A chance to fish, I saw a friend in the group asked what the netstat -tnpl command does. This command has been used a lot, but I haven't really studied it, but this is a problem, I can't let it go I have passed it, and I use the netstat command to query the listening status of the port every day, so take this opportunity to understand the netstat command together.
The netstat command is compatible under Linux, Windows and MacOS operating systems. The difference is that the command for netstat to display detailed information under UNIX is man netstat , while under Linux and Windows it is netstat --help .
netstat command under Linux
When I executed the man netstat command under Linux, the prompt displayed by the system really surprised me. It seems that this command has a lot of content! Don't be intimidated by such a long description, let's go step by step.
First, let's understand what the netstat command does.
The official explanation given to us is that
netstat -- show network status
list network status
But what about the state of the network? With doubts, I executed it under Linux.
The print is a six-tuple, and the content of each column of the six-tuple is
A closer look at the six-tuple seems to indicate that the netstat command is a command-line tool for monitoring incoming and outgoing network connections and status .
On the whole, the output of netstst can be divided into two parts, one is Active Internet connections , called active TCP connections , where Recv-Q and Send-Q refer to the client sending queue and the client receiving queue. The values of these two queues are generally 0. If it is not 0, it means that there are messages piled up and have not been sent/taken out. This situation is rarely seen.
The other part is Active UNIX domain sockets , called active Unix domain sockets. The sockets in this part are the same as network socket sockets. The difference is that this piece can only be used for local communication, and its performance is higher than that of network sockets. . Active UNIX domain sockets is also a six-tuple, representing
netstat parameter definition
Let's explain some of the parameters listed in netstat --help. Let's start with the most common parameters, so that everyone can form a staged memory and not lose focus.
netstat -a
-a This parameter will monitor all socket connections by default.
Including those that have been monitored, those that have established connections, those sent by the client that are waiting for the server, and those that have not been monitored will be listed.
netstat -at/-t
The suffixes netstat -at and netstat -t are both used to monitor ports related to the TCP protocol. The difference is that netstat -at listens to ports in all states, while netstat -t only listens to ports in ESTABLISHED state. .
netstat -at
netstat -t
netstat -au/-u
Similarly, netstat -au and netstat -u both monitor ports related to UDP, the difference is that netstat -au listens to all ports in the state, while netstat -u only listens to ports in the ESTABLISHED state.
netstat -au
netstat -u
My test here is not to monitor the UDP protocol in the established connection state.
netstat -ap
This command is used to list the ports on which the program is running. The commonly used commands are
netstat -ap|grep '程序名'
For example, if we are looking for an http program, it is Netstat -ap|grep http
You can also list the port number directly
netstat -ap|grep 8080
However, it should be noted that not all programs can be found, and those without permissions will not be displayed. You can query all information with root permissions.
netstat -l
netstat -l is used to monitor the port that is in the listening state (it is really hard to read, in order to read more smoothly, use the 列出replacement monitor directly later).
netstat -lt is only used to list all listening TCP ports.
netstat -lu is only used to list all listening UDP ports.
netstat -lx is only used to list all listening UNIX ports.
netstat -s
netstat -s is used to list statistics for all ports.
netstat -st is used to list statistics of TCP ports.
netstat -su is used to list statistics for UDP ports.
netstat -p
netstat -p can be used with other parameters, eg netstat -pt can list the service name and PID number.
netstat -c
Using netstat -c will list network information every second.
netstat -r
netstat -r is used to list routing core information.
netstat --verbose
This command will list the Address Family supported by the system .
Address Family simply means which communication protocol is used by the bottom layer to submit data. For example, AF_INET uses TCP/IPv4; AF_INET6 uses TCP/IPv6; and AF_LOCAL or AF_UNIX refers to local communication (that is, this time Communication is the communication between processes on the current host), which is generally specified in the form of an absolute path.
netstat -i
netstat -i is used to list network interface packets, including transmitting and receiving packets with MTU (maximum transmission unit).
In addition, netstat -ie is also used to list the kernel interface table, very similar to the ifconfig command
about this issue
So, going back to the question at the beginning of the article, what is netstat -tnpl used for, in fact, this is a combination of several parameters
- -t : only list information related to tcp
- -n: list numerically
- -p: list the socket PID and program name in use
- -l: List listening server sockets
Let's execute this command.
In addition, in Linux, it has been recommended to use ss instead of netstat, use ip route instead of netstat -r, use ip -s link instead of netstat -i, and use ip addr instead of netstat -g.
Original link: Can netstat still play like this?
If this article is helpful to you, I hope you like it and follow it!