Recommended reading: Learn a Linux command every day (64) : ifconfig

Introduction of the command

Netstat (Network Statistics) is a command line tool that displays network connections (incoming and outgoing), routing tables, and many network interfaces (network interface controllers or software-defined network interfaces) and network protocol statistics. It can also be used to locate network problems and print the status information of the Linux network system to view the network status of the entire Linux system.

Netstat is used in a wide range of applications, including OS X, Linux, Solaris, and BSD, as well as Windows NT-BASED operating systems, including Windows XP, Windows Vista, and Windows 7/8/10.

Syntax format

netstat { xxx } [ OPTIONS ]
Copy the code

Option to show

-a < network type > # Display all network connection information -a < network type > # display all network connection information -c or --continuous # display network status information -c or --cache # Display router configuration cache information -e or --extend -g or --groups # Displays multicast group information -h or --help # prints online help information -i or --interfaces # displays network interface information -l or --listening # displays the Socket of the monitored server -m or --masquerade # displays disguised network connections -n or -- Numeric # directly uses the IP address -n or --netlink # displays symbolic connection names for network hardware peripherals -o or --timers # displays timers -r or --route Routing Table -s or --statistice # Show statistics about the status of all ports. -T or -- TCP. -u or --udp -x or -- Unix # This parameter has the same result as "-a Unix" -- IP or --inet # This parameter has the same result as "-a inet" The sameCopy the code

Application, for example,

List the port

[root@CentOS7-1 ~]# netstat -a Active Internet connections (Servers and Established) Proto Recv -q send-q Local Address Foreign Address State TCP 0 0 0.0.0.0: SSH 0.0.0.0:* LISTEN TCP 0 0 localhost: SMTP 0.0.0.0:* LISTEN TCP 0 0 Localhost :8125 0.0.0.0:* LISTEN TCP 0 0 0.0.0.0: dnP-sec 0.0.0.0:* LISTEN TCP 0 52 Centos7-1: SSH 192.168.1.93:58049 ESTABLISHED tcp6 0 0 [::]:ssh [::]:* LISTEN tcp6 0 0 localhost:smtp [::]:* LISTEN tcp6 0 0 localhost:8125 [::]:* LISTEN Tcp6 0 0 [::]: dnP-sec [::]:* LISTEN UDP 0 0 localhost:8125 0.0.0.0:* udp 0 0 localhost:323 0.0.0.0:* UDp6 0 0 Localhost :8125 [::]:* udp6 0 0 localhost:323 [::]:* raw6 0 0 [::]:ipv6-icmp [::]:* 7 # Lists all TCP ports [root@CentOS7-1 ~]# netstat -at Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State TCP 0 0 0.0.0.0: SSH 0.0.0.0:* LISTEN TCP 0 0 localhost: SMTP 0.0.0.0:* LISTEN TCP 0 0 localhost:8125 0.0.0.0:* LISTEN TCP 0 0 0.0.0.0: dnP-sec 0.0.0.0:* LISTEN TCP 0 52 Centos7-1: SSH 192.168.1.93:58049 ESTABLISHED tcp6 0 0 [::]: SSH [::]:* LISTEN tcp6 0 0 localhost:smtp [::]:* LISTEN tcp6 0 0 localhost:8125 [::]:* LISTEN tcp6 0 0 [::]:dnp-sec [::]:* [root@CentOS7-1 ~]# netstat -au Active Internet connections (Servers and Established) Proto Recv -q Send -q Local Address Foreign Address State UDP 0 0 localhost:8125 0.0.0.0:* UDP 0 0 localhost:323 0.0.0.0:* UDP6 0 0 Localhost :8125 [::]:* udp6 0 0 localhost:323 [::]:* # Listing all listening Sockets netstat -l # listing only listening ports netstat -lt # listing only listening TCP ports Netstat -s # Display statistics on all ports netstat -st # Display statistics on TCP ports Netstat -su # Displays UDP port statisticsCopy the code

Display routing table information

[root@CentOS7-1 ~]# netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface default Gateway 0.0.0.0ug 0 0 0 ENS33 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ENS33 [root@CentOS7-1 ~]# netstat - Rn Kernel IP address Routing table Destination Gateway Genmask Flags MSS Window IRtt Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 ENS33 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ENS33Copy the code

Display interface List

[root@CentOS7-1 ~]# netstat -i
Kernel Interface table
Iface             MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
ens33            1500    48619      0      5 0          7246      0      0      0 BMRU
lo              65536     1730      0      0 0          1730      0      0      0 LRU
Copy the code

View connection status in groups

[root@CentOS7-1 ~]# netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}' LAST_ACK 5 (LAST_ACK 5) SYN_RECV 3 ESTABLISHED 10 FIN_WAIT2 5 TIME_WAIT 313 (LAST_ACK 5)Copy the code

Display connection number

/ root @ CentOS7-1 ~ # netstat - an | grep: 22 TCP 0 0 0.0.0.0:22 0.0.0.0: * LISTEN TCP 0 52 192.168.1.100:22 192.168.1.93:58049 ESTABLISHED tcp6 0 0: : : 22 / root @ CentOS7-1 ~ # netstat - an | grep: 22 | 3 wc - lCopy the code

Search for the process ID through the port

/ root @ CentOS7-1 ~ # netstat anp | grep TCP 58049 0 52 192.168.1.100:22 192.168.1.93:58049 ESTABLISHED 1350 / SSHD: Root @ PTS/root @ CentOS7-1 ~ # netstat anp | grep 58049 | grep ESTABLISHED TCP 0 52 192.168.1.100:22 192.168.1.93:58049 ESTABLISHED 1350/sshd: root@pts [root@CentOS7-1 ~]# netstat -anp | grep 58049 |grep ESTABLISHED |awk '{print $7}' 1350/sshd: [root@CentOS7-1 ~]# netstat -anp | grep 58049 |grep ESTABLISHED |awk '{print $7}' |cut -d/ -f1 1350Copy the code

View the IP addresses that have the most connections to a port

[root@CentOS7-1 ~]# netstat -ntu | grep :58049 | awk '{print $5}' | cut -d: | - f1 awk '{+ + IP [$1]} END {for (I) in IP print IP [I], "t", I}' | sort - nr 1 192.168.1.93 / root @ CentOS7-1 ~ # netstat - ntu |  grep :22 | awk '{print $5}' | cut -d: | - f1 awk '{+ + IP [$1]} END {for (I) in IP print IP [I], "t", I}' | 1 192.168.1.93 sort - nrCopy the code

The status statistics of all ports are displayed

[root@CentOS7-1 ~]# netstat -s
Ip:
    15146 total packets received
    0 forwarded
    0 incoming packets discarded
    15146 incoming packets delivered
    3885 requests sent out
    8 dropped because of missing route
Icmp:
    4 ICMP messages received
    0 input ICMP message failed.
    ICMP input histogram:
        destination unreachable: 4
    44 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 44
IcmpMsg:
        InType3: 4
        OutType3: 44
Tcp:
    863 active connections openings
    1 passive connection openings
    858 failed connection attempts
    0 connection resets received
    1 connections established
    5021 segments received
    3772 segments send out
    0 segments retransmited
    0 bad segments received.
    858 resets sent
Udp:
    200 packets received
    44 packets to unknown port received.
    0 packet receive errors
    246 packets sent
    0 receive buffer errors
    0 send buffer errors
UdpLite:
TcpExt:
    1 TCP sockets finished time wait in fast timer
    35 delayed acks sent
    1 packets directly queued to recvmsg prequeue.
    1362 packet headers predicted
    438 acknowledgments not containing data payload received
    1160 predicted acknowledgments
    TCPRcvCoalesce: 9
    TCPOrigDataSent: 1719
IpExt:
    InBcastPkts: 10042
    InOctets: 4159848
    OutOctets: 329931
    InBcastOctets: 3778680
    InNoECTPkts: 15150
Copy the code

The multicast group information is displayed

[root@CentOS7-1 ~]# netstat -g
IPv6/IPv4 Group Memberships
Interface       RefCnt Group
--------------- ------ ---------------------
lo              1      all-systems.mcast.net
ens33           1      all-systems.mcast.net
lo              1      ff02::1
lo              1      ff01::1
ens33           1      ff02::1:ff4e:26b0
ens33           1      ff02::1:ff01:b5bb
ens33           1      ff02::1
ens33           1      ff01::1
Copy the code

Learn a Linux command every day (62) : ping

Learn a Linux command every day: route