Netstat and netstat commands

Netstat and netstat commands
Introduction

In the Internet RFC standard, Netstat is defined as: Netstat is a program that accesses networks and related information in the kernel. It can provide TCP connections, TCP and UDP listeners, reports on process memory management.

Netstat is a console command and a very useful tool for monitoring TCP/IP networks. It can display the route table, the actual network connection, and the status information of each network interface device. Netstat is used to display statistics related to IP, TCP, UDP, and ICMP protocols. It is generally used to check the network connection of each port on the local machine.

If the data packets received by your computer sometimes cause data errors or faults, you don't have to be surprised that TCP/IP can allow these types of errors and automatically resend the data packets. However, if the cumulative number of errors accounts for a considerable percentage of the received IP data packets, or the number of errors increases rapidly, then you should use Netstat to check the cause.

Netstat-an is generally used to display all connected ports and use numbers.

The netstat command displays network connection, route table, and network interface information, allowing you to know which network connections are in operation. If no parameter is included during use, netstat displays active TCP connections.

The common format of this command is:

Netstat [-a] [-e] [-n] [-o] [-p Protocol] [-r] [-s] [Interval]

 

Output Information

After netstat is executed, the output result is

Active Internet connections (w/o servers)Proto Recv-Q Send-Q Local Address Foreign Address Statetcp 0 2 210.34.6.89:telnet 210.34.6.96:2873 ESTABLISHEDtcp 296 0 210.34.6.89:1165 210.34.6.84:netbios-ssn ESTABLISHEDtcp 0 0 localhost.localdom:9001 localhost.localdom:1162 ESTABLISHEDtcp 0 0 localhost.localdom:1162 localhost.localdom:9001 ESTABLISHEDtcp 0 80 210.34.6.89:1161 210.34.6.10:netbios-ssn CLOSEActive UNIX domain sockets (w/o servers)Proto RefCnt Flags Type State I-Node Pathunix 1 [ ] STREAM CONNECTED 16178 @000000ddunix 1 [ ] STREAM CONNECTED 16176 @000000dcunix 9 [ ] DGRAM 5292 /dev/logunix 1 [ ] STREAM CONNECTED 16182 @000000df

The output result of netstat can be divided into two parts:

One is Active Internet connections, which is called an Active TCP connection. "Recv-Q" and "Send-Q" indicate that % 0A is a receiving queue and a sending queue. These numbers are generally 0. If not, the package is accumulating in the queue. This can only be seen in rare cases.

The other is Active UNIX domain sockets, called the Active Unix domain interface (which is the same as network socket, but can only be used for local communication, and the performance can be doubled ). Proto displays the protocol used for the connection. RefCnt indicates the process number connecting to this interface. Types indicates the type of the interface set. State indicates the current status of the interface set, path indicates the Path name used by other processes connected to the set interface.

 

Option

The meanings of the options in the command are as follows:

-A (all) shows all sockets, including those being monitored.

-C is re-displayed every one second until the user interrupts it.

-I: displays information about all network interfaces in the format of "netstat-I ".

-N is replaced by a network IP address to show network connection conditions.

-R displays the core route table in the same format as "route-e ".

-T (TCP) shows the TCP connection status

-U (UDP) displays the connections of the UDP protocol.

-V: displays ongoing work.

-P: displays the specified protocol information.

-B shows the executable programs involved in creating each connection or listening port.

-E displays Ethernet statistics. This option can be used with the-s option.

-F displays the Fully Qualified Domain Name (FQDN) of the external address ).

-O displays the IDs of processes associated with each connection.

-S displays statistics for each protocol.

-X displays NetworkDirect connections, listeners, and shared endpoints.

-Y: displays the TCP connection templates for all connections. Cannot be used with other options.

Interval re-displays the selected statistics. The interval (in seconds) between display pauses. Press CTRL + C to stop resending statistics. If omitted, netstat prints the current configuration information once.

 

Common options

Netstat-s

-- This option displays statistics for each protocol. If your applications (such as Web browsers) run slowly or cannot display data such as Web pages, you can use this option to view the displayed information. You need to carefully check the rows of the statistical data, find the keyword of the error, and then confirm the problem.

Netstat-e

-- This option is used to display statistics about Ethernet. The items listed include the total number of bytes, number of errors, and number of deletions of data packets, includes the number of sent and received packets (such as the number of bytes sent and received, the number of packets [1]), or the number of broadcast packets. It can be used to measure some basic network traffic.

Netstat-r

-- This option displays information about the route table, which is similar to the information displayed when you use the routeprint command later. In addition to valid routes, valid connections are also displayed.

Netstat-

-- This option displays a list of all valid connection information, including the ESTABLISHED connections (ESTABLISHED) and those that listen to the LISTENING requests.

Netstat-n

-- Display all established valid connections. [3]

Netstat-p

-- Display the protocol name to view the usage of a specific protocol

 

Common status

That is, the connection status. In the original mode, there is no status in the User Datagram Protocol, so the Status column can be empty. If the status is available, the value is generally [4].

LISTEN: listens for connection requests from remote TCP ports

SYN-SENT: wait for a matched connection request after a connection request is sent

SYN-RECEIVED: Wait for the other party to confirm the connection request after receiving and sending a connection request

ESTABLISHED: indicates an opened connection.

FIN-WAIT-1: waiting for confirmation of the remote TCP connection interruption request or previous connection interruption request

FIN-WAIT-2: Waiting for connection interruption requests from remote TCP

CLOSE-WAIT: Waiting for connection interruption requests from Local Users

CLOSING: waiting for confirmation of remote TCP connection interruption

LAST-ACK: waiting for confirmation of the original connection interruption request sent to remote TCP

TIME-WAIT: WAIT for enough TIME to confirm that the remote TCP receives the connection interruption request.

CLOSED: No connection status

Note: The LISTEN and LISTENING statuses can only be viewed using-a or-l.

 

Check whether the port is occupied:

Netstat-anp | grep port

Lsof-I: port

 

View the process occupying the Port:

Netstat-anp | grep port

Or use lsof-I: port

The process id is displayed,

Ps-ef | grep pid.

 

View the port used by a process (such as a java Process:

Ps-aux | grep java

Find pid

Then lsof-I | grep pid

Or use netstat-anp | grep pid.

References:

Http://www.cnblogs.com/ggjucheng/archive/2012/01/08/2316661.html

What is netstat?

The netstat command displays network connection, route table, and network interface information, allowing you to know which network connections are currently in operation.

The common format of this command is:

Netstat [Option]

The meanings of the options in the command are as follows:

-A displays all sockets, including those being monitored.

-C is re-displayed every one second until the user interrupts it.

-I displays information of all network interfaces in the same format as "ifconfig-e ".

-N is replaced by a network IP address to show network connection conditions.

-R displays the core route table in the same format as "route-e ".

-T shows the TCP connection status.

-U: displays the connections of the UDP protocol.

-V: displays ongoing work.

[Example] Run the netstat command on a local machine.

$ Netstat

Active Internet connections (w/o servers)

Proto Recv-Q Send-Q Local Address Foreign Address State

Active UNIX domain sockets (w/o servers)

Proto RefCnt Flags Type State I-Node Path

Unix 1 [] stream connected 270 @ 00000008

Unix 1 [] stream connected 150 @ 00000002

Unix 1 [] stream connected 104 @ 00000001

Unix 1 [] stream connected 222 @ 00000004

Unix 1 [] stream connected 171 @ 00000003

Unix 1 [] stream connected 271/dev/log

Unix 1 [] stream connected 225/dev/log

Unix 1 [] stream connected 223/dev/log

Unix 1 [] stream connected 203/dev/log

Unix 1 [] stream connected 105/dev/log

What is netstat?

The netstat command displays network connection, route table, and network interface information, allowing you to know which network connections are currently in operation.

The common format of this command is:

Netstat [Option]

The meanings of the options in the command are as follows:

-A displays all sockets, including those being monitored.

-C is re-displayed every one second until the user interrupts it.

-I displays information of all network interfaces in the same format as "ifconfig-e ".

-N is replaced by a network IP address to show network connection conditions.

-R displays the core route table in the same format as "route-e ".

-T shows the TCP connection status.

-U: displays the connections of the UDP protocol.

-V: displays ongoing work.

[Example] Run the netstat command on a local machine.

$ Netstat

Active Internet connections (w/o servers)

Proto Recv-Q Send-Q Local Address Foreign Address State

Active UNIX domain sockets (w/o servers)

Proto RefCnt Flags Type State I-Node Path

Unix 1 [] stream connected 270 @ 00000008

Unix 1 [] stream connected 150 @ 00000002

Unix 1 [] stream connected 104 @ 00000001

Unix 1 [] stream connected 222 @ 00000004

Unix 1 [] stream connected 171 @ 00000003

Unix 1 [] stream connected 271/dev/log

Unix 1 [] stream connected 225/dev/log

Unix 1 [] stream connected 223/dev/log

Unix 1 [] stream connected 203/dev/log

Unix 1 [] stream connected 105/dev/log