Linux Server netstat command usage records

Regardless of our users choose VPS, server used to build stations, or used for project operation, and even the old Chiang often see a lot of even virtual host did not play the neat users also began to use VPS server to build the site. These users and projects, in the server and site environment when everything is normal, no problem, but once there are problems, will be very entangled do not know how to solve.

Even if the VPS has been used for some time, users of the server, such as the old Chiang encountered no previously seen problems, but also need to find solutions, ask the expert and ask people to solve, just in the collation of documents recorded a few netstat command, but also in the operation of the server when we often use, So use this log to record, is a more common script.

Common parameters

-A (all) shows all options, default does not show listen related
-T (TCP) displays only TCP-related options
-U (UDP) only displays UDP-related options
-N denies displaying aliases, and can display all numbers converted to numbers.
-l list only the Listen (listening) of the service, trillion thorn?/p>

-P Displays the name of the program that establishes the associated link
-R Displays routing information, routing table
-e display extended information, such as UID, etc.
-S statistics according to each protocol
-C executes the netstat command at every other fixed time.

Hint: The status of listen and listening can only be seen with-a or-l

Example

First, view the number of connections for port 80

Netstat-nat|grep-i "|wc-l"

Second, the number of connected IP to sort

Netstat-ntu | awk ' {print $} ' | Cut-d:-f1 | Sort | uniq-c | Sort-n

Third, TCP connection status

Netstat-nat |awk ' {print $} ' |sort|uniq-c|sort-rn
Netstat-n | awk '/^tcp/{++s[$NF]}; End {for (a in S) print A, s[a]} '
Netstat-n | awk '/^tcp/{++state[$NF]}; End {for (key) print key, "\ T", State[key]} '
Netstat-n | awk '/^tcp/{++arr[$NF]}; End {to (k in arr) print K, "\ T", arr[k]} '
Netstat-n |awk '/^tcp/{print $NF} ' |sort|uniq-c|sort-rn
Netstat-ant | awk ' {print $NF} ' | Grep-v ' [A-z] ' | Sort | Uniq-c

Four, occupy 80 ports up to 20 IP

Netstat-anlp|grep 80|grep Tcp|awk ' {print $} ' |awk-f: ' {print $} ' |sort|uniq-c|sort-nr|head-n20
Netstat-ant |awk '/:80/{split ($5,ip, ":"); ++a[ip[1]]}end{for (i in A) print A,i} ' |sort-rn|head-n20

V, see time_wait more connections

Netstat-n|grep Time_wait|awk ' {print $} ' |sort|uniq-c|sort-rn|head-n20

View the number of SYN connections

Netstat-an | grep SYN | awk ' {print $} ' | Awk-f: ' {print $} ' | Sort | uniq-c | Sort-nr | More

Summary, old Siang sorted to 6 commonly used netstat commands, later if there are encounters again the reorganization adds in.