netstat常见用法

netstat常见用法

• netstat常用参数
• 实例

• 
  

netstat是rhel6和rhel7的默认网络工具

rhel8的默认工具是ss,rhel8要安装netstat,需要安装net-tools

netstat常用参数

实例

最常用的命令

# 查看当前建立的连接
netstat -tunlp
[rhel8 root ~]# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      950/sshd
udp        0      0 127.0.0.1:323           0.0.0.0:*                           747/chronyd
udp6       0      0 ::1:323                 :::*                                747/chronyd

# 查看当前建立的连接
netstat -tunp
[rhel8 root ~]# netstat -tunp
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0    216 192.168.1.178:22        101.204.28.121:27072    ESTABLISHED 10924/sshd: root [p
tcp        0      0 192.168.1.178:22        101.204.28.121:25041    ESTABLISHED 10692/sshd: root [p
udp        0      0 192.168.1.178:68        192.168.1.253:67        ESTABLISHED 837/NetworkManager

查看tcp和udp端口

-t tcp
u udp
n 不解析
l 监听
p 显示pid

netstat -tunlp|grep 端口号
# 查看22端口
[rhel8 root ~]# netstat -tunlp|grep 22
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1010/sshd

列出所有端口(包括监听和未监听的)

# 列出所有tcp端口
netstat -atn
[rhel8 root ~]# netstat -atn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0    208 192.168.1.178:22        101.204.28.121:41965    ESTABLISHED
tcp        0      0 192.168.1.178:53202     100.100.30.25:80        ESTABLISHED

# 列出所有udp端口
netstat -aun
[rhel8 root ~]# netstat -aun
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
udp        0      0 192.168.1.178:68        192.168.1.253:67        ESTABLISHED
udp        0      0 127.0.0.1:323           0.0.0.0:*
udp6       0      0 ::1:323                 :::* 

在netstat输出中显示pid和进程名称

netstat -ptn
[rhel8 root ~]# netstat -ptn
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0    216 192.168.1.178:22        101.204.28.121:41965    ESTABLISHED 26768/sshd: root [p
tcp        0      0 192.168.1.178:53202     100.100.30.25:80        ESTABLISHED 4751/AliYunDun

找出程序运行的端口

netstat -ap|grep ssh

通过端口查进程id

netstat -anp|grep 22|grep LISTEN|awk '{print $7}'|cut -d/ -f1
# 实例
[rhel8 root ~]# netstat -anp|grep 22|grep LISTEN|awk '{print $7}'|cut -d/ -f1
950
LISTENING

查看核心路由信息

[rhel8 root ~]# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.1.253   0.0.0.0         UG        0 0          0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0

IP和TCP分析

查看连接某服务端口最多的ip地址

 netstat -ntu|grep :22|awk '{print $5}'|cut -d: -f1|awk '{++ip[$1]} END {for(i in ip) print ip[i],"\t",i}'|sort -nr

## 打印样式
1        101.204.28.121

TCP各种状态列表

netstat -nt|grep -e 127.0.0.1 -e 0.0.0.0 -e ::: -v|awk '/^tcp/ {++state[$NF]} END {for(i in  state) print i ,"\t",state[i]}'
# 打印结果
ESTABLISHED      1

查看php-cgi进程数

netstat -anpo|grep "php-cgi"|wc -l