netstat----监控、显示网络连接,路由表,接口状态,伪装连接,网络链路信息和组播成员
格式:netstat [选项]
主要功能:
1.监控TCP/IP网络
2.显示路由表、实际的网络连接以及每个网络接口设备的状态信息
3.查询端口
主要参数:
-a:列出所有端口
[root@root ~]# netstat -a Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN tcp 0 52 root:ssh 113.67.73.63:50453 ESTABLISHED tcp 0 0 root:42866 100.100.30.25:http ESTABLISHED udp 0 0 0.0.0.0:bootpc 0.0.0.0:* udp 0 0 root:ntp 0.0.0.0:* udp 0 0 root:ntp 0.0.0.0:* udp 0 0 localhost:ntp 0.0.0.0:* udp 0 0 0.0.0.0:ntp 0.0.0.0:* udp 0 0 0.0.0.0:17859 0.0.0.0:* udp6 0 0 [::]:ntp [::]:* udp6 0 0 [::]:46450 [::]:*
-i:显示所有网络接口列表
[root@root ~]# netstat -i Kernel Interface table Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg docker0 1500 1 0 0 0 0 0 0 0 BMU eth0 1500 182518 0 0 0 118854 0 0 0 BMRU lo 65536 0 0 0 0 0 0 0 0 LRU
-g:显示IPv4和IPv6的igmp多重广播功能群组成员关系信息
[root@root ~]# netstat -g IPv6/IPv4 Group Memberships Interface RefCnt Group --------------- ------ --------------------- lo 1 all-systems.mcast.net eth0 1 all-systems.mcast.net docker0 1 all-systems.mcast.net lo 1 ff02::1 lo 1 ff01::1 eth0 1 ff02::1 eth0 1 ff01::1 docker0 1 ff02::1 docker0 1 ff01::1
-l:显示监控中的服务器的端口
[root@root ~]# netstat -nl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN udp 0 0 0.0.0.0:68 0.0.0.0:* udp 0 0 172.17.0.1:123 0.0.0.0:* udp 0 0 172.18.4.53:123 0.0.0.0:* udp 0 0 127.0.0.1:123 0.0.0.0:* udp 0 0 0.0.0.0:123 0.0.0.0:* udp 0 0 0.0.0.0:17859 0.0.0.0:* udp6 0 0 :::123 :::* udp6 0 0 :::46450 :::*
-M:显示所有伪装的网络连线
-n:直接使用ip地址而不是通过域名服务器
[root@root ~]# netstat -n Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 52 172.18.4.53:22 113.67.73.63:50453 ESTABLISHED tcp 0 0 172.18.4.53:42866 100.100.30.25:80 ESTABLISHED [root@root ~]# netstat Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 52 root:ssh 113.67.73.63:50453 ESTABLISHED tcp 0 0 root:42866 100.100.30.25:http ESTABLISHED
-p:显示PID和进程名称
-r:显示内核路由表
--与route -r对比 [root@root ~]# netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface default gateway 0.0.0.0 UG 0 0 0 eth0 link-local 0.0.0.0 255.255.0.0 U 0 0 0 eth0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 172.18.0.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0 [root@root ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.18.15.253 0.0.0.0 UG 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 172.18.0.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
-s:显示网络工作信息统计表
Ip: 123318 total packets received 0 forwarded Icmp: 381 ICMP messages received 57 input ICMP message failed. ICMP input histogram: destination unreachable: 91 timeout in transit: 2 echo requests: 287 timestamp request: 1 288 ICMP messages sent 0 ICMP messages failed ICMP output histogram: echo replies: 287 timestamp replies: 1 .........
-t:显示tcp传输协议连线情况
[root@root ~]# netstat -t Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 52 root:ssh 113.67.73.63:50453 ESTABLISHED tcp 0 0 root:ssh 113.67.73.63:50395 ESTABLISHED tcp 0 0 root:42866 100.100.30.25:http ESTABLISHED
-u:显示udp传输协议的连线情况
示例:
1.显示所有端口
netstat –a
2.查询某个端口的信息
netstat –anp | grep 22
3.查看服务
netstat –anp | grep ssh