I have used netstat -tnpl command a lot, but I have not studied it carefully. However, it is a problem and I cannot let it go. Besides, I use netstat command to query the listening status of the port everyday. So take this opportunity to understand the netstat command.
The netstat command is compatible with Linux, Windows, and MacOS operating systems. However, on UNIX, the netstat command is man netstat. On Linux and Windows it is netstat –help.
The netstat command is used in Linux
When I run the man netstat command on Linux, I am surprised to see that it is a lot of information. Don’t be put off by this long description, let’s take it one step at a time.
First, let’s look at what the netstat command does.
The official explanation is that
netstat -- show network status
Copy the codeListing network Status
But what does this network state have? With that in mind, I ran it under Linux.
The print is a sextuple, and the contents of each column of the sextuple are
A closer look at this sextuple seems to indicate that the netstat command is a command-line tool for monitoring incoming and outgoing network connections and status.
Overall, netSTST output results can be divided into two parts. One is Active Internet Connections, which is called Active TCP connections. Recv-q and Send-Q refer to the client Send queue and the client receive queue. Both queues typically have a value of 0, if not 0, indicating that there is a backlog of messages that have not been sent/retrieved, which is rarely the case.
The other part is Active UNIX Domain Sockets, called Active UNIX domain sockets. The sockets in this part are the same as network socket sockets, except that they can only be used for local communication and perform better than network sockets. Active UNIX Domain Sockets are also a six-tuple, respectively
Netstat Parameter description
Let’s explain some of the parameters listed by netstat –help. We’ll start with the most common ones so that you don’t lose focus and look like you can form a phased memory.
netstat -a
-a monitors all socket connections by default.
Those that have been listened on, those that have established a connection, those that have been sent by the client to wait on the server, and those that have not been listened on are listed.
netstat -at/-t
The netstat -t suffix and netstat -at suffix are used to listen on TCP ports. The netstat -at suffix is used to listen on all State ports. Netstat -t only listens on ports in the ESTABLISHED state.
netstat -at
netstat -t
netstat -au/-u
Similarly, netstat -au and netstat -u monitor udP-related ports. Netstat -au monitors all State ports, while netstat -u monitors only ports in ESTABLISHED State.
netstat -au
netstat -u
My test here is not monitoring the UDP protocol in the established connection state.
netstat -ap
This command is used to list the ports on which the program is running
Netstat ap | grep 'program name'Copy the codeSuch as HTTP program, we are looking for is Netstat – ap | grep HTTP
You can also list port numbers directly
netstat -ap|grep 8080
Copy the code
Note that not all programs can be found, without permission will not be displayed, using root permission can query all information.
netstat -l
Netstat -l is used to listen on ports that are being listened on.
Netstat -lt is only used to list all monitored TCP ports.
Netstat -lu is only used to list all monitored UDP ports.
Netstat -lx is only used to list all listening UNIX ports.
netstat -s
The netstat -s command is used to list the statistics of all ports.
The netstat -st command is used to list the statistics of TCP ports.
You can list the statistics about UDP ports by running the netstat -su command.
netstat -p
Netstat -p can be used with other parameters, such as netstat -pt to list the service name and PID number.
netstat -c
Use netstat -c to list network information every second.
netstat -r
The netstat -r command is used to list the core information of routes.
netstat –verbose
This command lists the Address Family supported by the system.
Address Family simply means which communication protocol is used at the bottom layer to submit data. For example, AF_INET uses TCP/IPv4. AF_INET6 uses TCP/IPv6; AF_LOCAL or AF_UNIX refers to local communication (that is, communication between processes on the current host), usually in the form of an absolute path.
netstat -i
The netstat -i command is used to list network interface packets, including packets transmitted and received with MTU (maximum transmission unit).
In addition, netstat -ie is also used to list kernel interfaces, much like the ifconfig command
On this question
So, to return to the question at the beginning of the article, what is netstat-tnpl for
- -t: lists only the information related to TCP
- -n: The value is listed in numbers
- -p: lists the socket PID and program name in use
- -l: lists the monitored server sockets
Let’s execute this command.
In Linux, ss is recommended to replace netstat, IP route to replace netstat -r, IP -s link to replace netstat -i, – IP addr was used instead of netstat -g
Can you play Netstat this way?
If this article is helpful to you, please like it and follow it.