命令参数里面没有p
[aaa@localhost ~]$ netstat -nl | grep -w 8013 | sed -r 's#.* (.*)/.*#\1#'| wc -l 0
命令参数里面,有p,提示必须为root [aaa@localhost ~]$ netstat -nlp | grep -w 8013 | sed -r 's#.* (.*)/.*#\1#'| wc -l (No info could be read for "-p": geteuid()=1005 but you should be root.) 0
2010-12-29 22:23:43Netstat用于显示与IP、TCP、UDP和ICMP协议相关的统计数据,一般用于检验本机各端口的网络连接情况。 基本上来说,netstat 的输出可以分成两个部分。一个是Active Internet connections,称为有源TCP连接,另一个是Active UNIX domain sockets,称为有源Unix域套接口。 例如:
Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 2 210.34.6.89:telnet 210.34.6.96:2873 ESTABLISHED tcp 296 0 210.34.6.89:1165 210.34.6.84:netbios-ssn ESTABLISHED tcp 0 0 localhost.localdom:9001 localhost.localdom:1162 ESTABLISHED tcp 0 0 localhost.localdom:1162 localhost.localdom:9001 ESTABLISHED tcp 0 80 210.34.6.89:1161 210.34.6.10:netbios-ssn CLOSE Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 1 [ ] STREAM CONNECTED 16178 @000000dd unix 1 [ ] STREAM CONNECTED 16176 @000000dc unix 9 [ ] DGRAM 5292 /dev/log unix 1 [ ] STREAM CONNECTED 16182 @000000df我经常使用的命令参数有:-n 拒绝显示别名,能显示数字的全部转化成数字。例如它会将机器别名,端口别名和用户名别名都转化成相应的ID来表示。
hironics@ubuntu:~$ netstat -tn | head Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 192.168.1.15:46641 192.168.2.5:389 ESTABLISHED tcp 0 0 127.0.0.1:6001 127.0.0.1:56555 ESTABLISHED tcp 0 0 127.0.0.1:56557 127.0.0.1:6001 ESTABLISHED tcp 0 0 192.168.1.15:47340 192.168.2.5:389 TIME_WAIT tcp 0 0 192.168.1.15:22 58.196.148.35:3325 ESTABLISHED tcp 0 0 192.168.1.15:47301 192.168.2.5:389 TIME_WAIT tcp 0 0 192.168.1.15:45425 192.168.2.5:389 ESTABLISHED如果不想讲所有选项都转化成数据,那么下面几个稍微长一点的参数可以只数字化某部分。 --numeric-ports 将端口数字化 --numeric-hosts 将主机数字化-a 显示所有,即显示tcp网络连接和socket-t 显示tcp-u udp display
hironics@ubuntu:~$ netstat -tu | head Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 ubuntu:48507 192.168.2.5:ldap TIME_WAIT tcp 0 0 ubuntu:46641 192.168.2.5:ldap ESTABLISHED tcp 0 0 localhost:x11-1 localhost:56555 ESTABLISHED tcp 0 0 localhost:56557 localhost:x11-1 ESTABLISHED tcp 0 0 ubuntu:48499 192.168.2.5:ldap TIME_WAIT tcp 0 0 ubuntu:48510 192.168.2.5:ldap TIME_WAIT tcp 0 0 ubuntu:ssh 58.196.148.35:3325 ESTABLISHED tcp 0 0 ubuntu:48514 192.168.2.5:ldap TIME_WAIT-r 显示路由信息,路由表 hironics@ubuntu:~$ netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface localnet * 255.255.255.0 U 0 0 0 eth0 default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0-p 显示建立相关链接的程序名 hironics@ubuntu:~$ netstat -tp | head (No info could be read for "-p": geteuid()=45069 but you should be root.) Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 ubuntu:46641 192.168.2.5:ldap ESTABLISHED - tcp 0 0 localhost:x11-1 localhost:56555 ESTABLISHED - tcp 0 0 localhost:56557 localhost:x11-1 ESTABLISHED - tcp 0 0 ubuntu:59993 192.168.2.5:ldap TIME_WAIT - tcp 0 0 ubuntu:ssh 58.196.148.35:3325 ESTABLISHED - tcp 0 0 ubuntu:ssh 220.181.6.65:1447 ESTABLISHED - (因为安全原因,这里的程序没有显示出来)-e 显示扩展信息,例如uid等-i 显示物理接口信息,如发送/接受的包,物理卡状态等
hironics@ubuntu:~$ netstat -i Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 6732915 0 0 0 6926534 0 0 0 BMRU lo 16436 0 1247260 0 0 0 1247260 0 0 0 LRU-s 按各个协议进行统计
hironics@ubuntu:~$ netstat -s Ip: 7974976 total packets received 761 with invalid addresses 0 forwarded 0 incoming packets discarded 7974215 incoming packets delivered 7161960 requests sent out Icmp: 757 ICMP messages received 1 input ICMP message failed. ICMP input histogram: destination unreachable: 164 timeout in transit: 3 echo requests: 475 echo replies: 115 603 ICMP messages sent 0 ICMP messages failed ICMP output histogram: destination unreachable: 8 echo request: 120 echo replies: 475 IcmpMsg: InType0: 115 InType3: 164 InType8: 475 InType11: 3 OutType0: 475 OutType3: 8 OutType8: 120 Tcp: 109826 active connections openings 1959 passive connection openings 3021 failed connection attempts 613 connection resets received 72 connections established 7922629 segments received 7084857 segments send out 25548 segments retransmited 6 bad segments received. 3420 resets sent Udp: 49868 packets received 6 packets to unknown port received. 0 packet receive errors 50952 packets sent UdpLite: TcpExt: 1 resets received for embryonic SYN_RECV sockets 323 packets pruned from receive queue because of socket buffer overrun 2 ICMP packets dropped because they were out-of-window 71996 TCP sockets finished time wait in fast timer 461 time wait sockets recycled by time stamp 35 packets rejects in established connections because of timestamp 128426 delayed acks sent 25 delayed acks further delayed because of locked socket Quick ack mode was activated 4120 times 93843 packets directly queued to recvmsg prequeue. 115613 bytes directly in process context from backlog 77310727 bytes directly received in process context from prequeue 5051273 packet headers predicted 52995 packets header predicted and directly queued to user 458740 acknowledgments not containing data payload received 2753655 predicted acknowledgments 181 times recovered from packet loss due to fast retransmit 6922 times recovered from packet loss by selective acknowledgements Detected reordering 2 times using FACK Detected reordering 1 times using SACK Detected reordering 2 times using time stamp 3 congestion windows fully recovered without slow start 3 congestion windows partially recovered using Hoe heuristic 32 congestion windows recovered without slow start by DSACK 1461 congestion windows recovered without slow start after partial ack 5442 TCP data loss events 158 timeouts after reno fast retransmit 1181 timeouts after SACK recovery 324 timeouts in loss state 11087 fast retransmits 3044 forward retransmits 529 retransmits in slow start 5275 other TCP timeouts 102 classic Reno fast retransmits failed 280 SACK retransmits failed 1 times receiver scheduled too late for direct processing 11103 packets collapsed in receive queue due to low socket buffer 5309 DSACKs sent for old packets 415 DSACKs sent for out of order packets 707 DSACKs received 108 connections reset due to unexpected data 361 connections reset due to early user close 985 connections aborted due to timeout TCPDSACKIgnoredOld: 445 TCPDSACKIgnoredNoUndo: 150 TCPSpuriousRTOs: 36-c 持续的执行这个命令 每隔一个固定时间,执行该netstat命令。
