在Linux使用过程中,需要了解当前系统开放了哪些端口,并且要查看开放这些端口的具体进程和用户,可以通过netstat命令进行简单查询
1.netstat命令各个参数说明
-a 或–all 显示所有连线中的Socket。
-A <网络类型>或–<网络类型> 列出该网络类型连线中的相关地址。
-c 或–continuous 持续列出网络状态。
-C 或–cache 显示路由器配置的快取信息。
-e 或–extend 显示网络其他相关信息。
-F 或 –fib 显示FIB。
-g 或–groups 显示多重广播功能群组组员名单。
-h 或–help 在线帮助。
-i 或–interfaces 显示网络界面信息表单。
-l 或–listening 显示监控中的服务器的Socket。
-M 或–masquerade 显示伪装的网络连线。
-n 或–numeric 直接使用IP地址,而不通过域名服务器。
-N 或–netlink或–symbolic 显示网络硬件外围设备的符号连接名称。
-o 或–timers 显示计时器。
-p 或–programs 显示正在使用Socket的程序识别码和程序名称。
-r 或–route 显示 Routing Table。
-s 或–statistice 显示网络工作信息统计表。
-t 或–tcp 显示TCP 传输协议的连线状况。
-u或–udp 显示UDP传输协议的连线状况。
-v或–verbose 显示指令执行过程。
-V 或–version 显示版本信息。
-w或–raw 显示RAW传输协议的连线状况。
-x或–unix 此参数的效果和指定”-A unix”参数相同。
–ip或–inet 此参数的效果和指定”-A inet”参数相同。
2.查看当前所有tcp端口使用情况
这里解释一下:1、0.0.0.0代表本机上可用的任意地址。 比如0.0.0.0:135 表示本机上所有地址的135端口,这样多ip计算机就不用重复显示了。
2、TCP 0.0.0.0:80表示在所有的可用接口上监听TCP80端口
3、0.0.0.0为默认路由,即要到达不再路由表里面的网段的包都走0.0.0.0这条规则然后127.0.0.1就是表示你本机ip地址的意思了。然后[::]:21这又是什么鬼?这个表示ipv6的21号端口的意思。还有UDP的外部链接怎么都是*:*呢?*:*是网址的通配符,就是192.168.15.12,这个类型的整体描述这里解释一下:1、0.0.0.0代表本机上可用的任意地址。 比如0.0.0.0:135 表示本机上所有地址的135端口,这样多ip计算机就不用重复显示了。
2、TCP 0.0.0.0:80表示在所有的可用接口上监听TCP80端口
3、0.0.0.0为默认路由,即要到达不再路由表里面的网段的包都走0.0.0.0这条规则然后127.0.0.1就是表示你本机ip地址的意思了。然后[::]:21这又是什么鬼?这个表示ipv6的21号端口的意思。还有UDP的外部链接怎么都是*:*呢?*:*是网址的通配符,就是192.168.15.12,这个类型的整体描述注意:127.0.0.1 和 0.0.0.0 是两种不同的网络地址。127.0.0.1 是一个环回地址,只能本地访问,用于本地测试和调试12。0.0.0.0 是一个通配地址,可以接受来自本地和外部网络的连接,用于在开发环境中监听所有可用的网络接口
3.tcp端口使用的状态解释
LISTEN:(Listening for a connection.)侦听来自远方的TCP端口的连接请求SYN-SENT:(Active; sent SYN. Waiting for a matching connection request after having sent a connection request.)再发送连接请求后等待匹配的连接请求SYN-RECEIVED:(Sent and received SYN. Waiting for a confirming connection request acknowledgment after having both received and sent connection requests.)再收到和发送一个连接请求后等待对方对连接请求的确认ESTABLISHED:(Connection established.)代表一个打开的连接FIN-WAIT-1:(Closed; sent FIN.)等待远程TCP连接中断请求,或先前的连接中断请求的确认FIN-WAIT-2:(Closed; FIN is acknowledged; awaiting FIN.)从远程TCP等待连接中断请求CLOSE-WAIT:(Received FIN; waiting to receive CLOSE.)等待从本地用户发来的连接中断请求CLOSING:(Closed; exchanged FIN; waiting for FIN.)等待远程TCP对连接中断的确认LAST-ACK:(Received FIN and CLOSE; waiting for FIN ACK.)等待原来的发向远程TCP的连接中断请求的确认TIME-WAIT:(In 2 MSL (twice the maximum segment length) quiet wait after close. )等待足够的时间以确保远程TCP接收到连接中断请求的确认CLOSED:(Connection is closed.)没有任何连接状态UNKNOWN:套接字状态未知
4.netstat的10个基本用法
①:列出所有连接
[root@VM-12-14-centos test]# netstat -aActive Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:mysql 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN
tcp 0 0 VM-12-14-centos:http 103-148-72-71.sta:65311 SYN_RECV
tcp 0 0 VM-12-14-centos:http 103-148-72-71.sta:53118 SYN_RECV
tcp 0 0 VM-12-14-centos:http 103-148-72-71.sta:64199 SYN_RECV
tcp 0 0 VM-12-14-centos:http 103-148-72-71.stati:954 SYN_RECV
tcp 0 0 VM-12-14-centos:http 103-148-72-71.sta:25276 SYN_RECV
tcp 0 0 VM-12-14-centos:http 103-148-72-71.sta:39902 SYN_RECV
tcp 0 0 VM-12-14-centos:http 103-148-72-71.sta:51665 SYN_RECV
tcp 0 0 VM-12-14-centos:http 103-148-72-71.sta:13772 SYN_RECV
tcp 0 0 VM-12-14-centos:http 103-148-72-71.sta:12621 SYN_RECV
tcp 0 0 VM-12-14-centos:http 103-148-72-71.sta:17978 SYN_RECV
tcp 0 0 VM-12-14-centos:http 103-148-72-71.sta:63730 SYN_RECV
tcp 0 0 0.0.0.0:epmd 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN
tcp 0 0 VM-12-14-centos:domain 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 VM-12-14-centos:ipp 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:kerberos 0.0.0.0:* LISTEN
tcp 0 0 VM-12-14:x11-ssh-offset 0.0.0.0:* LISTEN
tcp 0 0 VM-12-14-centos:57884 VM-12-14-centos:epmd TIME_WAIT
tcp 0 0 VM-12-14-centos:52702 169.254.0.138:8186 ESTABLISHED
tcp 0 0 VM-12-14-centos:epmd VM-12-14-centos:40859 ESTABLISHED
tcp 0 0 VM-12-14-centos:40859 VM-12-14-centos:epmd ESTABLISHED
tcp 0 48 VM-12-14-centos:ssh 120.224.104.72:52646 ESTABLISHED常见字段解释
proto 套接字使用的协议是什么
Recv-0 连接这个套接字的用户,还未拷贝的字节数
Send-0 远程主机还未确认的字节数
Local address套接字(一个连接情况)本地的地址和端口号317
Foreign Address 套接字的远程主机地址和口号
State套接字的运行情况
②:只列出TCP或UDP协议的连接
使用 -t 选项列出 TCP 协议的连接
[root@VM-12-14-centos test]# netstat -atActive Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:mysql 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN
tcp 0 0 VM-12-14-centos:http 103-148-72-71.sta:24962 SYN_RECV
tcp 0 0 VM-12-14-centos:http 103-148-72-71.sta:12954 SYN_RECV
tcp 0 0 VM-12-14-centos:http 103-148-72-71.sta:21002 SYN_RECV
tcp 0 0 VM-12-14-centos:http 103-148-72-71.sta:65432 SYN_RECV
tcp 0 0 VM-12-14-centos:http 103-148-72-71.sta:39178 SYN_RECV
tcp 0 0 VM-12-14-centos:http 103-148-72-71.sta:47736 SYN_RECV
tcp 0 0 VM-12-14-centos:http 103-148-72-71.sta:49636 SYN_RECV
tcp 0 0 VM-12-14-centos:http 45.135.201.241:59717 SYN_RECV
tcp 0 0 VM-12-14-centos:http 103-148-72-71.sta:32799 SYN_RECV
tcp 0 0 VM-12-14-centos:http 103-148-72-71.sta:14283 SYN_RECV
tcp 0 0 VM-12-14-centos:http 103-148-72-71.sta:56900 SYN_RECV 使用 -u 选项列出 UDP 协议的连接
[root@VM-12-14-centos test]# netstat -auActive Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 0.0.0.0:884 0.0.0.0:*
udp 0 0 0.0.0.0:mdns 0.0.0.0:*
udp 0 0 VM-12-14-centos:domain 0.0.0.0:*
udp 0 0 0.0.0.0:bootps 0.0.0.0:*
udp 0 0 0.0.0.0:bootpc 0.0.0.0:*
udp 0 0 0.0.0.0:sunrpc 0.0.0.0:*
udp 0 0 VM-12-14-centos:ntp 0.0.0.0:*
udp 0 0 VM-12-14-centos:ntp 0.0.0.0:*
udp 0 0 0.0.0.0:45625 0.0.0.0:*
udp6 0 0 [::]:884 [::]:*
udp6 0 0 [::]:sunrpc [::]:*
udp6 0 0 VM-12-14-centos:ntp [::]:*
udp6 0 0 VM-12-14-centos:ntp [::]:*
③:禁用反向域名解析,加快查询速度
默认情况下 netstat 会通过反向域名解析技术查找每个 IP 地址对应的主机名。这会降低查找速度。如果你觉得 IP 地址已经足够,而没有必要知道主机名,就使用 -n 选项禁用域名解析功能[root@VM-12-14-centos test]# netstat -anActive Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 10.0.12.14:80 103.148.72.71:36631 SYN_RECV
tcp 0 0 10.0.12.14:80 103.148.72.71:8279 SYN_RECV
tcp 0 0 10.0.12.14:80 103.148.72.71:65432 SYN_RECV
tcp 0 0 10.0.12.14:80 103.148.72.71:43150 SYN_RECV
tcp 0 0 10.0.12.14:80 103.148.72.71:58653 SYN_RECV
tcp 0 0 10.0.12.14:80 103.148.72.71:12405 SYN_RECV
tcp 0 0 10.0.12.14:80 103.148.72.71:25388 SYN_RECV
tcp 0 0 10.0.12.14:80 103.148.72.71:41411 SYN_RECV
tcp 0 0 10.0.12.14:80 103.148.72.71:56328 SYN_RECV
tcp 0 0 10.0.12.14:80 103.148.72.71:3576 SYN_RECV
tcp 0 0 10.0.12.14:80 103.148.72.71:7845 SYN_RECV
④:只列出监听中的连接
任何网络服务的后台进程都会打开一个端口,用于监听接入的请求。这些正在监听的套接字也和连接的套接字一样,也能被 netstat 列出来。使用 -l 选项列出正在监听的套接字[root@VM-12-14-centos test]# netstat -tnlActive Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:88 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN
tcp6 0 0 :::5672 :::* LISTEN
tcp6 0 0 :::3306 :::* LISTEN
tcp6 0 0 :::5901 :::* LISTEN
tcp6 0 0 :::111 :::* LISTEN
tcp6 0 0 :::4369 :::* LISTEN
tcp6 0 0 :::6001 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
tcp6 0 0 ::1:6010 :::* LISTEN 现在我们可以看到处于监听状态的 TCP 端口和连接。如果你查看所有监听端口,去掉 -t 选项。如果你只想查看 UDP 端口,使用 -u 选项,代替 -t 选项。注意:不要使用 -a 选项,否则 netstat 会列出所有连接,而不仅仅是监听端口
⑤:获取进程名、进程号以及用户ID
查看端口和连接的信息时,能查看到它们对应的进程名和进程号对系统管理员来说是非常有帮助的。举个栗子,Apache 的 httpd 服务开启80端口,如果你要查看 http 服务是否已经启动,或者 http 服务是由 apache 还是 nginx 启动的,这时候你可以看看进程名使用 -p 选项查看进程信息[root@VM-12-14-centos test]# netstat -nlptActive Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 1110/beam.smp
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 21083/docker-proxy
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 1508/Xvnc
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 713/rpcbind
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1407/nginx: master
tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 2136/epmd
tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN 1508/Xvnc
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1950/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1372/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1119/cupsd
tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 1110/beam.smp
tcp 0 0 0.0.0.0:88 0.0.0.0:* LISTEN 1407/nginx: master
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 3701/sshd: root@pts
tcp6 0 0 :::5672 :::* LISTEN 1110/beam.smp
tcp6 0 0 :::3306 :::* LISTEN 21088/docker-proxy
tcp6 0 0 :::5901 :::* LISTEN 1508/Xvnc
tcp6 0 0 :::111 :::* LISTEN 713/rpcbind
tcp6 0 0 :::4369 :::* LISTEN 2136/epmd
tcp6 0 0 :::6001 :::* LISTEN 1508/Xvnc
tcp6 0 0 :::22 :::* LISTEN 1372/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1119/cupsd
tcp6 0 0 ::1:6010 :::* LISTEN 3701/sshd: root@pts 使用 -p 选项时,netstat 必须运行在 root 权限之下,不然它就不能得到运行在 root 权限下的进程名,而很多服务包括 http 和 ftp 都运行在 root 权限之下相比进程名和进程号而言,查看进程的拥有者会更有用。使用 -ep 选项可以同时查看进程名和用户名[root@VM-12-14-centos test]# netstat -ltpeActive Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN rabbitmq 35092 1110/beam.smp
tcp 0 0 0.0.0.0:mysql 0.0.0.0:* LISTEN root 138883 21083/docker-proxy
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN root 31801 1508/Xvnc
tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN root 19890 713/rpcbind
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN root 31241 1407/nginx: master
tcp 0 0 0.0.0.0:epmd 0.0.0.0:* LISTEN rabbitmq 34894 2136/epmd
tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN root 31793 1508/Xvnc
tcp 0 0 VM-12-14-centos:domain 0.0.0.0:* LISTEN root 32486 1950/dnsmasq
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN root 30494 1372/sshd
tcp 0 0 VM-12-14-centos:ipp 0.0.0.0:* LISTEN root 26582 1119/cupsd
tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN rabbitmq 39837 1110/beam.smp
tcp 0 0 0.0.0.0:kerberos 0.0.0.0:* LISTEN root 31242 1407/nginx: master
tcp 0 0 VM-12-14:x11-ssh-offset 0.0.0.0:* LISTEN root 2148874 3701/sshd: root@pts
tcp6 0 0 [::]:amqp [::]:* LISTEN rabbitmq 38151 1110/beam.smp
tcp6 0 0 [::]:mysql [::]:* LISTEN root 137704 21088/docker-proxy
tcp6 0 0 [::]:5901 [::]:* LISTEN root 31802 1508/Xvnc
tcp6 0 0 [::]:sunrpc [::]:* LISTEN root 19893 713/rpcbind
tcp6 0 0 [::]:epmd [::]:* LISTEN rabbitmq 34895 2136/epmd
tcp6 0 0 [::]:6001 [::]:* LISTEN root 31792 1508/Xvnc
tcp6 0 0 [::]:ssh [::]:* LISTEN root 30579 1372/sshd
tcp6 0 0 VM-12-14-centos:ipp [::]:* LISTEN root 26581 1119/cupsd
tcp6 0 0 VM-12-14:x11-ssh-offset [::]:* LISTEN root 2148873 3701/sshd: root@pts上面列出 TCP 协议下的监听套接字,同时显示进程信息和一些额外信息。这些额外的信息包括用户名和进程的索引节点号。这个命令对网管来说很有用。注意 - 假如你将 -n 和 -e 选项一起使用,User 列的属性就是用户的 ID 号,而不是用户名
⑥:打印统计数据
netstat 可以打印出网络统计数据,包括某个协议下的收发包数量[root@VM-12-14-centos test]# netstat -sIp:619929 total packets received1265 forwarded0 incoming packets discarded618658 incoming packets delivered762156 requests sent out40 dropped because of missing route
Icmp:42560 ICMP messages received29 input ICMP message failed.ICMP input histogram:destination unreachable: 34redirects: 8echo requests: 4251842615 ICMP messages sent0 ICMP messages failedICMP output histogram:destination unreachable: 97echo replies: 42518
IcmpMsg:InType3: 34InType5: 8InType8: 42518OutType0: 42518OutType3: 97
Tcp:33204 active connections openings35706 passive connection openings5010 failed connection attempts963 connection resets received7 connections established557820 segments received689021 segments send out175537 segments retransmited19 bad segments received.59219 resets sentInCsumErrors: 12
Udp:17262 packets received102 packets to unknown port received.0 packet receive errors17381 packets sent0 receive buffer errors0 send buffer errors
UdpLite:
TcpExt:7565 invalid SYN cookies received5010 resets received for embryonic SYN_RECV sockets11 packets pruned from receive queue because of socket buffer overrun1 ICMP packets dropped because they were out-of-window2997 TCP sockets finished time wait in fast timer3 packets rejects in established connections because of timestamp15638 delayed acks sent4 delayed acks further delayed because of locked socketQuick ack mode was activated 658 times4 SYNs to LISTEN sockets dropped1224 packets directly queued to recvmsg prequeue.235 bytes directly received in process context from prequeue58146 packet headers predicted184612 acknowledgments not containing data payload received34227 predicted acknowledgments30 times recovered from packet loss by selective acknowledgements1 congestion windows recovered without slow start by DSACK127 congestion windows recovered without slow start after partial ack1 timeouts after reno fast retransmit12 timeouts after SACK recovery1 timeouts in loss state24 fast retransmits6 forward retransmits32 retransmits in slow start197634 other TCP timeoutsTCPLossProbes: 3946TCPLossProbeRecovery: 5095 SACK retransmits failed632 DSACKs sent for old packets3 DSACKs sent for out of order packets1530 DSACKs received2523 connections reset due to unexpected data861 connections reset due to early user close51 connections aborted due to timeoutTCPDSACKIgnoredNoUndo: 419TCPSpuriousRTOs: 2TCPSackShiftFallback: 169TCPRcvCoalesce: 38207TCPOFOQueue: 2251TCPOFOMerge: 3TCPChallengeACK: 123TCPSYNChallenge: 7TCPWantZeroWindowAdv: 1TCPSynRetrans: 164576TCPOrigDataSent: 232528TCPACKSkippedSynRecv: 10TCPACKSkippedSeq: 2TCPACKSkippedChallenge: 1
IpExt:InNoRoutes: 6InMcastPkts: 1111OutMcastPkts: 1123InOctets: 105748257OutOctets: 99010928InMcastOctets: 55945OutMcastOctets: 60254InNoECTPkts: 654410InECT1Pkts: 2870InECT0Pkts: 1
⑦:显示内核路由信息
使用 -r 选项打印内核路由信息。打印出来的信息与 route 命令输出的信息一样。我们也可以使用 -n 选项禁止域名解析[root@VM-12-14-centos test]# netstat -rnKernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.0.12.1 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 10.0.12.1 255.255.255.0 UG 0 0 0 eth0
10.0.0.10 10.0.13.1 255.255.255.255 UGH 0 0 0 eth0
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.0.12.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-a0d112e232a1
172.19.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-23353f657e8b
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
224.0.0.0 - 240.0.0.0 ! - - - -
224.0.0.0 0.0.0.0 240.0.0.0 U 0 0 0 eth0
⑧:打印网络接口
netstat 也能打印网络接口信息,-i 选项就是为这个功能而生[root@VM-12-14-centos test]# netstat -i Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
br-23353f657e8b 1500 711 0 0 0 706 0 0 0 BMU
br-a0d112e232a1 1500 711 0 0 0 706 0 0 0 BMU
docker0 1500 711 0 0 0 698 0 0 0 BMRU
eth0 1500 646680 0 0 0 751767 0 0 0 BMRU
eth0:1 1500 - no statistics available - BMRU
eth0:2 1500 - no statistics available - BMRU
lo 65536 21313 0 0 0 21313 0 0 0 LRU
vethfb859b6 1500 711 0 0 0 706 0 0 0 BMRU
virbr0 1500 0 0 0 0 0 0 0 0 BMU字段解释:
Iface网络设备的名字
MTU 最大的传输单元,单位是字节
RX-0K/TX-0K 正确接收了多少数据包,发送了多少数据包
RX-ERR/TX-ERR 接收、发送数据包的时候,丢弃了多少数据包
RX-0VR/TX-0VR 由于错误遗失了多少的数据包FLg标记L是回环地址的含义R:这个网络接口正在运行中,U:接口正在处于活动的状态B:设置了广播地址M:接收所有的数据包O:表示在该接口上禁止arpP:端对端的连接
查看TX-ERR RX-ERR最好是0,否则表示网络情况不健康,有丢包的现象上面输出的信息比较原始。我们将 -e 选项和 -i 选项搭配使用,可以输出用户友好的信息[root@VM-12-14-centos test]# netstat -ieKernel Interface table
br-23353f657e8b: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500inet 172.19.0.1 netmask 255.255.0.0 broadcast 172.19.255.255ether 02:42:69:59:5d:f8 txqueuelen 0 (Ethernet)RX packets 711 bytes 63222 (61.7 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 706 bytes 57772 (56.4 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0br-a0d112e232a1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255ether 02:42:65:59:4e:7a txqueuelen 0 (Ethernet)RX packets 711 bytes 63222 (61.7 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 706 bytes 57772 (56.4 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255inet6 fe80::42:4aff:fe93:976b prefixlen 64 scopeid 0x20<link>ether 02:42:4a:93:97:6b txqueuelen 0 (Ethernet)RX packets 711 bytes 53268 (52.0 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 698 bytes 57116 (55.7 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 10.0.12.14 netmask 255.255.252.0 broadcast 10.0.15.255inet6 fe80::5054:ff:fe39:b685 prefixlen 64 scopeid 0x20<link>ether 52:54:00:39:b6:85 txqueuelen 1000 (Ethernet)RX packets 647172 bytes 115417012 (110.0 MiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 752274 bytes 108765481 (103.7 MiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 10.0.2.18 netmask 255.255.255.0 broadcast 10.0.2.255ether 52:54:00:39:b6:85 txqueuelen 1000 (Ethernet)eth0:2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 10.0.2.17 netmask 255.255.255.0 broadcast 10.0.2.255ether 52:54:00:39:b6:85 txqueuelen 1000 (Ethernet)lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536inet 127.0.0.1 netmask 255.0.0.0inet6 ::1 prefixlen 128 scopeid 0x10<host>loop txqueuelen 1000 (Local Loopback)RX packets 21333 bytes 1221206 (1.1 MiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 21333 bytes 1221206 (1.1 MiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0vethfb859b6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet6 fe80::fcbf:a0ff:fe31:9587 prefixlen 64 scopeid 0x20<link>ether fe:bf:a0:31:95:87 txqueuelen 0 (Ethernet)RX packets 711 bytes 63222 (61.7 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 706 bytes 57772 (56.4 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255ether 52:54:00:fa:a2:70 txqueuelen 1000 (Ethernet)RX packets 0 bytes 0 (0.0 B)RX errors 0 dropped 0 overruns 0 frame 0TX packets 0 bytes 0 (0.0 B)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0上面的输出信息与 ifconfig 输出的信息一样
⑨:netstat持续输出
我们可以使用 netstat 的 -c 选项持续输出信息[root@VM-12-14-centos test]# netstat -c
⑩:显示多播信息
选项 -g 会输出 IPv4 和 IPv6 的多播组信息[root@VM-12-14-centos test]# netstat -gIPv6/IPv4 Group Memberships
Interface RefCnt Group
--------------- ------ ---------------------
lo 1 all-systems.mcast.net
eth0 1 mdns.mcast.net
eth0 1 all-systems.mcast.net
virbr0 1 mdns.mcast.net
virbr0 1 all-systems.mcast.net
br-23353f657e8b 1 mdns.mcast.net
br-23353f657e8b 1 all-systems.mcast.net
br-a0d112e232a1 1 mdns.mcast.net
br-a0d112e232a1 1 all-systems.mcast.net
docker0 1 mdns.mcast.net
docker0 1 all-systems.mcast.net
vethfb859b6 1 all-systems.mcast.net
lo 1 ff02::1
lo 1 ff01::1
eth0 1 ff02::1:ff39:b685
eth0 1 ff02::1
eth0 1 ff01::1
virbr0 1 ff02::1
virbr0 1 ff01::1
virbr0-nic 1 ff02::1
virbr0-nic 1 ff01::1
br-23353f657e8b 1 ff02::1
br-23353f657e8b 1 ff01::1
br-a0d112e232a1 1 ff02::1
br-a0d112e232a1 1 ff01::1
docker0 1 ff02::1:ff93:976b
docker0 1 ff02::1
docker0 1 ff01::1
vethfb859b6 1 ff02::1:ff31:9587
vethfb859b6 1 ff02::1
vethfb859b6 1 ff01::1
