Chinaunix首页 | 论坛 | 博客

Hiro的IT实验室hiro.blog.chinaunix.net

首页 |  博文目录 |  关于我

hironics

  • 博客访问: 254825
  • 博文数量: 54
  • 博客积分: 1761
  • 博客等级: 上尉
  • 技术积分: 585
  • 用 户 组: 普通用户
  • 注册时间: 2010-11-17 23:30
文章分类

全部博文(54)

文章存档

2013年(4)

2012年(7)

2011年(15)

2010年(28)

我的朋友
最近访客
推荐博文
相关博文
netstat之我见

分类: LINUX

2010-12-29 22:23:43



Netstat用于显示与IP、TCP、UDP和ICMP协议相关的统计数据,一般用于检验本机各端口的网络连接情况。
基本上来说,netstat 的输出可以分成两个部分。一个是Active Internet connections,称为有源TCP连接,另一个是Active UNIX domain sockets,称为有源Unix域套接口。
例如:
  1. Active Internet connections (w/o servers)
  2. Proto Recv-Q Send-Q Local Address Foreign Address State
  3. tcp 0 2 210.34.6.89:telnet 210.34.6.96:2873 ESTABLISHED
  4. tcp 296 0 210.34.6.89:1165 210.34.6.84:netbios-ssn ESTABLISHED
  5. tcp 0 0 localhost.localdom:9001 localhost.localdom:1162 ESTABLISHED
  6. tcp 0 0 localhost.localdom:1162 localhost.localdom:9001 ESTABLISHED
  7. tcp 0 80 210.34.6.89:1161 210.34.6.10:netbios-ssn CLOSE
  8. Active UNIX domain sockets (w/o servers)
  9. Proto RefCnt Flags Type State I-Node Path
  10. unix 1 [ ] STREAM CONNECTED 16178 @000000dd
  11. unix 1 [ ] STREAM CONNECTED 16176 @000000dc
  12. unix 9 [ ] DGRAM 5292 /dev/log
  13. unix 1 [ ] STREAM CONNECTED 16182 @000000df



我经常使用的命令参数有:

-n 拒绝显示别名,能显示数字的全部转化成数字。例如它会将机器别名,端口别名和用户名别名都转化成相应的ID来表示。
  1. hironics@ubuntu:~$ netstat -tn | head
  2. Active Internet connections (w/o servers)
  3. Proto Recv-Q Send-Q Local Address Foreign Address State
  4. tcp 0 0 192.168.1.15:46641 192.168.2.5:389 ESTABLISHED
  5. tcp 0 0 127.0.0.1:6001 127.0.0.1:56555 ESTABLISHED
  6. tcp 0 0 127.0.0.1:56557 127.0.0.1:6001 ESTABLISHED
  7. tcp 0 0 192.168.1.15:47340 192.168.2.5:389 TIME_WAIT
  8. tcp 0 0 192.168.1.15:22 58.196.148.35:3325 ESTABLISHED
  9. tcp 0 0 192.168.1.15:47301 192.168.2.5:389 TIME_WAIT
  10. tcp 0 0 192.168.1.15:45425 192.168.2.5:389 ESTABLISHED


如果不想讲所有选项都转化成数据,那么下面几个稍微长一点的参数可以只数字化某部分。
--numeric-ports 将端口数字化
--numeric-hosts 将主机数字化


-a 显示所有,即显示tcp网络连接和socket
-t 显示tcp
-u  udp display
  1. hironics@ubuntu:~$ netstat -tu | head
  2. Active Internet connections (w/o servers)
  3. Proto Recv-Q Send-Q Local Address Foreign Address State
  4. tcp 0 0 ubuntu:48507 192.168.2.5:ldap TIME_WAIT
  5. tcp 0 0 ubuntu:46641 192.168.2.5:ldap ESTABLISHED
  6. tcp 0 0 localhost:x11-1 localhost:56555 ESTABLISHED
  7. tcp 0 0 localhost:56557 localhost:x11-1 ESTABLISHED
  8. tcp 0 0 ubuntu:48499 192.168.2.5:ldap TIME_WAIT
  9. tcp 0 0 ubuntu:48510 192.168.2.5:ldap TIME_WAIT
  10. tcp 0 0 ubuntu:ssh 58.196.148.35:3325 ESTABLISHED
  11. tcp 0 0 ubuntu:48514 192.168.2.5:ldap TIME_WAIT


-r 显示路由信息,路由表
hironics@ubuntu:~$ netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
localnet        *               255.255.255.0   U         0 0          0 eth0
default         192.168.1.1     0.0.0.0         UG        0 0          0 eth0

-p 显示建立相关链接的程序名
hironics@ubuntu:~$ netstat -tp | head
(No info could be read for "-p": geteuid()=45069 but you should be root.)
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 ubuntu:46641            192.168.2.5:ldap        ESTABLISHED -
tcp        0      0 localhost:x11-1         localhost:56555         ESTABLISHED -
tcp        0      0 localhost:56557         localhost:x11-1         ESTABLISHED -
tcp        0      0 ubuntu:59993            192.168.2.5:ldap        TIME_WAIT   -
tcp        0      0 ubuntu:ssh              58.196.148.35:3325      ESTABLISHED -
tcp        0      0 ubuntu:ssh              220.181.6.65:1447       ESTABLISHED -
(因为安全原因,这里的程序没有显示出来)

-e 显示扩展信息,例如uid等

-i 显示物理接口信息,如发送/接受的包,物理卡状态等
  1. hironics@ubuntu:~$ netstat -i
  2. Kernel Interface table
  3. Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
  4. eth0 1500 0 6732915 0 0 0 6926534 0 0 0 BMRU
  5. lo 16436 0 1247260 0 0 0 1247260 0 0 0 LRU


-s 按各个协议进行统计
  1. hironics@ubuntu:~$ netstat -s
  2. Ip:
  3. 7974976 total packets received
  4. 761 with invalid addresses
  5. 0 forwarded
  6. 0 incoming packets discarded
  7. 7974215 incoming packets delivered
  8. 7161960 requests sent out
  9. Icmp:
  10. 757 ICMP messages received
  11. 1 input ICMP message failed.
  12. ICMP input histogram:
  13. destination unreachable: 164
  14. timeout in transit: 3
  15. echo requests: 475
  16. echo replies: 115
  17. 603 ICMP messages sent
  18. 0 ICMP messages failed
  19. ICMP output histogram:
  20. destination unreachable: 8
  21. echo request: 120
  22. echo replies: 475
  23. IcmpMsg:
  24. InType0: 115
  25. InType3: 164
  26. InType8: 475
  27. InType11: 3
  28. OutType0: 475
  29. OutType3: 8
  30. OutType8: 120
  31. Tcp:
  32. 109826 active connections openings
  33. 1959 passive connection openings
  34. 3021 failed connection attempts
  35. 613 connection resets received
  36. 72 connections established
  37. 7922629 segments received
  38. 7084857 segments send out
  39. 25548 segments retransmited
  40. 6 bad segments received.
  41. 3420 resets sent
  42. Udp:
  43. 49868 packets received
  44. 6 packets to unknown port received.
  45. 0 packet receive errors
  46. 50952 packets sent
  47. UdpLite:
  48. TcpExt:
  49. 1 resets received for embryonic SYN_RECV sockets
  50. 323 packets pruned from receive queue because of socket buffer overrun
  51. 2 ICMP packets dropped because they were out-of-window
  52. 71996 TCP sockets finished time wait in fast timer
  53. 461 time wait sockets recycled by time stamp
  54. 35 packets rejects in established connections because of timestamp
  55. 128426 delayed acks sent
  56. 25 delayed acks further delayed because of locked socket
  57. Quick ack mode was activated 4120 times
  58. 93843 packets directly queued to recvmsg prequeue.
  59. 115613 bytes directly in process context from backlog
  60. 77310727 bytes directly received in process context from prequeue
  61. 5051273 packet headers predicted
  62. 52995 packets header predicted and directly queued to user
  63. 458740 acknowledgments not containing data payload received
  64. 2753655 predicted acknowledgments
  65. 181 times recovered from packet loss due to fast retransmit
  66. 6922 times recovered from packet loss by selective acknowledgements
  67. Detected reordering 2 times using FACK
  68. Detected reordering 1 times using SACK
  69. Detected reordering 2 times using time stamp
  70. 3 congestion windows fully recovered without slow start
  71. 3 congestion windows partially recovered using Hoe heuristic
  72. 32 congestion windows recovered without slow start by DSACK
  73. 1461 congestion windows recovered without slow start after partial ack
  74. 5442 TCP data loss events
  75. 158 timeouts after reno fast retransmit
  76. 1181 timeouts after SACK recovery
  77. 324 timeouts in loss state
  78. 11087 fast retransmits
  79. 3044 forward retransmits
  80. 529 retransmits in slow start
  81. 5275 other TCP timeouts
  82. 102 classic Reno fast retransmits failed
  83. 280 SACK retransmits failed
  84. 1 times receiver scheduled too late for direct processing
  85. 11103 packets collapsed in receive queue due to low socket buffer
  86. 5309 DSACKs sent for old packets
  87. 415 DSACKs sent for out of order packets
  88. 707 DSACKs received
  89. 108 connections reset due to unexpected data
  90. 361 connections reset due to early user close
  91. 985 connections aborted due to timeout
  92. TCPDSACKIgnoredOld: 445
  93. TCPDSACKIgnoredNoUndo: 150
  94. TCPSpuriousRTOs: 36



-c 持续的执行这个命令
每隔一个固定时间,执行该netstat命令。
阅读(6889) | 评论(0) | 转发(0) |
0

上一篇:kdb/q学习笔记 - 原子类型

下一篇:lsof之我见

给主人留下些什么吧!~~
关于我们 | 关于IT168 | 联系方式 | 广告合作 | 法律声明 | 免费注册

Copyright 2001-2010 ChinaUnix.net All Rights Reserved 北京皓辰网域网络信息技术有限公司. 版权所有

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6