Netstat command introduction-to use cooked

This article is well written:

Http://www.cnblogs.com/CheeseZH/p/5169498.html

Focus on Linux system state, mainly from two angles , one angle is what the system is running what service (PS command), and the other is what connection or service is available (netstat command).

Netstat can also display services that are not displayed by PS, run from inetd or xinetd, such as Telnet.

3. Common instance 3.1 lists all ports

Netstat-a

[Email protected] jiehun]# netstat-a|more Active Internet connections (servers and established) Proto Recv-q send-q Local Address               Foreign address             State      TCP        0      0 *:sunrpc                    *:*                         LISTEN      tcp        0      0 *: Webcache                  *:*                         LISTEN      tcp        0      0 *:http                      *:*                         LISTEN      tcp        0      0 192.168.122.1:domain        *:*                         LISTEN      tcp        0      0 localhost.localdomain:d-s-n *:*                         LISTEN      TCP        0      0 *:ssh                       *:*                         LISTEN      tcp        0      0 Localhost.loc:simplifymedia *:*                         LISTEN  

In the above display, "Proto" is the abbreviation for Protocol, which can be TCP or UDP.

"Recv-q" and "Send-q" refer to the Receive queue and the send queue, which should generally be 0, if not, that the package is accumulating in the queue. This can only happen in a very short period of time, such as when you click the Check Mail button in KMail, the following display is normal:

TCP 0 593 192.168.1.5:34321 VENUS.EUAO.COM:SMTP established

If the receive queue continues to be blocked, it is likely that a denial of service attack is being made. If the send queue cannot be cleaned up quickly, it may be because an application cannot deliver what is being sent.

"Local Address" refers to the IP and port number of this machine.

"Foreign Address" refers to the host name and service to which you want to connect.

"State" means the status of the connection now.

The three common TCP states are as follows:

A) LISTEN wait for the receiving connection;

b) established a connection in an active state;

c) time_wait a newly terminated connection. It lasts only 1-2 minutes, and then it becomes a LISTEN state.

Because UDP is stateless, its state bar is always blank.

Continuous access to useful information

With the "netstat-a" command, you may see hundreds of rows of results. In fact, all of the "Active Unix domain Sockets" content can be ignored in these results. This is because the content is communication between the local internal processes, not the network connection. Use the following command to avoid displaying useless information:

$ netstat--inet-a

The result of the "netstat--inet-a" command will only be a network connection, including all that are in the "LISTEN" state and the "established" state. It is important to note that the Telnet or SMTP service is generally not required for normal users. Therefore, it needs to be turned off to improve system security, and to reconfigure the boot files to ensure that they do not automatically restart the next time the system starts. To continuously view network information that is changing at any time, you can use the "-C" parameter of the netstat command and save the results to a file:

$ netstat--inet-a-c > Netstat.txt

At this point, view the Netstat.txt file to check for changes in the status of mail services, Web services, and Telnet services.

3.2 List all TCP ports

[Email protected] jiehun]# netstat-at|More Active Internet connections (servers and established) Proto RECV-Q send-Q Local Address Foreign address State TCP0      0*:SUNRPC *:*LISTEN TCP0      0*:webcache *:*LISTEN TCP0      0*:http *:*LISTEN TCP0      0 192.168.122.1:d Omain *:*LISTEN TCP0      0Localhost.localdomain:d-s-n *:*LISTEN TCP0      0*:SSH *:*LISTEN TCP0      0Localhost.loc:simplifymedia *:* LISTEN

3.3 List all UDP ports

Netstat-au

3.4 Displays only the ports that are in the listening state netstat-l

3.8 Show statistics for all ports netstat-s

[Email protected] jiehun]# netstat-sIp:1943780Total Packets Received2forwarded0Incoming Packets Discarded1769532Incoming packets delivered1121573Requests sent out     theoutgoing packets dropped45867dropped because of missing routetcp:64002Active connections Openings7632Passive Connection Openings2309failed connection Attempts498Connection resets received8Connections established1018564Segments received1022700Segments send out    16835Segments retransmited2Bad segments received. 552resets SENTUDP:133420Packets Received7845packets to unknown Port received. 0Packet Receive Errors74841Packets Sent0Receive buffer Errors0Send buffer errors

3.9 Displaying statistics for all TCP (NETSTAT-ST) or UDP (NETSTAT-SU)

3.10 Show Pid/process name Netstat-p-P can be used with other parameters such as displaying process ID information for TCP

[Email protected] jiehun]# netstat-ptactive Internet Connections (w/o servers) Proto Recv-Q send-q Local address Foreign address State Pid/Program name TCP0      0 192.168.0.52:44784          123.150.49.20: http Fin_wait24207/VirtualBox TCP0      0 192.168.0.52:46715ie-inch-f125.1e100.net:https established4207/VirtualBox TCP0      0 192.168.0.52:43415Geotrust-ocsp-mtv.veri:http Fin_wait24207/virtualbox

3.11 hosts, ports and usernames (host, port, or user) are not displayed in the Netstat output when you do not want the host, port, and user name to display, using netstat-n, the numbers will be used instead of those names, and the output can also be accelerated because there is no DNS polling. NETSTAT-NTPL Display TCP Listener port does not display host port username is replaced with a number

3.12 One-second output TCP listener port information NETSTAT-NTPLC

3.13 Displaying routing information netstat-r

[Email protected] jiehun]# netstat-rkernel IP Routing tabledestination Gateway genmask Flags MSS Window irtt IfacedefaultVrouter0.0.0.0Ug0 0          0eth0192.168.0.0*255.255.255.0U0 0          0eth0192.168.122.0*255.255.255.0U0 0          0Virb

3.14 display a list of network interfaces, check the NIC Netstat-i

[Email protected] jiehun]# netstat-ikernel Interface tableiface MTU Met RX-ok rx-err rx-drp rx-ovr tx-ok tx-err TX-DRP tx-OVR Flgeth0 the   0  4943885      0      0      0   901773      0      0      0Bmrulo16436   0   236931      0      0      0   236931      0      0      0LRUvirbr0 the   0        0      0      0      0        0      0      0      0BMU

You should see a lot of numbers in the Rx-ok (Received OK) and Tx-ok (transmitted OK) columns, and the numbers in other places should be very small. If you see a lot of data in the "Rx-err" or "tx-err" columns, it is likely that there is a problem with the NIC or the network cable.

2. Introduction to the meaning of parameters

-A (All) displays all options and does not show listen correlation by default (this option displays a list of all valid connection information, including established connections (established), and also those connections that listen for connections please (LISTENING). ）
-T (TCP) displays only TCP-related options
-U (UDP) displays only UDP-related options
-N refuses to display aliases, showing all numbers converted to numbers.
-l list only service status in Listen (listening)

-P Displays the program name that establishes the associated link
-R Displays routing information, routing table (this option can display information about the routing table, similar to what you see later when you use the route Print command.) In addition to showing valid routes, the currently active connection is displayed. ）
-e Displays extended information, such as UID (this option is used to display statistical data about Ethernet. The items it lists include the total number of bytes sent, the number of errors, the number of deletes, the number of datagrams, and the number of broadcasts. These statistics have both the number of datagrams sent and the number of datagrams received. This option can be used to count some basic network traffic). ）
-S is counted according to each protocol (this option is able to display its statistics according to each protocol separately.) If our application (such as a Web browser) is running slowly, or we cannot display data such as a Web page, then we can use this option to look at the information displayed. We need to take a closer look at the rows of the statistics, find the keywords that went wrong, and then determine where the problem is. ）
-C executes the netstat command every other fixed time.

Hint: The status of listen and listening can only be seen with-a or-l

Netstat command introduction-to use cooked