netstat常见用法
netstat是rhel6和rhel7的默认网络工具
rhel8的默认工具是ss,rhel8要安装netstat,需要安装net-tools
netstat常用参数
实例
最常用的命令
# 查看当前建立的连接
netstat -tunlp
[rhel8 root ~]# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 950/sshd
udp 0 0 127.0.0.1:323 0.0.0.0:* 747/chronyd
udp6 0 0 ::1:323 :::* 747/chronyd
# 查看当前建立的连接
netstat -tunp
[rhel8 root ~]# netstat -tunp
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 216 192.168.1.178:22 101.204.28.121:27072 ESTABLISHED 10924/sshd: root [p
tcp 0 0 192.168.1.178:22 101.204.28.121:25041 ESTABLISHED 10692/sshd: root [p
udp 0 0 192.168.1.178:68 192.168.1.253:67 ESTABLISHED 837/NetworkManager
查看tcp和udp端口
-t tcp
u udp
n 不解析
l 监听
p 显示pid
netstat -tunlp|grep 端口号
# 查看22端口
[rhel8 root ~]# netstat -tunlp|grep 22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1010/sshd
列出所有端口(包括监听和未监听的)
# 列出所有tcp端口
netstat -atn
[rhel8 root ~]# netstat -atn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 208 192.168.1.178:22 101.204.28.121:41965 ESTABLISHED
tcp 0 0 192.168.1.178:53202 100.100.30.25:80 ESTABLISHED
# 列出所有udp端口
netstat -aun
[rhel8 root ~]# netstat -aun
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 192.168.1.178:68 192.168.1.253:67 ESTABLISHED
udp 0 0 127.0.0.1:323 0.0.0.0:*
udp6 0 0 ::1:323 :::*
在netstat输出中显示pid和进程名称
netstat -ptn
[rhel8 root ~]# netstat -ptn
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 216 192.168.1.178:22 101.204.28.121:41965 ESTABLISHED 26768/sshd: root [p
tcp 0 0 192.168.1.178:53202 100.100.30.25:80 ESTABLISHED 4751/AliYunDun
找出程序运行的端口
netstat -ap|grep ssh
通过端口查进程id
netstat -anp|grep 22|grep LISTEN|awk '{print $7}'|cut -d/ -f1
# 实例
[rhel8 root ~]# netstat -anp|grep 22|grep LISTEN|awk '{print $7}'|cut -d/ -f1
950
LISTENING
查看核心路由信息
[rhel8 root ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.1.253 0.0.0.0 UG 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
IP和TCP分析
查看连接某服务端口最多的ip地址
netstat -ntu|grep :22|awk '{print $5}'|cut -d: -f1|awk '{++ip[$1]} END {for(i in ip) print ip[i],"\t",i}'|sort -nr
## 打印样式
1 101.204.28.121
TCP各种状态列表
netstat -nt|grep -e 127.0.0.1 -e 0.0.0.0 -e ::: -v|awk '/^tcp/ {++state[$NF]} END {for(i in state) print i ,"\t",state[i]}'
# 打印结果
ESTABLISHED 1
查看php-cgi进程数
netstat -anpo|grep "php-cgi"|wc -l