Home > Developer > Web Develop
The Netstat command is used to display various network-related information, such as network connections, routing tables, Interface states (Interface Statistics), masquerade connections, multicast members (multicast memberships), and so on.
output message meaningAfter executing the netstat, the output is
Active Internet connections (w/o servers) Proto recv-q send-q Local address Foreign address statetcp 0 2 210.34.6.89:telnet 210.34.6.96:2873 establishedtcp 296 0 210.34.6.89:1165 210.34.6.84:netbios-ssn establishedtcp 0 0 localhost.localdom : 9001 localhost.localdom:1162 establishedtcp 0 0 localhost.localdom:1162 localhost.localdom:9001 ESTABLISHEDtcp 0 80 210.34.6.89:1161 210.34.6.10:netbios-ssn closeactive UNIX domain sockets (w/o servers) Proto refcnt Flags Type State I-node Pathunix 1 [] Stream CONNECTED 16178 @000000ddunix 1 [] Stream CONNECTED 16176 @000000dcunix 9 [] Dgram 5292/dev/logu Nix 1 [] STREAM CONNECTED 16182 @000000df
As a whole, the output of Netstat can be divided into two parts:
One is the active Internet connections, called the active TCP connection, where "recv-q" and "Send-q" refer to the Receive queue and the send queue. These figures are generally supposed to be 0. If not, it means that the package is accumulating in the queue. This situation can only be seen in very few cases.
The other is the active UNIX domain sockets, known as the active UNIX Domains socket interface (as with network sockets, but only for native communication, which can be increased by one-fold performance).
Proto shows the protocol used by the connection, refcnt represents the process number connected to this set of interfaces, types shows the type of the socket interface, state shows the current status of the socket interface, and path represents the pathname used by other processes connected to the socket.
Practical Command Instances 1. List all ports (including listening and not listening)-A (all) show all options, default does not show listen related-t (TCP) only show TCP-related options-U (UDP) only show UDP-related options-n deny display aliases, can display all numbers converted into numbers. -L only lists the service status in Listen (listening)-p displays the program name that establishes the relevant link-r display routing information, routing table-e displays extended information, such as UID, etc.-s per protocol to statistics-C every other fixed time, executes the netstat command. Hint: The status of listen and listening can only be seen with-a or-l
List all ports netstat-a
[[email protected] scripts]# netstat-aactive Internet connections (servers and established) Proto Recv-q send-q Loca L Address Foreign address state TCP 0 0 *:ssh *:* LISTEN TCP 0 GIN:SSH 192.168.17.1:60480 established TCP 0 0 *:ssh *:* LISTEN TCP 0 0 *:mysql *:* LISTEN UDP 0 0 *:BOOTPC *:* Active UNIX domain sockets (servers and established) Proto refcnt Flags Type State I-nod e Pathunix 5 [] dgram 9220/dev/logunix 2 [ACC] STREAM LISTENING 7 @/com/ubuntu/upstartunix 2 [ACC] STREAM LISTENING 9569/var/lib/mysql/mysql.sockunix 2 [ ] Dgram 7520 @/org/kernel/udev/udevdunix 2 [] Dgram 11630 UNIX 2 [] Dgram 10065 UNIX 2 [] Dgram 9605 UNIX 3 [] Dgram 7536 UNIX 3 [] Dgram 7535
List all TCP ports Netstat-at
[Email protected] scripts]# netstat-atactive Internet connections (servers and established) Proto recv-q send-q Local Add Ress Foreign Address State TCP 0 0 *:ssh *:* LISTEN tcp 0 gin:ssh 192.168.17.1:60480 Established TCP 0 0 *:ssh *:* LISTEN tcp 0 0 *:mysql *:*
List all UDP ports Netstat-au
2. List all Sockets in the listening state[Email protected] scripts]# netstat-auactive Internet connections (servers and established) Proto recv-q send-q Local Add Ress Foreign Address State UDP 0 0 *:bootpc *:*
Display only the listening port netstat-l
[[email protected] scripts]# netstat-lactive Internet connections (only servers) Proto recv-q send-q Local Address for Eign Address State TCP 0 0 *:ssh *:* LISTEN tcp 0 0 *:ssh *:* LISTEN TCP 0 0 *:mysql *:* LISTEN UDP 0 0 *:bootpc *:* Active UNIX domain sockets (only servers) Proto refcnt Flags Type State i-node Pathunix 2 [ACC] STREAM LISTENING 7132 @/com/ubuntu/upstartunix 2 [ACC] STREAM LISTENING 9569 /var/lib/mysql/mysql.sock
List all listening TCP ports only NETSTAT-LT
[Email protected] scripts]# netstat-ltactive Internet connections (only servers) Proto recv-q send-q Local Address Fo Reign Address State TCP 0 0 *:ssh *:* LISTEN tcp 0 0 *:ssh *:* LISTEN TCP 0 0 *:mysql *:* LISTEN
List all listening UDP ports only Netstat-lu
[Email protected] scripts]# netstat-luactive Internet connections (only servers) Proto recv-q send-q Local Address F Oreign Address State UDP 0 0 *:bootpc *:*
List all listening UNIX ports only NETSTAT-LX
3. Display statistics for each protocol[Email protected] scripts]# netstat-lxactive UNIX domain sockets (only servers) Proto refcnt Flags Type state i-node Pathunix 2 [ACC] STREAM LISTENING 7132 @/com/ubuntu/upstartunix 2 [ ACC] STREAM LISTENING 9569 /var/lib/mysql/mysql.sock
Displays statistics for all ports netstat-s
# netstat-s ip:11150 Total Packets received 1 with invalid addresses 0 forwarded 0 incoming packets discarded 11149 Inco Ming packets delivered 11635 requests sent out icmp:0 ICMP messages received 0 input ICMP message failed. tcp:582 Active Connections Openings 2 failed connection attempts + connection resets received udp:1183 packets received 4 packets to unknown Port received. .....
Displays statistics for TCP or UDP ports netstat-st or-SU
4. Display the PID and process name in the netstat output netstat-p# netstat-st # NETSTAT-SU
Netstat-p can be used with other switches, you can add "Pid/process name" to the netstat output, so debugging can easily find a specific port to run the program.
5. Host, port, and user name are not displayed in the Netstat output# netstat-pt Active Internet connections (w/o servers) Proto recv-q send-q Local address Foreign address state pid/program name TCP 1 0 ramesh-laptop.loc:47212 192.168.185.75:www close_wait 2109/firefox TCP 0 0 ramesh-laptop.loc:52750 lax:www established 2109/firefox
When you don't want to let the host, port and user name display, use Netstat-n. Numbers will be used instead of those names.
The output can also be accelerated because there is no comparison query.
# Netstat-an
If you just don't want one of these three names to be displayed, use the following command
6. Continuous output of netstat information# netsat-a--numeric-ports# netsat-a--numeric-hosts# netsat-a--numeric-users
Netstat will output network information every second.
7. Show address families not supported by the system (addr families)# netstat-c Active Internet connections (w/o servers) Proto recv-q send-q Local address Foreign address State TCP 0 0 ramesh-laptop.loc:36130 101-101-181-225.ama:www established TCP 1 1 ramesh-laptop.loc:52564 101.11.169.230:www CLOSING TCP 0 0 ramesh-laptop.loc:43758 server-101-101-43-2:www established TCP 1 1 ramesh-laptop.loc:42367 101.101.34.101:www CLOSING
Netstat--verbose
At the end of the output, there is the following information
8. Display Core routing information Netstat-rNetstat:no support for ' AF-IPX ' on the ' system.netstat:no support for ' AF AX25 ' on this system.netstat:no AF X25 ' on the System.netstat:no support for ' AF Netrom ' on the This system.
# netstat-r Kernel IP routing table Destination Gateway genmask Flags MSS Window Irtt Iface 192.168.1.0 * 255.255.255.0 u 0 0 0 eth2 link-local * 255.255.0.0 U 0 0 0 eth2 default 192.168.1.1 0.0.0.0 UG 0 0 0 eth2
Note: use NETSTAT-RN to display the number format without querying the host name.
9. Find out which port the program is running onNot all processes can be found, no permissions will not be displayed, use root permissions to view all the information.
# Netstat-ap | grep ssh TCP 1 0 dev-db:ssh 101.174.100.22:39213 close_wait -tcp 1 0 dev-db:ssh 101.174.100.22:57643 close_wait -
Locate the process running on the specified port
10. Display the list of network interfaces# Netstat-an | grep ': 80 '
# netstat-i Kernel Interface table Iface MTU Met rx-ok rx-err rx-drp rx-ovr tx-ok tx-err tx-drp tx-ovr Flg Eth0 0 0 0 0 0 0 0 0 0 BMU eth2 0 26196 0 0 0< c27/>26883 6 0 0 Bmru lo 16436 0 4 0 0 0 4 0 0 0 LRU
Show details like ifconfig using Netstat-ie:
# Netstat-ie Kernel Interface table eth0 Link encap:ethernet HWaddr 00:10:40:11:11:11 up broadcast multicast
mtu:1500 metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) memory:f6ae0000-f6b00000
View the IP addresses that connect to a service port
$ Netstat-nat | grep "192.168.1.15:22" |awk ' {print $} ' |awk-f: ' {print '} ' |sort|uniq-c|sort-nr|head-2018 221.136.168.363 154.74.45.2 422 78.173.31.2362 62.183.207.982 192.168.1.142 182.48.111.2152 124.193.219.342 119.145.41.22 114.255.41.301 75.102.11.99TCP Various status lists
$ netstat-nat |awk ' {print $6} ' established) foreignlistentime_waitestablishedtime_waitsyn_sentTake the state all out first, then use UNIQ-C statistics, then sort.
$ netstat-nat |awk ' {print $6} ' |sort|uniq-c143 ESTABLISHED1 fin_wait11 Foreign1 last_ack36 LISTEN6 syn_sent113 time_wait 1 established)The final command is as follows:
Netstat-nat |awk ' {print $6} ' |sort|uniq-c|sort-rnAnalysis Access.log get access to the top 10 IP addresses
awk ' {print '} ' Access.log |sort|uniq-c|sort-nr|head-10Reference: Http://pan.baidu.com/s/1c1VZUrI
Linux Command Summary netstat command
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
