netstat是一个监控TCP/IP网络的非常有用的工具,它可以显示路由表、实际的网络连接以及每一个网络接口设备的状态信息。 netstat用于显示与IP、TCP、UDP和ICMP协议相关的统计数据,一般用于检验本机各端口的网络连接情况。
-r # 显示路由表(跟route类似)
-n # 不解析域名
-a # 显示所有连接的状态
-t # 仅列出TCP数据包的连接
-u # 仅列出UDP数据包的连接
-l # 列出已在监听的服务的网络状态
-p # 列出pid与program的文件名
-c # 设置几秒钟更新一次
#以下不常用
-I # 显示iFace接口表
-i # 显示接口表
-g # 显示多播组成员
-s # 显示网络统计数据(如SNMP)
-M # 显示伪装连接
-v # 显示详细verbose
-W # 不要截断IP地址
-N # 解析硬件名称
-e # 显示其他/更多信息
-o # 显示计时器
(1) netstat -rn 列出当前路由表状态和route -n一样
[@tc_62_179 ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.153.63.250 0.0.0.0 UG 0 0 0 eth1
10.0.0.0 10.143.63.254 255.0.0.0 UG 0 0 0 eth0
10.13.0.0 10.153.63.254 255.255.0.0 UG 0 0 0 eth1
10.14.0.0 10.153.63.254 255.255.0.0 UG 0 0 0 eth1
10.143.56.0 0.0.0.0 255.255.248.0 U 0 0 0 eth0
10.144.0.0 10.153.63.254 255.240.0.0 UG 0 0 0 eth1
10.153.56.0 0.0.0.0 255.255.248.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
192.168.0.0 10.143.63.254 255.255.0.0 UG 0 0 0 eth0
[@tc_62_179 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.153.63.250 0.0.0.0 UG 0 0 0 eth1
10.0.0.0 10.143.63.254 255.0.0.0 UG 0 0 0 eth0
10.13.0.0 10.153.63.254 255.255.0.0 UG 0 0 0 eth1
10.14.0.0 10.153.63.254 255.255.0.0 UG 0 0 0 eth1
10.143.56.0 0.0.0.0 255.255.248.0 U 0 0 0 eth0
10.144.0.0 10.153.63.254 255.240.0.0 UG 0 0 0 eth1
10.153.56.0 0.0.0.0 255.255.248.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1
192.168.0.0 10.143.63.254 255.255.0.0 UG 0 0 0 eth0
(2)netstat -an 列出当前所有连接的状态,使用ip和port number
[@tc_62_179 ~]# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 10.143.62.179:873 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 10.153.62.179:60458 10.153.17.83:80 TIME_WAIT
tcp 0 0 10.153.62.179:60455 10.153.17.83:80 TIME_WAIT
tcp 0 0 10.153.62.179:60454 10.153.17.83:80 TIME_WAIT
tcp 0 0 10.153.62.179:38905 10.153.10.111:80 TIME_WAIT
tcp 0 0 10.153.62.179:60456 10.153.17.83:80 TIME_WAIT
tcp 1 0 10.153.62.179:60633 10.153.51.59:10020 CLOSE_WAIT
tcp 0 0 10.153.62.179:60459 10.153.17.83:80 TIME_WAIT
tcp 0 0 10.153.62.179:38906 10.153.10.111:80 TIME_WAIT
tcp 0 0 10.153.62.179:22 10.149.239.20:58823 ESTABLISHED
tcp 0 0 10.153.62.179:38914 10.153.10.111:80 TIME_WAIT
tcp 0 0 10.153.62.179:38913 10.153.10.111:80 TIME_WAIT
tcp 0 0 10.153.62.179:60457 10.153.17.83:80 TIME_WAIT
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
udp 0 0 10.153.62.179:55802 193.228.143.22:123 ESTABLISHED
udp 0 0 10.153.62.179:53007 5.79.108.34:123 ESTABLISHED
udp 0 0 127.0.0.1:323 0.0.0.0:*
udp 0 0 10.153.62.179:62644 212.47.249.141:123 ESTABLISHED
udp6 0 0 ::1:323 :::*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 334871 /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 10274 /run/lvm/lvmetad.socket
unix 2 [ ACC ] SEQPACKET LISTENING 10277 /run/udev/control
unix 2 [ ] DGRAM 10279 /run/systemd/shutdownd
unix 2 [ ACC ] STREAM LISTENING 10320 /run/lvm/lvmpolld.socket
unix 2 [ ] DGRAM 7516 /run/systemd/notify
netstat的输出主要有两个部分:
Active Internet connections:称为有源TCP/IP连接,其中"Recv-Q"和"Send-Q"指的是接收队列和发送队列。这些数字一般都应该是0。如果不是则表示软件包正在队列中堆积。这种情况只能在非常少的情况见到。
Active UNIX domain sockets:称为有源Unix域套接口(和网络套接字一样,但是只能用于本机通信,性能可以提高一倍)。
每一列的意思:
Proto :该连接的数据包协议,主要为TCP/UDP数据包
Recv-Q :由非用户程序连接所复制而来的总字节数
Send-Q :由远程主机发送过来,但不具有ACK标志的总字节数,也指主动连接SYN或其他标志的数据包所占的字节数;
Local Address :本地端的地址和端口
Foreign Address :远程主机的地址和端口
State:状态栏。主要有以下状态:
ESTABLISHED 已建立连接的状态
SYN_SENT 发出主动连接(SYN)的数据包
SYN_RECV 接收到一个要求连接的主动连接数据包
FIN_WAIT1 该套接字服务已中断,该连接正在断线中
FIN_WAIT2 该连接已挂断,正在等待对方主机响应断线确认的数据包
TIME_WAIT 连接已挂断,但socket还在网络上等待结束
CLOSE_WAIT 等待从本地用户发来的连接中断请求
LISTEN 侦听来自远方的TCP端口的连接请求
(3)列出目前已经启动的网络服务netstat -tulnp
[@tc_62_179 ~]# netstat -tulnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 10.143.62.179:873 0.0.0.0:* LISTEN 24245/rsync
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 920/sshd
tcp6 0 0 :::22 :::* LISTEN 920/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1452/master
udp 0 0 127.0.0.1:323 0.0.0.0:* 488/chronyd
udp6 0 0 ::1:323 :::* 488/chronyd
最重要的是l参数,可列出仅在监听的port.
(4)查看本机上所有网络连接状态netstat -atunp
[@tc_62_179 ~]# netstat -atunp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 10.143.62.179:873 0.0.0.0:* LISTEN 24245/rsync
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 920/sshd
tcp 0 0 10.153.62.179:39282 10.153.10.111:80 TIME_WAIT -
tcp 0 0 10.153.62.179:39287 10.153.10.111:80 TIME_WAIT -
tcp 0 0 10.153.62.179:50657 10.149.227.21:80 TIME_WAIT -
tcp 0 0 10.153.62.179:60835 10.153.17.83:80 TIME_WAIT -
tcp 0 0 10.153.62.179:39289 10.153.10.111:80 TIME_WAIT -
tcp 1 0 10.153.62.179:60633 10.153.51.59:10020 CLOSE_WAIT 6747/sshd: root@pts
tcp 0 0 10.153.62.179:39284 10.153.10.111:80 TIME_WAIT -
tcp 0 0 10.153.62.179:39286 10.153.10.111:80 TIME_WAIT -
tcp 0 0 10.153.62.179:39280 10.153.10.111:80 TIME_WAIT -
tcp 0 0 10.153.62.179:60838 10.153.17.83:80 TIME_WAIT -
tcp 0 0 10.153.62.179:22 10.149.239.20:58823 ESTABLISHED 6747/sshd: root@pts
tcp 0 0 10.153.62.179:39283 10.153.10.111:80 TIME_WAIT -
tcp 0 0 10.153.62.179:60828 10.153.17.83:80 TIME_WAIT -
tcp 0 0 10.153.62.179:39285 10.153.10.111:80 TIME_WAIT -
tcp 0 0 10.153.62.179:39290 10.153.10.111:80 TIME_WAIT -
tcp6 0 0 :::22 :::* LISTEN 920/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1452/master
udp 0 0 10.153.62.179:59223 5.79.108.34:123 ESTABLISHED 488/chronyd
udp 0 0 10.153.62.179:40293 108.59.2.24:123 ESTABLISHED 488/chronyd
udp 0 0 10.153.62.179:44995 193.228.143.22:123 ESTABLISHED 488/chronyd
udp 0 0 127.0.0.1:323 0.0.0.0:* 488/chronyd
udp6 0 0 ::1:323 :::* 488/chronyd
kill加粗那条连接直接kill -9 6747即可。