As a whole, the output of Netstat can be divided into two parts:
One is the active Internet connections, known as the active TCP connection, where "recv-q" and "Send-q" refer to%0a receive queues and send queues. These numbers should generally be 0. If not, it means that the package is piling up in the queue. This situation can only be seen in very few situations.
The other is active UNIX domain sockets, known as the active UNIX domains socket (like
loginPS aux: List all currently in-memory processesNetstatUsed to display various network related information, such as network connection, routing table, interface status, multicast members, etc.Netstat output:
Proto
Recv-q
Send-q
Local Address
Foreign Address
State
Protocol, TCP, UDP, UNIX, etc.
Receive Queue
Send Queue
Native Address
Remote Address
State
-A: Show all options-T: Show only TCP options-U:
Linux is convenient, grep and then the WC will be fine. Windows has never been seen. The method for finding the count of links on Windows today.For example, to see the total number of current TCP links:NETSTAT-ANT|FIND/C/I "TCP"78If you want to see the number of 10.10.0.1 network links:NETSTAT-ANT|FIND/C/I "10.10.0.1"47What if you want to see all of the links? To use a magical string:netstat-ant|find/v/c/i "Matro"123"Matro" is your custom, as long as the string is not included in all links can b
Http://chembo.iteye.com/blog/1503770http://www.2cto.com/os/201007/54067.htmlhttp://blog.csdn.net/dacong/article/details/50485585The active closing party will enter the middle state of a time_wait. What you see through Netstat is as follows:TCP 0 0 10.19.67.11:40184 10.19.67.11:7012 time_waitTCP 0 0 10.19.67.11:39167 10.19.67.11:7012 time_waitis 40184 port active shutdown, in Time_wait state.Check the value of time wait:1 grep Time grep wait 2 - 3 -
Netstat-naDisplays all active Internet connections to the server, including only established connections.Netstat-an|grep:80|sortView 80 Port ConnectionsNetstat-n-p|grep Syn_rec |wc-lSee how much activity sync_rec on the server, this number should be quite low, preferably less than 5 points.Netstat-n-p|grep Syn_rec |sortList all IP addresses involved, instead of counting onlyNetstat-n-P |grep Syn_rec|awk ' {print $ {} ' |awk-f: ' {print '} 'Displays th
This is explained by the TCP three-time handshake#netstat-an|awk '/^tcp/{++s[$NF]} end{for (A in s) print A,s[a]} 'Established is the working state after the successful completion of the TCP three handshake, which can be understood as having successfully accessed theListen is expressed in the listening, no customer connection comes inSYN_RECV is the status after receiving a SYN after sending an ACK Fin_wait1 is the first time a fin is sent, waiting fo
Kill -9 is mandatory-15 is normal after executionThe data in the process is written to the/proc/* directory.ProcessPs-l Aux-la ZXJF (Process tree)JobCommand Add back to BackgroundVI Mode CTRL + Z is placed in the background and paused (stopped)FG%number to the front deskBG%number in the background and runningNetwork Informationnetstat -TULP-LNPDaemons/etc/init.d/* where to place the startup scriptIt looks like there's a super daemon in the/etc/xinetd.conf on CentOS.Ps-a,job,
the destination IP address, Ask the other party to return a packet of the same size to determine whether two network machines are connected, how much delay. Ping refers to end-to-end connectivity, which is often used as a check for usability, but some virus Trojans force a large number of remote ping commands to preempt your network resources, causing the system to slow down and slow down. Ping intrusion is strictly forbidden as a basic function of most firewalls to provide users with a choice.
Available under Windows, LinuxThe Netstat-ano command allows you to view the current usage of all ports on this computer. and arranged by the port number from small to large. If your native 3000 port has been called, it will also be listed, if not the proof is not used.Netstat-ano contains the PID number, through the task manager against the PID number, you can see which program called 3000 port.If you want to be more aware of how to check port usage
Use NetStat-r to query and analyze the route table to view the current system route table. The information provided in this table is: 1, and the LAN is 192. 168. 203 IP segment, your IP address is 128, and the gateway is set to 2. If the network you access is any network (0.0.0.0), you will exit from the gateway 192.168.203.2. 2. The internal Cyclic Network is the network segment specified as 127.0.0.0, and your internal address is 127.0.0.1. If you p
packets to die CLOSING: Both sides simultaneously try to close time_ Wait: The other side has initialized a release last_ack: Wait for all packets to dieUsing this command, you can view the server's connection status, where established is the number of concurrent connection status displays. If you don't want to see so many connected states, and just want to see the number of concurrent connections, you can simplify the command, namely:Netstat-nat|grep established|wc-l1164The number returned is
cmd--return, enter netstat-ano--return, you can view the occupied port, note the PID of the port, and then open Task Manager, point to view, select columns, check the PID to determine, find the corresponding PID, end the process, if it does not end or does not work after the end, Just use the NTSD command.Tomcat Port Occupancy workaroundIf the front-end port is not occupied and is later occupied, you can go to the D:\tomcat-5.5.26\bin to execute shutd
: Process occupancy's address space. 2) perms: Permission set r=readw=writex=executes=sharedp=private (copyonwrite) 3) Offset: file offset. 4) Dev: for Device (Major:minor) 5) Inode: Inode on device. 0 is an inter-memory area that has no inode associated, typically: BSS (uninitializeddata) 7, exe links to the basic state of the execution command file 8, status (STATNBSP;STATM) process of the processThis article is from the "7928217" blog, please be sure to keep this source http://7938217.blog.5
, you can know all the information.7. ARP (Address Resolution Protocol)View the appropriate MAC address for the IP address.How to use: Arp-a IP Displays the current ARP cache table for all interfaces.Arp attack is to realize ARP spoofing by fake IP address and MAC address, can generate a large amount of ARP traffic in the network to block the network, the attacker can change the IP-MAC entry in the target host ARP cache as long as the persistent ARP response packet is issued, causing network int
Ping 127.0.0.1 is your local loopback address! In fact, as long as it is 127.0.0.1 to 127.20.255, It is the loop address! All of them can be pinged! It can be pinged, indicating that your TCP/IP protocol stack is okay! If there is a problem, you have to check the TCP/IP protocol stack or reinstall it! Your local IP address is used to check your network card. Check if your network card is working normally! (If you try to disable the NIC, you can find ping127.0.0.1, but ipconfig has no IP display,
Command name: PingFunction: Test network connectivityCommand path:/bin/pingUsage: ping [-c] IP addressParameters:-C specify number of times to sendCommand name: ifconfigFunction: View and set network card information (temporary settings)Command path:/sbin/ifconfigUsage: ifconfig [NIC name] [IP Address]Example:Ifconfig eth0 192.168.1.1Command name: tracerouteFunction: Displays the path between the packet and the target host and the time consumed by each nodeCommand path:/bin/tracerouteUsage: trac
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.