table of Contents
Three, output information description
1. Introduction
The netstat command is used to display statistics related to IP, TCP, UDP, and ICMP protocols, and is generally used to check the network connection of each port of the machine. netstat is a program that accesses the network and related information in the kernel. It can provide reports on TCP connections, TCP and UDP monitoring, and process management.
2. Main parameters
-a 显示所有连接和监听端口
-t 显示tcp链接
-u 显示udp链接
-p 显示程序名字
-n 拒绝显示别名,能显示数字的全部转换位数字
-l 仅列出有在Listen(监听)的服务状态
-r 显示路由信息,路由表
-e 显示扩展信息,如Inode等
-s 按各个协议统计
-c 每隔一个固定时间,执行netstat命令
-i 显示网卡接口。即显示所有网络接口的信息。
提示LISTEN和ESTABLISHED的状态只有用-a或者-l才能看到
Three, output information description
[root@sy-suz-srv51 ~]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 k8sdev.sui:sun-sr-https k8sdev.suiyi.com.:34880 SYN_RECV
tcp 0 0 k8sdev.suiyi.com.c:2379 10.1.62.21:47910 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 3 [ ] DGRAM 18442 /run/systemd/notify
unix 2 [ ] DGRAM 14151 /var/run/nscd/socket
unix 2 [ ] DGRAM 584 /run/systemd/shutdownd
unix 3 [ ] STREAM CONNECTED 124439388 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 42312 /run/systemd/journal/stdout
The output of netstat can be divided into two parts
1. Active Internet connections Active TCP connection, where "Recv-Q" and "Send-Q" refer to receiving queue and sending queue. These numbers should generally be 0. If not, it means that the software package is accumulating in the queue. This situation can only be seen in very rare cases.
2. Active UNIX domain sockets Active Unix domain sockets (the same as network sockets, but can only be used for local communication, and the performance can be doubled).
Column name explanation:
Proto: Display the protocol used by the connection.
RefCnt: Represents the process number connected to this socket.
Types: Display the types of sockets.
State: Display the current state of the socket.
LISTEN :在监听状态中。
ESTABLISHED:已建立联机的联机情况。
TIME_WAIT:该联机在目前已经是等待的状态。
Path: Represents the path name used by other processes connected to the socket.
Four, use cases
Count the number of each state of the network connection in the machine.
netstat -a | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'
Take out all the states and use uniq -c to count them before sorting.
netstat -nat |awk '{print $6}'|sort|uniq -c
View the IP addresses with the most connected service ports.
netstat -nat | grep "192.168.120.20:16067" |awk '{print $5}'|awk -F: '{print $4}'|sort|uniq -c|sort -nr|head -20
Find out the port on which the ssh program is running.
netstat -ap | grep ssh
Display PID and process name in netstat output.
netstat -pt
Find out which process is running on the specified port. Then you can find the specific application through the ps command.
netstat -anpt | grep ':16064'
Display routing information
[root@boke ~]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default gateway 0.0.0.0 UG 0 0 0 eth0
link-local 0.0.0.0 255.255.0.0 U 0 0 0 eth0
172.17.96.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0