\u672c\u6587\u7531gulass.cn\u56e2\u961f\u6210\u5458\u70e8\u5b50<\/span>\u6574\u7406\u53d1\u5e03\uff0c\u539f\u6587\u6765\u81ea\uff1a\u535a\u5ba2\u56edggjucheng<\/a>\u3002<\/p>\n<\/div>\n
netstat \u547d\u4ee4\u7528\u4e8e\u663e\u793a\u5404\u79cd\u7f51\u7edc\u76f8\u5173\u4fe1\u606f\uff0c\u5982\u7f51\u7edc\u8fde\u63a5\uff0c\u8def\u7531\u8868\uff0c\u63a5\u53e3\u72b6\u6001 (Interface Statistics)\uff0cmasquerade \u8fde\u63a5\uff0c\u591a\u64ad\u6210\u5458 (Multicast Memberships) \u7b49\u7b49\u3002<\/p>\n
\u6267\u884cnetstat\u540e\uff0c\u5176\u8f93\u51fa\u7ed3\u679c\u4e3a<\/p>\n
Active Internet connections (w\/o servers)\r\nProto Recv-Q Send-Q Local Address Foreign Address State\r\ntcp 0 2 210.34.6.89:telnet 210.34.6.96:2873 ESTABLISHED\r\ntcp 296 0 210.34.6.89:1165 210.34.6.84:netbios-ssn ESTABLISHED\r\ntcp 0 0 localhost.localdom:9001 localhost.localdom:1162 ESTABLISHED\r\ntcp 0 0 localhost.localdom:1162 localhost.localdom:9001 ESTABLISHED\r\ntcp 0 80 210.34.6.89:1161 210.34.6.10:netbios-ssn CLOSE\r\n\r\nActive UNIX domain sockets (w\/o servers)\r\nProto RefCnt Flags Type State I-Node Path\r\nunix 1 [ ] STREAM CONNECTED 16178 @000000dd\r\nunix 1 [ ] STREAM CONNECTED 16176 @000000dc\r\nunix 9 [ ] DGRAM 5292 \/dev\/log\r\nunix 1 [ ] STREAM CONNECTED 16182 @000000df\r\n<\/pre>\n\u4ece\u6574\u4f53\u4e0a\u770b\uff0cnetstat\u7684\u8f93\u51fa\u7ed3\u679c\u53ef\u4ee5\u5206\u4e3a\u4e24\u4e2a\u90e8\u5206\uff1a
\n1. Active Internet connections\uff0c\u79f0\u4e3a\u6709\u6e90TCP\u8fde\u63a5\uff0c\u5176\u4e2d\"Recv-Q\"\u548c\"Send-Q\"\u6307%0A\u7684\u662f\u63a5\u6536\u961f\u5217\u548c\u53d1\u9001\u961f\u5217\u3002\u8fd9\u4e9b\u6570\u5b57\u4e00\u822c\u90fd\u5e94\u8be5\u662f0\u3002\u5982\u679c\u4e0d\u662f\u5219\u8868\u793a\u8f6f\u4ef6\u5305\u6b63\u5728\u961f\u5217\u4e2d\u5806\u79ef\u3002\u8fd9\u79cd\u60c5\u51b5\u53ea\u80fd\u5728\u975e\u5e38\u5c11\u7684\u60c5\u51b5\u89c1\u5230\u3002
\n2. Active UNIX domain sockets\uff0c\u79f0\u4e3a\u6709\u6e90Unix\u57df\u5957\u63a5\u53e3(\u548c\u7f51\u7edc\u5957\u63a5\u5b57\u4e00\u6837\uff0c\u4f46\u662f\u53ea\u80fd\u7528\u4e8e\u672c\u673a\u901a\u4fe1\uff0c\u6027\u80fd\u53ef\u4ee5\u63d0\u9ad8\u4e00\u500d)\u3002
\nProto\u663e\u793a\u8fde\u63a5\u4f7f\u7528\u7684\u534f\u8bae,RefCnt\u8868\u793a\u8fde\u63a5\u5230\u672c\u5957\u63a5\u53e3\u4e0a\u7684\u8fdb\u7a0b\u53f7,Types\u663e\u793a\u5957\u63a5\u53e3\u7684\u7c7b\u578b,State\u663e\u793a\u5957\u63a5\u53e3\u5f53\u524d\u7684\u72b6\u6001,Path\u8868\u793a\u8fde\u63a5\u5230\u5957\u63a5\u53e3\u7684\u5176\u5b83\u8fdb\u7a0b\u4f7f\u7528\u7684\u8def\u5f84\u540d\u3002<\/p>\n\u5e38\u89c1\u53c2\u6570<\/strong><\/div>\n-a (all)\u663e\u793a\u6240\u6709\u9009\u9879\uff0c\u9ed8\u8ba4\u4e0d\u663e\u793aLISTEN\u76f8\u5173\r\n-t (tcp)\u4ec5\u663e\u793atcp\u76f8\u5173\u9009\u9879\r\n-u (udp)\u4ec5\u663e\u793audp\u76f8\u5173\u9009\u9879\r\n-n \u62d2\u7edd\u663e\u793a\u522b\u540d\uff0c\u80fd\u663e\u793a\u6570\u5b57\u7684\u5168\u90e8\u8f6c\u5316\u6210\u6570\u5b57\u3002\r\n-l \u4ec5\u5217\u51fa\u6709\u5728 Listen (\u76d1\u542c) \u7684\u670d\u52a1\u72b6\u6001\r\n-p \u663e\u793a\u5efa\u7acb\u76f8\u5173\u94fe\u63a5\u7684\u7a0b\u5e8f\u540d\r\n-r \u663e\u793a\u8def\u7531\u4fe1\u606f\uff0c\u8def\u7531\u8868\r\n-e \u663e\u793a\u6269\u5c55\u4fe1\u606f\uff0c\u4f8b\u5982uid\u7b49\r\n-s \u6309\u5404\u4e2a\u534f\u8bae\u8fdb\u884c\u7edf\u8ba1\r\n-c \u6bcf\u9694\u4e00\u4e2a\u56fa\u5b9a\u65f6\u95f4\uff0c\u6267\u884c\u8be5netstat\u547d\u4ee4\u3002\r\n<\/pre>\n\u63d0\u793a\uff1aLISTEN\u548cLISTENING\u7684\u72b6\u6001\u53ea\u6709\u7528-a\u6216\u8005-l\u624d\u80fd\u770b\u5230<\/p>\n
\u5b9e\u7528\u547d\u4ee4\u5b9e\u4f8b<\/strong><\/div>\n1. \u5217\u51fa\u6240\u6709\u7aef\u53e3 (\u5305\u62ec\u76d1\u542c\u548c\u672a\u76d1\u542c\u7684)<\/strong><\/span><\/p>\n
\u5217\u51fa\u6240\u6709\u7aef\u53e3 netstat -a<\/strong><\/p>\n
# netstat -a | more\r\n Active Internet connections (servers and established)\r\n Proto Recv-Q Send-Q Local Address Foreign Address State\r\n tcp 0 0 localhost:30037 *:* LISTEN\r\n udp 0 0 *:bootpc *:*\r\n \r\nActive UNIX domain sockets (servers and established)\r\n Proto RefCnt Flags Type State I-Node Path\r\n unix 2 [ ACC ] STREAM LISTENING 6135 \/tmp\/.X11-unix\/X0\r\n unix 2 [ ACC ] STREAM LISTENING 5140 \/var\/run\/acpid.socket\r\n<\/pre>\n\u5217\u51fa\u6240\u6709 tcp \u7aef\u53e3 netstat -at<\/strong><\/p>\n
# netstat -at\r\n Active Internet connections (servers and established)\r\n Proto Recv-Q Send-Q Local Address Foreign Address State\r\n tcp 0 0 localhost:30037 *:* LISTEN\r\n tcp 0 0 localhost:ipp *:* LISTEN\r\n tcp 0 0 *:smtp *:* LISTEN\r\n tcp6 0 0 localhost:ipp [::]:* LISTEN\r\n<\/pre>\n\u5217\u51fa\u6240\u6709 udp \u7aef\u53e3 netstat -au<\/strong><\/p>\n
# netstat -au\r\n Active Internet connections (servers and established)\r\n Proto Recv-Q Send-Q Local Address Foreign Address State\r\n udp 0 0 *:bootpc *:*\r\n udp 0 0 *:49119 *:*\r\n udp 0 0 *:mdns *:*\r\n<\/pre>\n2. \u5217\u51fa\u6240\u6709\u5904\u4e8e\u76d1\u542c\u72b6\u6001\u7684 Sockets<\/strong><\/span><\/p>\n
\u53ea\u663e\u793a\u76d1\u542c\u7aef\u53e3 netstat -l<\/strong><\/p>\n
# netstat -l\r\n Active Internet connections (only servers)\r\n Proto Recv-Q Send-Q Local Address Foreign Address State\r\n tcp 0 0 localhost:ipp *:* LISTEN\r\n tcp6 0 0 localhost:ipp [::]:* LISTEN\r\n udp 0 0 *:49119 *:*\r\n<\/pre>\n\u53ea\u5217\u51fa\u6240\u6709\u76d1\u542c tcp \u7aef\u53e3 netstat -lt<\/strong><\/p>\n
# netstat -lt\r\n Active Internet connections (only servers)\r\n Proto Recv-Q Send-Q Local Address Foreign Address State\r\n tcp 0 0 localhost:30037 *:* LISTEN\r\n tcp 0 0 *:smtp *:* LISTEN\r\n tcp6 0 0 localhost:ipp [::]:* LISTEN\r\n<\/pre>\n\u53ea\u5217\u51fa\u6240\u6709\u76d1\u542c udp \u7aef\u53e3 netstat -lu<\/strong><\/p>\n
# netstat -lu\r\n Active Internet connections (only servers)\r\n Proto Recv-Q Send-Q Local Address Foreign Address State\r\n udp 0 0 *:49119 *:*\r\n udp 0 0 *:mdns *:*\r\n<\/pre>\n\u53ea\u5217\u51fa\u6240\u6709\u76d1\u542c UNIX \u7aef\u53e3 netstat -lx<\/strong><\/p>\n
# netstat -lx\r\n Active UNIX domain sockets (only servers)\r\n Proto RefCnt Flags Type State I-Node Path\r\n unix 2 [ ACC ] STREAM LISTENING 6294 private\/maildrop\r\n unix 2 [ ACC ] STREAM LISTENING 6203 public\/cleanup\r\n unix 2 [ ACC ] STREAM LISTENING 6302 private\/ifmail\r\n unix 2 [ ACC ] STREAM LISTENING 6306 private\/bsmtp\r\n<\/pre>\n3. \u663e\u793a\u6bcf\u4e2a\u534f\u8bae\u7684\u7edf\u8ba1\u4fe1\u606f<\/strong><\/span><\/p>\n
\u663e\u793a\u6240\u6709\u7aef\u53e3\u7684\u7edf\u8ba1\u4fe1\u606f netstat -s<\/strong><\/p>\n
# netstat -s\r\n Ip:\r\n 11150 total packets received\r\n 1 with invalid addresses\r\n 0 forwarded\r\n 0 incoming packets discarded\r\n 11149 incoming packets delivered\r\n 11635 requests sent out\r\n Icmp:\r\n 0 ICMP messages received\r\n 0 input ICMP message failed.\r\n Tcp:\r\n 582 active connections openings\r\n 2 failed connection attempts\r\n 25 connection resets received\r\n Udp:\r\n 1183 packets received\r\n 4 packets to unknown port received.\r\n .....\r\n<\/pre>\n\u663e\u793a TCP \u6216 UDP \u7aef\u53e3\u7684\u7edf\u8ba1\u4fe1\u606f netstat -st \u6216 -su<\/strong><\/p>\n
# netstat -st \r\n# netstat -su\r\n<\/pre>\n4. \u5728 netstat \u8f93\u51fa\u4e2d\u663e\u793a PID \u548c\u8fdb\u7a0b\u540d\u79f0 netstat -p<\/strong><\/span>
\nnetstat -p \u4e0e\u5176\u5b83\u53c2\u6570\u4e00\u8d77\u4f7f\u7528\u5c31\u53ef\u4ee5\u6dfb\u52a0 \u201cPID\/\u8fdb\u7a0b\u540d\u79f0\u201d \u5230 netstat \u8f93\u51fa\u4e2d\uff0c\u8fd9\u6837 debugging \u7684\u65f6\u5019\u53ef\u4ee5\u5f88\u65b9\u4fbf\u7684\u53d1\u73b0\u7279\u5b9a\u7aef\u53e3\u8fd0\u884c\u7684\u7a0b\u5e8f\u3002<\/p>\n# netstat -pt\r\n Active Internet connections (w\/o servers)\r\n Proto Recv-Q Send-Q Local Address Foreign Address State PID\/Program name\r\n tcp 1 0 ramesh-laptop.loc:47212 192.168.185.75:www CLOSE_WAIT 2109\/firefox\r\n tcp 0 0 ramesh-laptop.loc:52750 lax:www ESTABLISHED 2109\/firefox\r\n<\/pre>\n5. \u5728 netstat \u8f93\u51fa\u4e2d\u4e0d\u663e\u793a\u4e3b\u673a\uff0c\u7aef\u53e3\u548c\u7528\u6237\u540d (host, port or user)<\/strong><\/span>
\n\u5f53\u4f60\u4e0d\u60f3\u8ba9\u4e3b\u673a\uff0c\u7aef\u53e3\u548c\u7528\u6237\u540d\u663e\u793a\uff0c\u4f7f\u7528 netstat -n\u3002\u5c06\u4f1a\u4f7f\u7528\u6570\u5b57\u4ee3\u66ff\u90a3\u4e9b\u540d\u79f0\u3002<\/p>\n# netstat -an\r\n<\/pre>\n\u5982\u679c\u53ea\u662f\u4e0d\u60f3\u8ba9\u8fd9\u4e09\u4e2a\u540d\u79f0\u4e2d\u7684\u4e00\u4e2a\u88ab\u663e\u793a\uff0c\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4<\/p>\n
# netsat -a --numeric-ports\r\n# netsat -a --numeric-hosts\r\n# netsat -a --numeric-users\r\n<\/pre>\n6. \u6301\u7eed\u8f93\u51fa netstat \u4fe1\u606f<\/strong><\/span>
\nnetstat \u5c06\u6bcf\u9694\u4e00\u79d2\u8f93\u51fa\u7f51\u7edc\u4fe1\u606f\u3002<\/p>\n# netstat -c\r\n Active Internet connections (w\/o servers)\r\n Proto Recv-Q Send-Q Local Address Foreign Address State\r\n tcp 0 0 ramesh-laptop.loc:36130 101-101-181-225.ama:www ESTABLISHED\r\n tcp 1 1 ramesh-laptop.loc:52564 101.11.169.230:www CLOSING\r\n tcp 0 0 ramesh-laptop.loc:43758 server-101-101-43-2:www ESTABLISHED\r\n tcp 1 1 ramesh-laptop.loc:42367 101.101.34.101:www CLOSING\r\n ^C\r\n<\/pre>\n7. \u663e\u793a\u7cfb\u7edf\u4e0d\u652f\u6301\u7684\u5730\u5740\u65cf (Address Families)<\/strong><\/span><\/p>\n
netstat --verbose\r\n<\/pre>\n\u5728\u8f93\u51fa\u7684\u672b\u5c3e\uff0c\u4f1a\u6709\u5982\u4e0b\u7684\u4fe1\u606f<\/p>\n
netstat: no support for `AF IPX' on this system.\r\nnetstat: no support for `AF AX25' on this system.\r\nnetstat: no support for `AF X25' on this system.\r\nnetstat: no support for `AF NETROM' on this system.\r\n<\/pre>\n8. \u663e\u793a\u6838\u5fc3\u8def\u7531\u4fe1\u606f netstat -r<\/strong><\/span><\/p>\n
# netstat -r\r\n Kernel IP routing table\r\n Destination Gateway Genmask Flags MSS Window irtt Iface\r\n 192.168.1.0 * 255.255.255.0 U 0 0 0 eth2\r\n link-local * 255.255.0.0 U 0 0 0 eth2\r\n default 192.168.1.1 0.0.0.0 UG 0 0 0 eth2\r\n<\/pre>\n\u6ce8\u610f\uff1a \u4f7f\u7528 netstat -rn \u663e\u793a\u6570\u5b57\u683c\u5f0f\uff0c\u4e0d\u67e5\u8be2\u4e3b\u673a\u540d\u79f0\u3002<\/p>\n
9. \u627e\u51fa\u7a0b\u5e8f\u8fd0\u884c\u7684\u7aef\u53e3<\/strong><\/span>
\n\u5e76\u4e0d\u662f\u6240\u6709\u7684\u8fdb\u7a0b\u90fd\u80fd\u627e\u5230\uff0c\u6ca1\u6709\u6743\u9650\u7684\u4f1a\u4e0d\u663e\u793a\uff0c\u4f7f\u7528 root \u6743\u9650\u67e5\u770b\u6240\u6709\u7684\u4fe1\u606f\u3002<\/p>\n# netstat -ap | grep ssh\r\n tcp 1 0 dev-db:ssh 101.174.100.22:39213 CLOSE_WAIT -\r\n tcp 1 0 dev-db:ssh 101.174.100.22:57643 CLOSE_WAIT -\r\n<\/pre>\n\u627e\u51fa\u8fd0\u884c\u5728\u6307\u5b9a\u7aef\u53e3\u7684\u8fdb\u7a0b<\/p>\n
# netstat -an | grep ':80'\r\n<\/pre>\n10. \u663e\u793a\u7f51\u7edc\u63a5\u53e3\u5217\u8868<\/strong><\/span><\/p>\n
# netstat -i\r\n Kernel Interface table\r\n Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg\r\n eth0 1500 0 0 0 0 0 0 0 0 0 BMU\r\n eth2 1500 0 26196 0 0 0 26883 6 0 0 BMRU\r\n lo 16436 0 4 0 0 0 4 0 0 0 LRU\r\n<\/pre>\n\u663e\u793a\u8be6\u7ec6\u4fe1\u606f\uff0c\u50cf\u662f ifconfig \u4f7f\u7528 netstat -ie:<\/p>\n
# netstat -ie\r\n Kernel Interface table\r\n eth0 Link encap:Ethernet HWaddr 00:10:40:11:11:11\r\n UP BROADCAST MULTICAST MTU:1500 Metric:1\r\n RX packets:0 errors:0 dropped:0 overruns:0 frame:0\r\n TX packets:0 errors:0 dropped:0 overruns:0 carrier:0\r\n collisions:0 txqueuelen:1000\r\n RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)\r\n Memory:f6ae0000-f6b00000\r\n<\/pre>\n11. IP\u548cTCP\u5206\u6790<\/strong><\/span>
\n\u67e5\u770b\u8fde\u63a5\u67d0\u670d\u52a1\u7aef\u53e3\u6700\u591a\u7684\u7684IP\u5730\u5740<\/strong><\/p>\nuser@linuxprobe:~$ netstat -nat | grep \"192.168.1.15:22\" |awk '{print $5}'|awk -F: '{print $1}'|sort|uniq -c|sort -nr|head -20\r\n18 221.136.168.36\r\n3 154.74.45.242\r\n2 78.173.31.236\r\n2 62.183.207.98\r\n2 192.168.1.14\r\n2 182.48.111.215\r\n2 124.193.219.34\r\n2 119.145.41.2\r\n2 114.255.41.30\r\n1 75.102.11.99\r\n<\/pre>\nTCP\u5404\u79cd\u72b6\u6001\u5217\u8868<\/strong><\/p>\n
user@linuxprobe:~$ netstat -nat |awk '{print $6}'\r\nestablished)\r\nForeign\r\nLISTEN\r\nTIME_WAIT\r\nESTABLISHED\r\nTIME_WAIT\r\nSYN_SENT\r\n<\/pre>\n\u5148\u628a\u72b6\u6001\u5168\u90fd\u53d6\u51fa\u6765,\u7136\u540e\u4f7f\u7528uniq -c\u7edf\u8ba1\uff0c\u4e4b\u540e\u518d\u8fdb\u884c\u6392\u5e8f\u3002<\/strong><\/p>\n
user@linuxprobe:~$ netstat -nat |awk '{print $6}'|sort|uniq -c\r\n143 ESTABLISHED\r\n1 FIN_WAIT1\r\n1 Foreign\r\n1 LAST_ACK\r\n36 LISTEN\r\n6 SYN_SENT\r\n113 TIME_WAIT\r\n1 established)\r\n<\/pre>\n\u6700\u540e\u7684\u547d\u4ee4\u5982\u4e0b:<\/strong><\/p>\n
netstat -nat |awk '{print $6}'|sort|uniq -c|sort -rn\r\n<\/pre>\n\u5206\u6790access.log\u83b7\u5f97\u8bbf\u95ee\u524d10\u4f4d\u7684ip\u5730\u5740<\/strong><\/p>\n
awk '{print $1}' access.log |sort|uniq -c|sort -nr|head -10\r\n<\/pre>\n\n\u539f\u6587\u6765\u81ea\uff1ahttp:\/\/www.cnblogs.com\/ggjucheng\/archive\/2012\/01\/08\/2316661.html<\/a><\/p>\n
\u672c\u6587\u5730\u5740\uff1ahttp:\/\/gulass.cn\/netstat-command-explanation.html<\/a>\u7f16\u8f91\uff1a\u70e8\u5b50\uff0c\u5ba1\u6838\u5458\uff1a\u5f20\u5b8f\u5b87<\/span><\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"