Linux Command Summary netstat command

Source: Internet
Author: User

Introduction

The Netstat command is used to display various network-related information, such as network connections, routing tables, Interface states (Interface Statistics), masquerade connections, multicast members (multicast memberships), and so on.

output message meaning

After executing the netstat, the output is

Active Internet connections (w/o servers) Proto recv-q send-q Local address Foreign address statetcp 0 2 210.34.6.89:telnet 210.34.6.96:2873 establishedtcp 296 0 210.34.6.89:1165 210.34.6.84:netbios-ssn establishedtcp 0 0 localhost.localdom : 9001 localhost.localdom:1162 establishedtcp 0 0 localhost.localdom:1162 localhost.localdom:9001 ESTABLISHEDtcp 0 80  210.34.6.89:1161 210.34.6.10:netbios-ssn closeactive UNIX domain sockets (w/o servers) Proto refcnt Flags Type State I-node Pathunix 1 [] Stream CONNECTED 16178 @000000ddunix 1 [] Stream CONNECTED 16176 @000000dcunix 9 [] Dgram 5292/dev/logu Nix 1 [] STREAM CONNECTED 16182 @000000df

As a whole, the output of Netstat can be divided into two parts:

One is the active Internet connections, called the active TCP connection, where "recv-q" and "Send-q" refer to the Receive queue and the send queue. These figures are generally supposed to be 0. If not, it means that the package is accumulating in the queue. This situation can only be seen in very few cases.

The other is the active UNIX domain sockets, known as the active UNIX Domains socket interface (as with network sockets, but only for native communication, which can be increased by one-fold performance).
Proto shows the protocol used by the connection, refcnt represents the process number connected to this set of interfaces, types shows the type of the socket interface, state shows the current status of the socket interface, and path represents the pathname used by other processes connected to the socket.

Common Parameters
-A (all) show all options, default does not show listen related-t (TCP) only show TCP-related options-U (UDP) only show UDP-related options-n deny display aliases, can display all numbers converted into numbers. -L only lists the service status in Listen (listening)-p displays the program name that establishes the relevant link-r display routing information, routing table-e displays extended information, such as UID, etc.-s per protocol to statistics-C every other fixed time, executes the netstat command. Hint: The status of listen and listening can only be seen with-a or-l
Practical Command Instances 1. List all ports (including listening and not listening)

List all ports netstat-a

[[email protected] scripts]# netstat-aactive Internet connections (servers and established) Proto Recv-q send-q Loca                         L Address Foreign address state TCP 0 0 *:ssh *:*        LISTEN TCP 0 GIN:SSH 192.168.17.1:60480 established TCP                     0 0 *:ssh *:* LISTEN TCP 0 0 *:mysql                                     *:* LISTEN UDP 0 0 *:BOOTPC *:* Active UNIX domain sockets (servers and established) Proto refcnt Flags Type State I-nod e Pathunix 5 [] dgram 9220/dev/logunix 2 [ACC] STREAM LISTENING 7  @/com/ubuntu/upstartunix 2 [ACC] STREAM LISTENING 9569/var/lib/mysql/mysql.sockunix 2 [         ] Dgram           7520 @/org/kernel/udev/udevdunix 2 [] Dgram 11630 UNIX 2 []                    Dgram 10065 UNIX 2 [] Dgram 9605 UNIX 3 [] Dgram 7536 UNIX 3 [] Dgram 7535

List all TCP ports Netstat-at

[Email protected] scripts]# netstat-atactive Internet connections (servers and established) Proto recv-q send-q Local Add Ress               Foreign Address             State      TCP        0      0 *:ssh                       *:*                         LISTEN      tcp        0     gin:ssh                     192.168.17.1:60480          Established TCP        0      0 *:ssh                       *:*                         LISTEN      tcp        0      0 *:mysql                     *:*                         

List all UDP ports Netstat-au

[Email protected] scripts]# netstat-auactive Internet connections (servers and established) Proto recv-q send-q Local Add Ress               Foreign Address             State      UDP        0      0 *:bootpc                    *:*   
2. List all Sockets in the listening state

Display only the listening port netstat-l

[[email protected] scripts]# netstat-lactive Internet connections (only servers) Proto recv-q send-q Local Address for               Eign Address             State      TCP        0      0 *:ssh                       *:*                         LISTEN      tcp        0      0 *:ssh                       *:*                         LISTEN      TCP        0      0 *:mysql                     *:*                         LISTEN      UDP        0      0 *:bootpc                    *:*                                     Active UNIX domain sockets (only servers) Proto refcnt Flags       Type       State         i-node Pathunix  2      [ACC]     STREAM     LISTENING     7132   @/com/ubuntu/upstartunix  2      [ACC]     STREAM     LISTENING     9569   /var/lib/mysql/mysql.sock

List all listening TCP ports only NETSTAT-LT

[Email protected] scripts]# netstat-ltactive Internet connections (only servers) Proto recv-q send-q Local Address               Fo Reign Address             State      TCP        0      0 *:ssh                       *:*                         LISTEN      tcp        0      0 *:ssh                       *:*                         LISTEN      TCP        0      0 *:mysql                     *:*                         LISTEN

List all listening UDP ports only Netstat-lu

[Email protected] scripts]# netstat-luactive Internet connections (only servers) Proto recv-q send-q Local Address               F Oreign Address             State      UDP        0      0 *:bootpc                    *:*  

List all listening UNIX ports only NETSTAT-LX

[Email protected] scripts]# netstat-lxactive UNIX domain sockets (only servers) Proto refcnt Flags       Type       state
   i-node Pathunix  2      [ACC]     STREAM     LISTENING     7132   @/com/ubuntu/upstartunix  2      [ ACC]     STREAM     LISTENING     9569   /var/lib/mysql/mysql.sock
3. Display statistics for each protocol

Displays statistics for all ports netstat-s

# netstat-s ip:11150 Total Packets received 1 with invalid addresses 0 forwarded 0 incoming packets discarded 11149 Inco Ming packets delivered 11635 requests sent out icmp:0 ICMP messages received 0 input ICMP message failed.  tcp:582 Active Connections Openings 2 failed connection attempts + connection resets received udp:1183 packets received 4 packets to unknown Port received. .....

Displays statistics for TCP or UDP ports netstat-st or-SU

# netstat-st # NETSTAT-SU
4. Display the PID and process name in the netstat output netstat-p

Netstat-p can be used with other switches, you can add "Pid/process name" to the netstat output, so debugging can easily find a specific port to run the program.

# netstat-pt Active Internet connections (w/o servers) Proto recv-q send-q Local address           Foreign address         state
   pid/program name TCP        1      0 ramesh-laptop.loc:47212 192.168.185.75:www        close_wait  2109/firefox TCP        0      0 ramesh-laptop.loc:52750 lax:www established 2109/firefox
5. Host, port, and user name are not displayed in the Netstat output

When you don't want to let the host, port and user name display, use Netstat-n. Numbers will be used instead of those names.

The output can also be accelerated because there is no comparison query.

# Netstat-an

If you just don't want one of these three names to be displayed, use the following command

# netsat-a--numeric-ports# netsat-a--numeric-hosts# netsat-a--numeric-users
6. Continuous output of netstat information

Netstat will output network information every second.

# netstat-c Active Internet connections (w/o servers) Proto recv-q send-q Local address           Foreign address State         TCP        0      0 ramesh-laptop.loc:36130 101-101-181-225.ama:www established TCP        1      1 ramesh-laptop.loc:52564 101.11.169.230:www      CLOSING TCP        0      0 ramesh-laptop.loc:43758 server-101-101-43-2:www established TCP        1      1 ramesh-laptop.loc:42367 101.101.34.101:www      CLOSING
7. Show address families not supported by the system (addr families)
Netstat--verbose

At the end of the output, there is the following information

Netstat:no support for ' AF-IPX ' on the ' system.netstat:no support for ' AF AX25 ' on this system.netstat:no AF X25 ' on the System.netstat:no support for ' AF Netrom ' on the This system.
8. Display Core routing information Netstat-r
# netstat-r Kernel IP routing table Destination     Gateway         genmask         Flags   MSS Window  Irtt Iface 192.168.1.0     *               255.255.255.0   u         0 0          0 eth2 link-local      *               255.255.0.0     U         0 0          0 eth2 default         192.168.1.1     0.0.0.0         UG        0 0          0 eth2

Note: use NETSTAT-RN to display the number format without querying the host name.

9. Find out which port the program is running on

Not all processes can be found, no permissions will not be displayed, use root permissions to view all the information.

# Netstat-ap | grep ssh TCP        1      0 dev-db:ssh           101.174.100.22:39213        close_wait  -tcp        1      0 dev-db:ssh           101.174.100.22:57643        close_wait  -

Locate the process running on the specified port

# Netstat-an | grep ': 80 '
10. Display the list of network interfaces
# netstat-i Kernel Interface table Iface   MTU Met rx-ok rx-err rx-drp rx-ovr tx-ok   tx-err tx-drp tx-ovr Flg    Eth0       0         0      0      0 0             0      0      0      0 BMU eth2       0     26196      0      0 0< c27/>26883      6      0      0 Bmru lo        16436 0         4      0      0 0             4      0      0      0 LRU

Show details like ifconfig using Netstat-ie:

# Netstat-ie Kernel Interface table eth0      Link encap:ethernet HWaddr  00:10:40:11:11:11 up broadcast multicast
   
    mtu:1500  metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B) memory:f6ae0000-f6b00000
   
IP and TCP analysis

View the IP addresses that connect to a service port

$ Netstat-nat | grep "192.168.1.15:22" |awk ' {print $} ' |awk-f: ' {print '} ' |sort|uniq-c|sort-nr|head-2018 221.136.168.363 154.74.45.2 422 78.173.31.2362 62.183.207.982 192.168.1.142 182.48.111.2152 124.193.219.342 119.145.41.22 114.255.41.301 75.102.11.99

TCP Various status lists

$ netstat-nat |awk ' {print $6} ' established) foreignlistentime_waitestablishedtime_waitsyn_sent
Take the state all out first, then use UNIQ-C statistics, then sort.
$ netstat-nat |awk ' {print $6} ' |sort|uniq-c143 ESTABLISHED1 fin_wait11 Foreign1 last_ack36 LISTEN6 syn_sent113 time_wait 1 established)
The final command is as follows:
Netstat-nat |awk ' {print $6} ' |sort|uniq-c|sort-rn

Analysis Access.log get access to the top 10 IP addresses

awk ' {print '} ' Access.log |sort|uniq-c|sort-nr|head-10

Reference: Http://pan.baidu.com/s/1c1VZUrI

Linux Command Summary netstat command

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.