netstat命令簡析
netstat 命令可以幫助檢查本機的網絡狀況,man netstat 可以看到對其的基本描述:
netstat - Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships
先來一個簡單的例子,要顯示tcp協議,使用-t參數,包括了tcp和tcp6
[plain]
netstat -t
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:59226 localhost:8527 ESTABLISHED
tcp 0 0 bogon:44385 117.79.93.222:http TIME_WAIT
tcp 0 0 localhost:8527 localhost:59305 CLOSE_WAIT
tcp 0 0 localhost:8527 localhost:59235 ESTABLISHED
tcp 0 1 bogon:36113 tf-in-f19.1e100.n:https SYN_SENT
tcp 0 0 bogon:49941 117.79.93.196:http TIME_WAIT
tcp 0 0 bogon:53574 117.79.93.208:http ESTABLISHED
tcp 0 0 localhost:59259 localhost:8527 ESTABLISHED
數量太多,只顯示了一部分。
添加一個-l參數,會只顯示監聽本地端口的TCP程序,現在一下子程序少了很多。
[plain]
netstat -tl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:8527 *:* LISTEN
tcp 0 0 *:http *:* LISTEN
tcp 0 0 localhost:domain *:* LISTEN
tcp 0 0 localhost:ipp *:* LISTEN
tcp 0 0 *:https *:* LISTEN
tcp6 0 0 ip6-localhost:8527 [::]:* LISTEN
tcp6 0 0 ip6-localhost:ipp [::]:* LISTEN
注意上面的Local Address一列,顯示的不是ip地址,而是localhost, 如果想要顯示IP地址,添加一個參數-n
[plain]
netstat -tln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:8527 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
tcp6 0 0 ::1:8527 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
如果還想顯示進程名稱和ID,再添加一個參數-p
[plain]
netstat -tlnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:8527 0.0.0.0:* LISTEN 6506/ssh
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 889/nginx
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1268/dnsmasq
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 590/cupsd
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 889/nginx
tcp6 0 0 ::1:8527 :::* LISTEN 6506/ssh
tcp6 0 0 ::1:631 :::* LISTEN 590/cupsd
配合grep,就可以查找監聽本地某端口的進程
[plain]
netstat -tlnp | grep 127.0.0.1:8527
tcp 0 0 127.0.0.1:8527 0.0.0.0:* LISTEN 6506/ssh