netstat command for displaying IP, TCP UDP and ICMP statistics related generally to network connection of each port of the unit test. netstat is a program to access the network and related information in the kernel, it provides TCP connection, TCP and UDP monitoring, reporting processes related to memory management.
Enter the linux environment netstat --help obtain netstat command parameters are as follows:
usage: netstat [-vWeenNcCF] [<Af>] -r netstat {-V|--version|-h|--help}
netstat [-vWnNcaeol] [<Socket> ...]
netstat { [-vWeenNac] -I[<Iface>] | [-veenNac] -i | [-cnNe] -M | -s [-6tuw] } [delay]
-r, --route display routing table
-I, --interfaces=<Iface> display interface table for <Iface>
-i, --interfaces display interface table
-g, --groups display multicast group memberships
-s, --statistics display networking statistics (like SNMP)
-M, --masquerade display masqueraded connections
-v, --verbose be verbose
-W, --wide don't truncate IP addresses
-n, --numeric don't resolve names
--numeric-hosts don't resolve host names
--numeric-ports don't resolve port names
--numeric-users don't resolve user names
-N, --symbolic resolve hardware names
-e, --extend display other/more information
-p, --programs display PID/Program name for sockets
-o, --timers display timers
-c, --continuous continuous listing
-l, --listening display listening server sockets
-a, --all display all sockets (default: connected)
-F, --fib display Forwarding Information Base (default)
-C, --cache display routing cache instead of FIB
-Z, --context display SELinux security context for sockets
-a或--all 显示所有连线中的Socket。
-A<网络类型>或--<网络类型> 列出该网络类型连线中的相关地址。
-c或--continuous 持续列出网络状态。
-C或--cache 显示路由器配置的快取信息。
-e或--extend 显示网络其他相关信息。
-F或--fib 显示FIB。
-g或--groups 显示多重广播功能群组组员名单。
-h或--help 在线帮助。
-i或--interfaces 显示网络界面信息表单。
-l或--listening 显示监控中的服务器的Socket。
-M或--masquerade 显示伪装的网络连线。
-n或--numeric 直接使用IP地址,而不通过域名服务器。
-N或--netlink或--symbolic 显示网络硬件外围设备的符号连接名称。
-o或--timers 显示计时器。
-p或--programs 显示正在使用Socket的程序识别码和程序名称。
-r或--route 显示Routing Table。
-s或--statistice 显示网络工作信息统计表。
-t或--tcp 显示TCP传输协议的连线状况。
-u或--udp 显示UDP传输协议的连线状况。
-v或--verbose 显示指令执行过程。
-V或--version 显示版本信息。
-w或--raw 显示RAW传输协议的连线状况。
-x或--unix 此参数的效果和指定"-A unix"参数相同。
--ip或--inet 此参数的效果和指定"-A inet"参数相同。
netstat output analysis
Description:
Overall, netstat output can be divided into two parts:
A is Active Internet connections, called an active TCP connection, where "Recv-Q" and "Send-Q" refers to a send queue and receive queue. These numbers are generally should be zero. If not, it means the package is in the queue accumulation. This situation can only be seen in very few cases.
Another is the Active UNIX domain sockets, called active Unix domain sockets (socket and the same network, but only for the native communication, the performance can be doubled).
Proto display protocol used by the connection, RefCnt represents the number of connections to the process of the present socket, Types display socket type, State displays the current state of the socket, Path represents a path name to connect to other process uses socket.
Socket type:
-t :TCP
-u: UDP
-raw: RAW type
--unix: UNIX domain type
--ax25: AX25 type
--ipx: ipx type
--netrom: netrom type
Status Description:
LISTEN: listens for a connection request from the remote TCP port
SYN-SENT: After further waiting for matching a connection request transmits a connection request (such a state, if a large packet, checks whether the caught)
SYN-RECEIVED: receive a connection request and transmits wait for confirmation of the connection request (this state, if a large amount, the estimation was flood attacks)
ESTABLISHED: represents an open connection
FIN-WAIT-1: waiting for a remote TCP connection interrupt or connection confirmation prior interrupt request
FIN-WAIT-2: waiting for an interrupt request from the remote TCP connection
CLOSE-WAIT: Wait sent from the local user is connected to the interrupt request
CLOSING: waiting for confirmation of the remote TCP connection interrupted
LAST-ACK: waiting for the original interrupt confirmation request sent to the remote TCP connection (not a good thing, this appears, check whether the attack)
Confirmation wait a sufficient time to ensure that the remote TCP connection is received interrupt request: TIME-WAIT
CLOSED: no connection state
Frequently used commands show
Display card list
1 |
|
Relations show multicast group
1 |
|
Display network statistics
1 |
|
Common combination:
1 2 |
|
Display statistics on Ethernet
1 2 3 4 |
|
Display the routing information
1 |
|
1 |
|
Statistical machine the respective states the number of Fi
1 |
|
Use uniq -c after the state statistics taken out after all sorts
1 |
|
Check the IP address to connect up to a service ports
1 |
|
Find out the port running
1 |
|
TCP connection information display netstat output
netstat -pt
Description: netstat -p can be used with other switches, you can add "PID / process name."
Find out the process running on the specified port
Other considerations:
Tip: netstat LNT | grep SSH | WC the -l -> As long as more than 2, ssh service is good
Author: Small Nine Hundred and Seventy-a
Source: http://www.cnblogs.com/ftl1012/
-------------------------------------------
Signature: All things in the end is good, if not, it means the story does not end ~
This article belongs to the author [ small a Nine Hundred and Seventy ] and [ blog park ] There are, welcome to reprint, but without the author's consent declared by this section must be retained, and given the original connection in the apparent position of the article page, otherwise reserved the right to pursue legal responsibilities !