Linux - netstat 查看系统端口占用和监听情况

Posted 2022-12-12 小小工匠

文章目录

• 功能
• 语法
• 示例
• • 显示 tcp，udp 的端口和进程
  • Show both listening and non-listening sockets
  • List all tcp ports.
  • List all udp ports
  • List only listening ports
  • List only listening TCP ports.
  • List only listening UDP ports.
  • List only the listening UNIX ports
  • List the statistics for all ports.
  • List the statistics for TCP (or) UDP ports.
  • Display PID and program names in the output.
  • Print the netstat information continuously.
  • The kernel routing information.
  • The port on which a program is running.
  • Which process is using a particular port:

---

功能

netstat 命令用于显示各种网络相关信息，比如网络连接，路由表，接口状态 (Interface Statistics)，masquerade 连接，多播成员 Multicast Memberships等等

---

语法

列几个比较常用的

• -t (tcp) 仅显示tcp相关选项
• -u (udp)仅显示udp相关选项
• -n 拒绝显示别名，能显示数字的全部转化为数字
• -l 仅列出在Listen(监听)的服务状态
• -p 显示建立相关链接的程序名

• -a或–all：显示所有连线中的Socket；
• -A<网络类型>或–<网络类型>：列出该网络类型连线中的相关地址；
• -c或–continuous：持续列出网络状态；
• -C或–cache：显示路由器配置的快取信息；
• -e或–extend：显示网络其他相关信息；
• -F或–fib：显示FIB；
• -g或–groups：显示多重广播功能群组组员名单；
• -h或–help：在线帮助；
• -i或–interfaces：显示网络界面信息表单；
• -l或–listening：显示监控中的服务器的Socket；
• -M或–masquerade：显示伪装的网络连线；
• -n或–numeric：直接使用ip地址，而不通过域名服务器；
• -N或–netlink或–symbolic：显示网络硬件外围设备的符号连接名称；
• -o或–timers：显示计时器；
• -p或–programs：显示正在使用Socket的程序识别码和程序名称；
• -r或–route：显示Routing Table；
• -s或–statistice：显示网络工作信息统计表；
• -t或–tcp：显示TCP传输协议的连线状况；
• -u或–udp：显示UDP传输协议的连线状况；
• -v或–verbose：显示指令执行过程；
• -V或–version：显示版本信息；
• -w或–raw：显示RAW传输协议的连线状况；
• -x或–unix：此参数的效果和指定"-A unix"参数相同；
• –ip或–inet：此参数的效果和指定"-A inet"参数相同。

---

示例

显示 tcp，udp 的端口和进程

 netstat -tunlp

这里我们简单科普一下网络连接状态State的含义 :

• LISTEN：(Listening for a connection.)侦听来自远方的TCP端口的连接请求

• SYN-SENT：(Active; sent SYN. Waiting for a matching connection request after having sent a connection request.)再发送连接请求后等待匹配的连接请求

• SYN-RECEIVED：(Sent and received SYN. Waiting for a confirming connection request acknowledgment after having both received and sent connection requests.)再收到和发送一个连接请求后等待对方对连接请求的确认

• ESTABLISHED：(Connection established.)代表一个打开的连接

• FIN-WAIT-1：(Closed; sent FIN.)等待远程TCP连接中断请求，或先前的连接中断请求的确认

• FIN-WAIT-2：(Closed; FIN is acknowledged; awaiting FIN.)从远程TCP等待连接中断请求

• CLOSE-WAIT：(Received FIN; waiting to receive CLOSE.)等待从本地用户发来的连接中断请求

• CLOSING：(Closed; exchanged FIN; waiting for FIN.)等待远程TCP对连接中断的确认

• LAST-ACK：(Received FIN and CLOSE; waiting for FIN ACK.)等待原来的发向远程TCP的连接中断请求的确认

• TIME-WAIT：(In 2 MSL (twice the maximum segment length) quiet wait after close. )等待足够的时间以确保远程TCP接收到连接中断请求的确认

• CLOSED：(Connection is closed.)没有任何连接状态

---

Show both listening and non-listening sockets

# netstat -a | more : To show both listening and 
non-listening sockets.

---

List all tcp ports.

# netstat -at : To list all tcp ports.

---

List all udp ports

# netstat -au : To list all udp ports.

---

List only listening ports

# netstat -l : To list only the listening ports.

List only listening TCP ports.

# netstat -lt : To list only the listening tcp ports.

List only listening UDP ports.

# netstat -lu : To list only the listening udp ports.

List only the listening UNIX ports

# netstat -lx : To list only the listening UNIX ports

List the statistics for all ports.

# netstat -s : To list the statistics for all ports.

List the statistics for TCP (or) UDP ports.

# netstat -st(TCP) : To list the statistics for TCP ports.

# netstat -su(UDP) : List the statistics for UDP ports.

Display PID and program names in the output.

# netstat -pt : To display the PID and program names.

Print the netstat information continuously.

# netstat -c : To print the netstat information continuously.

The kernel routing information.

# netstat -r : To get the kernel routing information.

The port on which a program is running.

# netstat -ap | grep ssh : To get the port
on which a program is running.

Which process is using a particular port:

# netstat -an | grep ':80' : To get the process
which is using the given port.