhost:ntp [::]: * udp6 0 0 [::]: ntp [::]: * udp6 0 [::]: mdns [::]: * udp6 0 [::]: 63811 [::]: * udp6 0 [::]: 54952 [::]: * Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Pathunix 2 [ACC] STREAM LISTENING 12403 @ / tmp/dbus-IDgfj3UGXXunix 2 [ACC] STREAM LISTENING 40202 @ / dbus-vfs-daemon/socket-6nUC6CCx

The above command lists all connections to all sockets under the tcp, udp and unix protocols. However, this information is not detailed enough, and administrators often need to see the specific connections of a protocol or port.

two。 List only connections for TCP or UDP protocols

Use the-t option to list the connections for the TCP protocol:

$netstat-atActive Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 enlightened:domain *: * LISTEN tcp 0 0 localhost:ipp *: * LISTEN tcp 0 0 enlightened.local:36310 del01s07-in-f24.1:https ESTABLISHEDtcp 0 enlightened.local:45038 a96-17-181-10.depl:http ESTABLISHEDtcp 0 0 enlightened.local:37892 ABTS-North-Static-:http ESTABLISHED.

Use the-u option to list the connections for the UDP protocol:

$netstat-auActive Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 *: 34660 *: * udp 0 0 enlightened:domain *: * udp 0 0 *: bootpc *: * udp 0 enlightened.local:ntp *: * udp 0 0 localhost:ntp *: * udp 0 0 *: ntp *: * Udp6 0 0 fe80::216:36ff:fef8:ntp [::]: * udp6 0 0 ip6-localhost:ntp [::]: * udp6 0 0 [:]: ntp [::]: *

The connection between IPv4 and IPv6 is shown above.

3. Disable reverse domain name resolution to speed up query

By default, netstat uses reverse domain name resolution technology to find the hostname for each IP address. This slows down the search. If you think the IP address is enough and you don't need to know the hostname, use the-n option to disable domain name resolution.

$netstat-antActive Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0127.0.1.1servers and established 53 0.0.0.0servers and established * LISTEN tcp 0 0127.0.0.1purl 631 0.0.0.0l * LISTEN tcp 0 0 192.168.1.2 ESTABLISHEDtcp6 49058 173.255.230.5 ESTABLISHEDtcp 0 0192.168.1.2 LISTEN 33324 173.194.36.117 ESTABLISHEDtcp: * LISTEN

The above command lists all connections to the TCP protocol without using domain name resolution technology. So easy? Very good.

4. List only connections in monitoring

The background process of any network service opens a port to listen for access requests. These listening sockets, like connected sockets, can also be listed by netstat. Use the-l option to list the sockets you are listening to.

$netstat-tnlActive Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0127.0.1.1only servers 53 0.0.0.0only servers * LISTEN tcp 0 0127.0.0.1purl 631 0.0.0.0l * LISTEN tcp6 0 0:: 1 LISTEN 631::

Now we can see the TCP ports and connections in the listening state. If you look at all listening ports, remove the-t option. If you only want to view the UDP port, use the-u option instead of the-t option.

Note: do not use the-an option, or netstat will list all connections, not just listening ports.

5. Get the process name, process number, and user ID

When viewing information about ports and connections, it is very helpful for system administrators to see their corresponding process names and process numbers. For example, Apache's httpd service opens port 80. If you want to see if the http service has been started, or if the http service is started by apache or nginx, you can look at the process name.

Use the-p option to view process information.

~ $sudo netstat-nlptActive Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program nametcp 0 0127.0.1.1only servers 53 0.0.0.0 LISTEN 1144/dnsmasq tcp 0 0127.0.0.1 only servers 631 0.0.0.0 * LISTEN 661/cupsd tcp6 0 0:: 1 631: * LISTEN 661/cupsd

When using the-p option, netstat must run under root permissions, otherwise it cannot get the name of a process running under root permissions, while many services, including http and ftp, run under root permissions.

It is more useful to see the owner of the process than the process name and process number. Use the-ep option to view both the process name and the user name.

$sudo netstat-ltpeActive Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program nametcp 0 0 enlightened:domain *: * LISTEN root 11090 1144/dnsmasq tcp 0 0 localhost:ipp *: * LISTEN Root 9755 661/cupsd tcp6 0 0 ip6-localhost:ipp [:]: * LISTEN root 9754 661/cupsd

The listening sockets under the TCP protocol are listed above, along with process information and some additional information.

This additional information includes the user name and the index node number of the process. This command is very useful for network managers.

Note-if you use the-n and-e options together, the attribute of the User column is the user's ID number, not the user name.

6. Print statistics

Netstat can print out network statistics, including the number of packets sent and received under a certain protocol.

The statistics of all network packets are listed below:

Netstat-sIp: 32797 total packets received 0 forwarded 0 incoming packets discarded 32795 incoming packets delivered 29115 requests sent out 60 outgoing packets droppedIcmp: 32797 ICMP messages received 0 input ICMP message failed. ICMP input histogram: destination unreachable: 125 125 ICMP messages sent 0 ICMP messages failed ICMP output histogram: destination unreachable: 125... OUTPUT TRUNCATED...

If you want to print out only TCP or UDP protocol statistics, just add the corresponding options (- t and-u), so easy.

7. Display kernel routing information

Use the-r option to print kernel routing information. The printed information is the same as that printed by the route command. We can also use the-n option to disable domain name resolution.

$netstat-rnKernel IP routing tableDestination Gateway Genmask Flags MSS Window irtt Iface0.0.0.0 192.168.1.1 0.0.0.0 UG 000 eth0192.168.1.0 0.0.0.0 255.255.255.0 U 000 eth08. Print network interface

Netstat can also print network interface information, and the-I option is created for this function.

$netstat-iKernel Interface tableIface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flgeth0 1500 0 31611 00 0 27503 27503 0 BMRUlo 65536 0 2913 00 0 2913 000 LRU

The information output above is relatively primitive. We use the-e option with the-I option to output user-friendly information.

$netstat-ieKernel Interface tableeth0 Link encap:Ethernet HWaddr 00:16:36:f8:b2:64 inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::216:36ff:fef8:b264/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:31682 errors:0 dropped:0 overruns:0 frame:0 TX packets: 27573 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:29637117 (29.6 MB) TX bytes:4590583 (4.5 MB) Interrupt:18 Memory:da000000-da020000lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: 1swab 128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric: 1 RX packets:2921 errors:0 dropped:0 overruns:0 frame:0 TX packets:2921 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:305297 (305.2 KB) TX bytes:305297 (305.2 KB)

The output above is the same as the ifconfig output.

9. Netstat continuous output

We can use the-c option of netstat to continuously output information.

$netstat-ct

This command continuously outputs TCP protocol information.

10. Display Multicast Group Information

The option-g outputs multicast group information for IPv4 and IPv6.

$netstat-gIPv6/IPv4 Group MembershipsInterface RefCnt Group- lo 1 all-systems.mcast.neteth0 1 224.0.0.251eth0 1 all-systems.mcast.netlo 1 ip6-allnodeslo 1 ff01::1eth0 1 ff02::fbeth0 1 ff02::1:fff8:b264eth0 1 ip6-allnodeseth0 1 ff01::1wlan0 1 ip6-allnodeswlan0 1 ff01::1 more usage

So far we have listed the basic usage of netstat, now let's geek together.

Print connections for active statu

The socket connection in active state is represented by the "ESTABLISHED" field, so we can use the grep command to get the connection in active state:

$netstat-atnp | grep ESTA (Not all processes could be identified, non-owned process infowill not be shown, you would have to be root to see it all.) tcp 0 192.168.1.2 grep ESTA 49156 173.255.230.5 ESTABLISHED 1691/chrome tcp 0 0192.168.1.2 grep ESTA 33324 173.194.11743 ESTABLISHED 1691/chrome

Connections that monitor active status in conjunction with the watch command:

$watch-d-n0 "netstat-atnp | grep ESTA" to see if the service is running

If you want to see if the http,smtp or ntp service is running, use grep.

$sudo netstat-aple | grep ntpudp 0 0 enlightened.local:ntp *: * root 17430 1789/ntpd udp 0 0 localhost:ntp *: * root 17429 1789/ntpd udp 0 0 *: ntp *: * root 17422 1789/ntpd udp6 0 fe80::216:36ff:fef8:ntp [:]: * root 17432 1789/ntpd udp6 0 0 ip6-localhost:ntp [::]: * Root 17431 1789/ntpd udp6 0 0 [::]: ntp [:]: * root 17423 1789/ntpd unix 2 [] DGRAM 17418 1789/ntpd

You can see that the ntp service is running from here. With the grep command you can view http or smtp or any other service you want to view.

Thank you for your reading, the above is the content of "how to use the Netstat command". After the study of this article, I believe you have a deeper understanding of how to use the Netstat command, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.