netstat 是Linux系統管理常用的一個命令,尤其是在進行網絡相關問題排查的時候更是堪稱‘瑞士***’。本人一直以來也只是對常用的幾個選項如(a 、n、 p、 t、 u)等幾個選項較爲熟悉,但是對於netstat顯示出來的連接的 狀態信息,如下圖
多數還了解的不夠透徹,今天有時間,特此照着man文檔加深一下理解。
netstat - Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships
SYNOPSIS(概要)
netstat [address_family_options(地址族選項)] [--tcp|-t] [--udp|-u] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--sym-bolic|-N] [--extend|-e[--extend|-e]] [--timers|-o] [--program|-p] [--verbose|-v] [--continuous|-c] [delay]
netstat {--route|-r} [address_family_options] [--extend|-e[--extend|-e]] [--verbose|-v] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continu-ous|-c] [delay]
netstat {--interfaces|-I|-i} [iface] [--all|-a] [--extend|-e] [--verbose|-v] [--program|-p] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continu-ous|-c] [delay]
netstat {--groups|-g} [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay]
netstat {--masquerade|-M} [--extend|-e] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay]
netstat {--statistics|-s} [--tcp|-t] [--udp|-u] [--raw|-w] [delay]
netstat {--version|-V}
netstat {--help|-h}
address_family_options:
[--protocol={inet,unix,ipx,ax25,netrom,ddp}[,...]] [--unix|-x] [--inet|--ip] [--ax25] [--ipx] [--netrom] [--ddp]
NOTE
This program is obsolete. Replacement for netstat is ss. Replacement for netstat -r is ip route. Replacement for netstat -i is ip -s link. Replacement for netstat -g
is ip maddr.
注:這個程序已經是是老舊的/廢棄的了(但是依然很常用)。新版本的系統以ss命令來替代netstat,以ip route來替代netstat -r,以ip maddr來替代netstat -g。
DESCRIPTION(摘要)
Netstat prints information about the Linux networking subsystem. The type of information printed is controlled by the first argument, as follows:
netstat 打印Linux網絡子系統的信息,輸出的信息樣式由第一個參數來控制,如下:
(none)
By default, netstat displays a list of open sockets. If you don’t specify any address families, then the active sockets of all configured address families will be
printed.
(無參數)默認的,netstat顯示所有系統套接字的列表。如果你不指定任何的地址族,所有的被配置的地址族的活動套接字將會被顯示。
--route , -r
Display the kernel routing tables.
顯示內核路由表
--groups , -g
Display multicast group membership information for IPv4 and IPv6.
顯示IPv4和IPv6的多播組成員信息。
--interfaces=iface , -I=iface , -i
Display a table of all network interfaces, or the specified iface.
顯示所有網絡接口的信息表,或者顯示指定的接口
--masquerade , -M
Display a list of masqueraded connections.
顯示僞裝的連接
--statistics , -s
Display summary statistics for each protocol.
按照協議類型顯示各協議的彙總信息
OPTIONS(選項)
--verbose , -v
Tell the user what is going on by being verbose. Especially print some useful information about unconfigured address families.
--numeric , -n Show numerical addresses instead of trying to determine symbolic host, port or user names.
--numeric-hosts
shows numerical host addresses but does not affect the resolution of port or user names.
--numeric-ports
shows numerical port numbers but does not affect the resolution of host or user names.
--numeric-users
shows numerical user IDs but does not affect the resolution of host or port names.
--protocol=family , -A (協議族類型)
Specifies the address families (perhaps better described as low level protocols) for which connections are to be shown. family is a comma (’,’) separated list of address
family keywords like inet, unix, ipx, ax25, netrom, and ddp. This has the same effect as using the --inet, --unix (-x), --ipx, --ax25, --netrom, and --ddp options.
The address family inet includes raw, udp and tcp protocol sockets.
-c, --continuous
This will cause netstat to print the selected information every second continuously(連續不斷的).
-e, --extend
Display additional information. Use this option twice for maximum detail.
顯示更多的信息,用-ee 顯示最多的信息
-o, --timers
Include information related to networking timers.
顯示和網絡計時器相關的信息
-p, --program
Show the PID and name of the program to which each socket belongs.
顯示連接所屬的PID和程序名稱
-l, --listening
Show only listening sockets. (These are omitted by default.)
只顯示監聽的套接字(端口)默認是忽略這個選項的
-a, --all
Show both listening and non-listening (for TCP this means established connections) sockets. With the --interfaces option, show interfaces that are not marked
-F
Print routing information from the FIB. (This is the default.)
-C
Print routing information from the route cache.
-Z --context
If SELinux enabled print SELinux context.
-T --notrim
Stop trimming long addresses.
delay
Netstat will cycle printing through statistics every delay seconds
接下來是重頭戲了,深入理解netstat的輸出,這裏纔是實際能幫助我們、給我們提示的地方。
本文來自:Linux學習網