netstat命令简介
Netstat 是列出系统上所有网络套接字连接的命令行工具,包括 tcp, udp 以及 unix 此外,它还可以列出监控状态(即等待接入请求)的套接字。在Linux在使用过程中,您需要了解当前系统打开了哪些端口,并检查打开这些端口的具体过程和用户netstat简单查询命令。
1. 帮助文档
[root@jiangnan ~]# netstat --help usage: netstat [-vWeenNcCF] [<Af>] -r netstat {
-V|--version|-h|--help} netstat [-vWnNcaeol] [<Socket> ...] netstat {
[-vWeenNac] -I[<Iface>] | [-veenNac] -i | [-cnNe] -M | -s [-6tuw] } [delay] -r, --route display routing table -I, --interfaces=<Iface> display interface table for <Iface> -i, --interfaces display interface table -g, --groups display multicast group memberships -s, --statistics display networking statistics (like SNMP) -M, --masquerade display masqueraded connections -v, --verbose be verbose -W, --wide don't truncate IP addresses -n, --numeric don't resolve names --numeric-hosts don't resolve host names --numeric-ports don't resolve port names --numeric-users don't resolve user names -N, --symbolic resolve hardware names -e, --extend display other/more information -p, --programs display PID/Program name for sockets -o, --timers display timers -c, --continuous continuous listing -l, --listening display listening server sockets -a, --all display all sockets (default: connected) -F, --fib display Forwarding Information Base (default) -C, --cache display routing cache instead of FIB -Z, --context display SELinux security context for sockets <Socket>={-t|--tcp} {-u|--udp} {-U|--udplite} {-S|--sctp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom <AF>=Use '-6|-4' or '-A <af>' or '--<af>'; default: inet List of possible address families (which support routing): inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25) netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP) x25 (CCITT X.25) [root@jiangnan ~]# netstat命令几个常用的参数说明如下:
-t : 指明显示TCP端口 -u : 指明显示UDP端口 -l : 仅显示监听套接字(所谓套接字就是使应用程序能够读写与收发通讯协议(protocol)与资料的程序) -p : 显示进程标识符和程序名称,每一个套接字/端口都属于一个程序。 -n : 不进行DNS轮询(禁用反向域名解析),显示IP(可以加速操作)
2. 示例
netstat -ntlp //查看当前所有tcp端口.
netstat -ntulp |grep 80 //查看所有80端口使用情况.
netstat -an | grep 3306 //查看所有3306端口使用情况.
- 列出所有当前的连接。使用 -a 选项即可。
[root@jiangnan ~]# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:10248 0.0.0.0:* LISTEN
tcp 0 0 localhost:10257 0.0.0.0:* LISTEN
tcp 0 0 localhost:10259 0.0.0.0:* LISTEN
tcp 0 0 localhost:35700 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN
tcp 0 0 iZ2ze746e6572mmbd:40852 100.100.30.26:http ESTABLISHED
...
unix 3 [ ] STREAM CONNECTED 4853258 /run/containerd/containerd.sock
[root@jiangnan ~]#
- 只列出 TCP 协议的连接,使用 -t 选项列出 TCP 协议的连接:
[root@jiangnan ~]# netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:10248 0.0.0.0:* LISTEN
tcp 0 0 localhost:10257 0.0.0.0:* LISTEN
tcp 0 0 localhost:10259 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN
...
tcp6 0 0 [::]:webcache [::]:* LISTEN
tcp6 0 0 localhost:smtp [::]:* LISTEN
tcp6 0 0 localhost:mxi [::]:* LISTEN
[root@jiangnan ~]#
- 只列出 UDP 协议的连接,使用 -u 选项列出 TCP 协议的连接:
[root@jiangnan ~]# netstat -au
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 localhost:323 0.0.0.0:*
udp 0 0 0.0.0.0:bootpc 0.0.0.0:*
udp6 0 0 localhost:323 [::]:*
[root@jiangnan ~]#
- 禁用反向域名解析,加快查询速度
[root@jiangnan ~]# netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:10248 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:10257 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:10259 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:45251 0.0.0.0:* LISTEN
tcp 0 0 172.31.179.120:40852 100.100.30.26:80 ESTABLISHED
tcp 0 1 172.31.179.120:34790 101.200.149.4:6443 SYN_SENT
...
tcp6 0 0 ::1:25 :::* LISTEN
tcp6 0 0 127.0.0.1:8005 :::* LISTEN
[root@jiangnan ~]#
- 只查看处于监听状态的连接,并且不解析域名
[root@jiangnan ~]# netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:10248 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:10257 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:10259 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:45251 0.0.0.0:* LISTEN
tcp6 0 0 :::10250 :::* LISTEN
tcp6 0 0 :::10251 :::* LISTEN
tcp6 0 0 :::10252 :::* LISTEN
tcp6 0 0 :::8080 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
tcp6 0 0 127.0.0.1:8005 :::* LISTEN
[root@jiangnan ~]#
- 查询指定端口或状态的连接
[root@jiangnan ~]# netstat -atnp | grep ESTA
tcp 0 0 172.31.179.120:40852 100.100.30.26:80 ESTABLISHED 28385/AliYunDun
tcp 0 52 172.31.179.120:22 120.244.188.179:12035 ESTABLISHED 25718/sshd: root@pt
[root@jiangnan ~]#
通过管道符并配合grep命令查看。
微信公众号先已开通,搜索 “江小南和他的小伙伴们” 就能找到我哦,各位小伙伴们可以关注一下,文章会进行同步更新,方便查看哦。