A tutorial on netstat command usage in Linux

As a whole, the output of Netstat can be divided into two parts:

One is the active Internet connections, known as the active TCP connection, where "recv-q" and "Send-q" refer to%0a receive queues and send queues. These numbers should generally be 0. If not, it means that the package is piling up in the queue. This situation can only be seen in very few situations.

The other is active UNIX domain sockets, known as the active UNIX domains socket (like a network socket, but only for native communication, which can improve performance by a factor).

Proto displays the protocol used by the connection, refcnt represents the process number that is attached to this set of interfaces, types displays the type of the socket interface, state displays the current status of the socket interface, and path represents the pathname used by other processes connected to the socket interface.

The netstat command is used to display statistics related to IP, TCP, UDP, and ICMP protocols, and is typically used to verify network connectivity across local ports. Netstat is a program that accesses the network and related information in the kernel, providing reports of TCP connections, TCP and UDP monitoring, and process memory management.

If your computer sometimes receives datagrams that cause error data or malfunctions, you don't have to be surprised that TCP/IP can allow these types of errors and automatically send datagrams. But if the cumulative number of error cases accounts for a significant percentage of the IP datagram received, or if its number is increasing rapidly, you should use Netstat to find out why these things happen.

1. Command format:

Netstat [-accefghilmnnoprstuvvwx][-a< network type >][--IP]

2. Command function:

Netstat is used to display statistics related to IP, TCP, UDP, and ICMP protocols, and is typically used to verify network connectivity across local ports.

3. Command parameters:

A or –all displays the sockets in all lines.

-a< network type > or –< network type > lists the related addresses in the network type line.

The-C or –continuous continues to list network status.

-C or –cache displays the router configuration's cache information.

-E or –extend displays other information about the network.

-F or –fib display fib.

A-G or –groups displays a list of multiple broadcast feature group members.

-H or –help online Help.

-I or –interfaces display the network interface information form.

-L or –listening displays the socket for the server in the monitor.

-M or –masquerade displays a disguised network connection.

-N or –numeric use the IP address directly, not through the domain name server.

-N or –netlink or –symbolic displays the symbolic connection name of the network hardware peripherals.

The timer is displayed in-O or –timers.

-P or –programs displays the program identifier and program name that are using the socket.

-R or –route displays routing Table.

-S or –statistice Display network work Information tab.

-T or –TCP displays the connection status of the TCP transport protocol.

-U or –UDP displays the connection status of the UDP transport protocol.

The-V or –verbose displays the instruction execution process.

-V or –version display version information.

-W or –raw displays the connection status of the raw transport protocol.

-X or –unix the effect of this parameter is the same as the specified "-A unix" parameter.

–ip or –inet The effect of this parameter is the same as the specified "-A inet" argument.

4. Use examples:

List all TCP ports (both listening and not listening)

Lists all TCP ports in the listening state

Show statistics for all ports

Show PID for processes that occupy a particular TCP port

Netstat-p can be used with other switches, you can add "Pid/process name" to the netstat output, so that the appropriate troubleshooting can easily find a specific port to run the program