二.参数含义介绍:
1.常用的:
-a (all) 显示所有内容
-t? (tcp) 仅显示tcp相关内容
-u (udp) 仅显示udp相关内容
-n (numeric) 直接显示ip地址以及端口,不解析
-l? (listen) 仅列出 Listen (监听) 的服务
-p (pid) 显示出socket所属的进程PID 以及进程名字
2.不常用的:
-r 显示路由信息,路由表
-e 显示扩展信息,例如uid等
-s 按各个协议进行统计
-c 每隔一个固定时间,执行该netstat命令。
注:
不使用n的情况
1.IP解析:27.0.0.1->localhost, 0.0.0.0->*
2.端口解析:80->www,22->ssh,13->daytime
提示:
LISTEN和LISTENING的状态只有用-a或者-l才能看到
三.语句说明:
1.列出所有端口
???
netstat -a
[leon@leon-PC]# netstat -a|more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:webcache *:* LISTEN
tcp 0 0 *:http *:* LISTEN
tcp 0 0 192.168.122.1:domain *:* LISTEN
tcp 0 0 localhost.localdomain:d-s-n *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost.loc:simplifymedia *:* LISTEN
2.列出所有tcp端口
???
netstat -at|more
[leon@leon-PC]# netstat -at|more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:webcache *:* LISTEN
tcp 0 0 *:http *:* LISTEN
tcp 0 0 192.168.122.1:domain *:* LISTEN
tcp 0 0 localhost.localdomain:d-s-n *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost.loc:simplifymedia *:* LISTEN
3.列出所有udp端口
???
netstat -au
[leon@leon-PC]# netstat -au|more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 *:ideafarm-panic *:*
udp 0 0 *:47005 *:*
udp 0 0 localhost.loca:memcache *:*
udp 0 0 *:55276 *:*
udp 0 0 192.168.122.1:domain *:*
udp 0 0 *:bootps *:*
udp 0 0 *:bootpc *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:ipp *:*
udp 0 0 *:44236 *:*
udp 0 0 *:722 *:*
?
4.只显示监听端口
???
netstat -l
[leon@leon-PC]# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:webcache *:* LISTEN
tcp 0 0 *:http *:* LISTEN
tcp 0 0 192.168.122.1:domain *:* LISTEN
tcp 0 0 localhost.localdomain:d-s-n *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost.loc:simplifymedia *:* LISTEN
tcp 0 0 localhost.localdomain:ipp *:* LISTEN
tcp 0 0 *:44343 *:* LISTEN
tcp 0 0 localhost.localdomain:smtp *:* LISTEN
5.只显示监听的tcp端口
???
netstat -lt
[leon@leon-PC]#
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:webcache *:* LISTEN
tcp 0 0 *:http *:* LISTEN
tcp 0 0 192.168.122.1:domain *:* LISTEN
tcp 0 0 localhost.localdomain:d-s-n *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost.loc:simplifymedia *:* LISTEN
tcp 0 0 localhost.localdomain:ipp *:* LISTEN
tcp 0 0 *:44343 *:* LISTEN
tcp 0 0 localhost.localdomain:smtp *:* LISTEN
?
6.只显示所有监听udp端口
???
netstat -lu
[leon@leon-PC]# netstat -lu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 *:ideafarm-panic *:*
udp 0 0 *:47005 *:*
udp 0 0 *:47551 *:*
udp 0 0 localhost.loca:memcache *:*
udp 0 0 *:55276 *:*
udp 0 0 192.168.122.1:domain *:*
udp 0 0 *:bootps *:*
udp 0 0 *:bootpc *:*
udp 0 0 *:sunrpc *:*
7.只列出所有监听unix端口
???
netstat -lx
[leon@leon-PC]# netstat -lx
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 21941 /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 34096 /tmp/orbit-haozheng/linc-cd2-0-5b33fa1ecf0c9
unix 2 [ ACC ] STREAM LISTENING 22263 @/tmp/gdm-greeter-cBlQsyRF
unix 2 [ ACC ] STREAM LISTENING 32728 /tmp/.ICE-unix/3103
unix 2 [ ACC ] STREAM LISTENING 36866 @/tmp/dbus-AcJrBlWF
unix 2 [ ACC ] STREAM LISTENING 20454 /tmp/mysql.sock
8.显示所有端口的统计信息
???
netstat -s
[leon@leon-PC]# netstat -s
Ip:
1943780 total packets received
2 forwarded
0 incoming packets discarded
1769532 incoming packets delivered
1121573 requests sent out
132 outgoing packets dropped
45867 dropped because of missing route
Tcp:
64002 active connections openings
7632 passive connection openings
2309 failed connection attempts
498 connection resets received
8 connections established
1018564 segments received
1022700 segments send out
16835 segments retransmited
2 bad segments received.
552 resets sent
Udp:
133420 packets received
7845 packets to unknown port received.
0 packet receive errors
74841 packets sent
0 receive buffer errors
0 send buffer errors
?
9.显示所有tcp(netstat -st)或udp(netstat -su)的统计信息
???
netstat -su
[leon@leon-PC]# netstat -su
IcmpMsg:
InType0: 11
InType3: 13506
OutType3: 13679
OutType8: 11
Udp:
133462 packets received
7869 packets to unknown port received.
0 packet receive errors
74888 packets sent
0 receive buffer errors
0 send buffer errors
UdpLite:
IpExt:
InNoRoutes: 991
InMcastPkts: 24308
OutMcastPkts: 2353
InBcastPkts: 630615
OutBcastPkts: 1546
InOctets: 755319900
OutOctets: 296705252
InMcastOctets: 2908748
OutMcastOctets: 93173
InBcastOctets: 99500419
OutBcastOctets: 299980
?
10.显示pid/进程名称 netstat -p?? (-p可以与其他参数一起使用。比如显示tcp的进程id信息)
???
netstat -pt
[leon@leon-PC]# netstat -pt
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.0.52:44784 123.150.49.20:http FIN_WAIT2 4207/VirtualBox
tcp 0 0 192.168.0.52:46715 ie-in-f125.1e100.net:https ESTABLISHED 4207/VirtualBox
tcp 0 0 192.168.0.52:43415 geotrust-ocsp-mtv.veri:http FIN_WAIT2 4207/VirtualBox
?
11.在 netstat 输出中不显示主机,端口和用户名 (host, port or user)当你不想让主机,端口和用户名显示,使用 netstat -n。将会使用数字代替那些名称。同样可以加速输出,因为不用进行比对查询。netstat -ntpl? 显示tcp的监听端口 不显示主机端口用户名 用数字代替
???
netstat -ptnl
[leon@leon-PC]# netstat -ptnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 971/rpcbind
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1526/nginx: master
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1526/nginx: master
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1248/dnsmasq
tcp 0 0 127.0.0.1:8086 0.0.0.0:* LISTEN 1553/python
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1163/sshd
tcp 0 0 127.0.0.1:8087 0.0.0.0:* LISTEN 1553/python
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1140/cupsd
tcp 0 0 0.0.0.0:44343 0.0.0.0:* LISTEN 1151/rpc.statd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 18573/sendmail: acc
tcp 0 0 127.0.0.1:3002 0.0.0.0:* LISTEN 1004/ruby
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 1526/nginx: master
12.一秒钟输出一次tcp监听端口信息
???
netstat -ntplc
[leon@leon-PC]# netstat -ntplc
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 971/rpcbind
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1526/nginx: master
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1526/nginx: master
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1248/dnsmasq
tcp 0 0 127.0.0.1:8086 0.0.0.0:* LISTEN 1553/python
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1163/sshd
?
13.显示路由信息
???
netstat -r
[leon@leon-PC]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default vrouter 0.0.0.0 UG 0 0 0 eth0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
192.168.122.0 * 255.255.255.0 U 0 0 0 virb
?
14.显示网络接口列表
?? ?
netstat -i
[leon@leon-PC]# netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 4943885 0 0 0 901773 0 0 0 BMRU
lo 16436 0 236931 0 0 0 236931 0 0 0 LRU
virbr0 1500 0 0 0 0 0 0 0 0 0 BMU
?
四.常用实例:
1.查看8080端口
??? netstat -ap|grep 8080
[leon@leon-PC]# netstat -ap|grep 8080
tcp6 0 0 :::8080 :::* LISTEN
tcp6 0 0 192.168.1.189:8080 192.168.1.145:54189 TIME_WAIT
tcp6 0 0 192.168.1.189:8080 192.168.1.145:54194 TIME_WAIT
tcp6 0 0 192.168.1.189:8080 192.168.1.145:54171 TIME_WAIT
tcp6 0 0 192.168.1.189:8080 192.168.1.145:54162 TIME_WAIT
tcp6 0 0 192.168.1.189:8080 192.168.1.145:54186 TIME_WAIT
tcp6 0 0 192.168.1.189:8080 192.168.1.145:54192 TIME_WAIT
tcp6 0 0 192.168.1.189:8080 192.168.1.145:54177 TIME_WAIT
tcp6 0 0 192.168.1.189:8080 192.168.1.145:54195 TIME_WAIT
tcp6 0 0 192.168.1.189:8080 192.168.1.145:54175 TIME_WAIT
tcp6 0 0 192.168.1.189:8080 192.168.1.145:54183 TIME_WAIT
?
2.如果PC有多个网卡,查看绑定了外网网卡IP的进程。