Linux command netstat

Write in front: Refer to the following link

Https://www.cnblogs.com/xieshengsen/p/6618993.html
51130936

The netstat command is amonitoring TCP/IP networksVery useful tool that can display the routing table, the actual network connection, and the status information for each network interface device.
Syntax options
netstat [options]
-A or--all: Displays all sockets in the connection;
-a< network type > or--< network type;: Lists the relevant addresses in the network type connection;
-C or--continuous: Continuous listing of network status;
-C or--cache: shows the cache information of the router configuration;
-E or--extend: Displays other relevant information about the network;
-F or--fib: show fib;
-G or--groups: Displays the multi-broadcast Function group member list;
-H or--help: online help;
-I or--interfaces: Displays the Web interface information form;
-L or--listening: Displays the socket of the server in the monitor;
-M or--masquerade: Displays the spoofed network connection;
-N or--numeric: Use the IP address directly, not through the domain name server;
--n a network IP address instead of a name to display network connectivity scenarios
-N or--netlink or--symbolic: Displays the symbolic connection name of the network hardware peripheral device;
-O or--timers: Display timer;
-P or--programs: shows the program identification code and program name of the socket being used;
- R or--route: Show routing Table;
-S or--statistice: Display the network work information statistics;
-T or--tcp: shows the connection status of the TCP transport protocol;
-U or--UDP: Displays the connection status of the UDP transport protocol;
-V or--verbose: Displays the instruction execution process;
-V or--version: Displays version information;
-W or--raw: Displays the connection status of the raw transport protocol;
-X or--unix: The effect of this parameter is the same as specifying the "-A unix" parameter;
--ip or--inet: The effect of this parameter is the same as specifying the "-A inet" parameter.
Example
1) List all port conditions
[[email protected] ~]# NETSTAT-A # list all ports

[[email protected] ~]# Netstat-at # list all TCP ports

[[email protected] ~]# Netstat-au # list all UDP ports
2) List all Sockets in the listening state
[[email protected] ~]# Netstat-l # display only listening ports

[Email protected] ~]# NETSTAT-LT #Display listening TCP port

[Email protected] ~]# Netstat-lu #Show listening UDP port

[[email protected] ~]# NETSTAT-LX # display listening Unix port
3) Display statistics for each protocol
[[email protected] ~]# Netstat-s # Show statistics for all ports

[[email protected] ~]# Netstat-st # Displays statistics for all TCP

[[email protected] ~]# NETSTAT-SU # Show statistics for all UDP
4) Show PID and process name
[Email protected] ~]# netstat-p
5) Display core routing information
[email protected] ~]# netstat-r
#route

[[email protected] ~]# NETSTAT-RN # Displays number format, does not query host name

6) View ports and services
[Email protected] ~]# NETSTAT-ANTP | grep ssh

[Email protected] ~]# NETSTAT-ANTP | grep 22

Command return result parsing
The netstat command is typically used to view ip/port occupancy, which can be used by network programmers to detect the correct port for sending/receiving data. For example, the recent "video real-time transmission" project is to use it to find problems. So it is necessary to understand the meaning of the output of the netstat command, here are three typical results:

Description: Tserver01 is a UDP server test program that receives the client's request data and then callbacks another set of data to the client.
udp--Transport protocol for UDP protocol
0.0.0.0:1234--local Ip/port information.
There are two interpretations of 0.0.0.0:
1, 0.0.0.0 represents any address available on the machine. For example, 0.0.0.0:1234 represents 1234 ports for all addresses on this machine so that multiple IP computers do not have to be displayed repeatedly.
2, 0.0.0.0 is the default route, that is, to reach the network segment that is not in the routing table, the package will go 0.0.0.0 this rule.
In fact, we can be "generic" to represent "native address", 1234 in the program as the binding 1234 port number
0.0.0.0:*--Destination Address ip/port information.
0.0.0.0:* still has two explanations:
1, this program only for binding socket operation, no data sent to the destination address, that is, no destination address. (This can be when the client has initiated and established a communication with the server, or the client is not turned on.) In short, the server does not emit data externally)
2, has the destination address, and sends the data, but because is the UDP transmission, did not use the Connect function to establish the two ends to connect.
And as this test program is: the use of UDP protocol, and the callback data with the Connect binding client address, but the client is not open, resulting in no connection.

By the above knowledge, you can get the following information directly:
Explain:
TSERVER01 program uses UDP protocol to transmit data, bind the 115.28.183.194:1234 address information, and call the Connect function binding destination address 221.212.116.50:9781 established a local-to-purpose connection. (as to whether to send data is not known)

Comments:
The VideoSERVER program binds the ground socket to accept client X's connection (0.0.0.0:1234->0.0.0.0:*), binds another socket (ip/port), and calls the Connnect function to establish a connection with client Y and communicate (X And y can be the same client).
(PS: Program problem is found here, we clearly through the client 2 and the server to establish the port number is 1234 NAT penetration, but the actual program with another is not "penetrated" 44268 random port to the client 2 to send data, resulting in data transmission to the intranet is discarded. ）

This command simply makes a test of whether the local/destination address is correct, and is a one-way test, local-to-purpose, that is, whether the destination client initiated a connection to the local server is not visible (needs to be tested by the host running on the client. If you need more detailed data to send the test of the problem, you can run the tcpdump command to grab the package view. Recommended Blog: http://blog.chinaunix.net/uid-11140746-id-2903933.html

LISTEN Listening for connection requests from a remote TCP port
Syn-sent waiting for a matching connection request after sending a connection request
Syn-received waits for confirmation of the connection request after receiving and sending a connection request
The established represents an open connection
Time-wait waits enough time to ensure that the remote TCP receives a connection interrupt request acknowledgement
CLOSED does not have any connection status
Closed-wait waiting for a connection interrupt request from a local user

Linux command netstat