Netstat is a command line utility that can be used to list out all the network (socket) connections on a system. It lists out all the tcp, udp socket connections and the unix domain socket connections.
查看 TCP, UDP, UNIX Domain socket 等连接状态:
guowei@localhost:~$ netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:8090 *:* LISTEN
tcp 0 0 *:8091 *:* LISTEN
tcp 0 0 192.168.1.133:8091 192.168.1.98:54741 ESTABLISHED
tcp 0 288 192.168.1.133:ssh 192.168.1.188:42910 ESTABLISHED
tcp 0 0 192.168.1.133:ssh 192.168.1.168:20809 ESTABLISHED
tcp6 0 0 [::]:ssh [::]:* LISTEN
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] SEQPACKET LISTENING 2101 /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 1228 @/com/ubuntu/upstart
unix 4 [ ] DGRAM 5192 /dev/log
unix 2 [ ] DGRAM 16302
...
上面显示本地开放的tcp端口有 22(ssh),8090, 8091 .
ESTABLISHED 表示活的的连接,例如已经建立的连接有从 192.168.1.98:54741 连接到本地的 192.168.1.133:8091 等等.
还有一些 UNIX domain sockets 的连接信息(可用于进程间通信)
关于 Recv-Q 和 Send-Q :
Recv-Q Send-Q分别表示网络接收队列,发送队列,这两个值通常应该为 0,如果不为 0 可能某些网络连接存在问题。packets在两个队列里都不应该有堆积状态。可接受短暂的非0情况, 如短暂的Send-Q队列发送pakets非0是正常状态。这两个队列的解释如下:
Recv-Q will be that data which has not yet been pulled from the socket
buffer by the application.
Send-Q will be that data which the sending application has given to
the transport, but has yet to be ACKnowledged by the receiving TCP.
如果只想显示 tcp (-t)和 upd (-u) 连接的信息:
# 显示tcp连接信息
guowei@localhost:~$ netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:8090 *:* LISTEN
tcp 0 0 *:8091 *:* LISTEN
tcp 0 300 192.168.1.133:8091 192.168.1.98:54741 ESTABLISHED
tcp 0 36 192.168.1.133:ssh 192.168.1.188:42910 ESTABLISHED
tcp 0 0 192.168.1.133:ssh 192.168.1.168:20809 ESTABLISHED
tcp6 0 0 [::]:ssh [::]:* LISTEN
# 显示 upd 连接信息(没有upd连接):
guowei@localhost:~$ netstat -au
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State 如果需要查看对应的端口的应用程序的pid或者程序名,可以加上 -p 选项:
guowei@localhost:~$ sudo netstat -atp
[sudo] password for guowei:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:ssh *:* LISTEN 583/sshd
tcp 0 0 *:8090 *:* LISTEN 14118/bonefish
tcp 0 0 *:8091 *:* LISTEN 14118/bonefish
tcp 0 0 192.168.1.133:8091 192.168.1.98:54741 ESTABLISHED 14118/bonefish
tcp 0 232 192.168.1.133:ssh 192.168.1.188:42910 ESTABLISHED 17964/sshd: guowei [pri
tcp 0 0 192.168.1.133:ssh 192.168.1.168:20809 ESTABLISHED 17098/sshd: guowei [pri
tcp6 0 0 [::]:ssh [::]:* LISTEN 583/sshd ref link:
https://linuxacademy.com/blog/linux/netstat-network-analysis-and-troubleshooting-explained/