Linux指令--traceroute,netstat,ss
通過traceroute我們可以知道信息從你的計(jì)算機(jī)到互聯(lián)網(wǎng)另一端的主機(jī)是走的什么路徑。當(dāng)然每次數(shù)據(jù)包由某一同樣的出發(fā)點(diǎn)(source)到達(dá)某一同樣的目的地(destination)走的路徑可能會(huì)不一樣,但基本上來說大部分時(shí)候所走的路由是相同的。linux系統(tǒng)中,我們稱之為traceroute,在MS?Windows中為tracert。?traceroute通過發(fā)送小的數(shù)據(jù)包到目的設(shè)備直到其返回,來測(cè)量其需要多長(zhǎng)時(shí)間。一條路徑上的每個(gè)設(shè)備traceroute要測(cè)3次。輸出結(jié)果中包括每次測(cè)試的時(shí)間(ms)和設(shè)備的名稱(如有的話)及其IP地址。
在大多數(shù)情況下,我們會(huì)在linux主機(jī)系統(tǒng)下,直接執(zhí)行命令行:
traceroute?hostname
而在Windows系統(tǒng)下是執(zhí)行tracert的命令:
tracert?hostname
1.命令格式:
traceroute[參數(shù)][主機(jī)]
2.命令功能:
traceroute指令讓你追蹤網(wǎng)絡(luò)數(shù)據(jù)包的路由途徑,預(yù)設(shè)數(shù)據(jù)包大小是40Bytes,用戶可另行設(shè)置。
具體參數(shù)格式:traceroute?[-dFlnrvx][-f<存活數(shù)值>][-g<網(wǎng)關(guān)>...][-i<網(wǎng)絡(luò)界面>][-m<存活數(shù)值>][-p<通信端口>][-s<來源地址>][-t<服務(wù)類型>][-w<超時(shí)秒數(shù)>][主機(jī)名稱或IP地址][數(shù)據(jù)包大小]
3.命令參數(shù):
-d?使用Socket層級(jí)的排錯(cuò)功能。
-f?設(shè)置第一個(gè)檢測(cè)數(shù)據(jù)包的存活數(shù)值TTL的大小。
-F?設(shè)置勿離斷位。
-g?設(shè)置來源路由網(wǎng)關(guān),最多可設(shè)置8個(gè)。
-i?使用指定的網(wǎng)絡(luò)界面送出數(shù)據(jù)包。
-I?使用ICMP回應(yīng)取代UDP資料信息。
-m?設(shè)置檢測(cè)數(shù)據(jù)包的最大存活數(shù)值TTL的大小。
-n?直接使用IP地址而非主機(jī)名稱。
-p?設(shè)置UDP傳輸協(xié)議的通信端口。
-r?忽略普通的Routing?Table,直接將數(shù)據(jù)包送到遠(yuǎn)端主機(jī)上。
-s?設(shè)置本地主機(jī)送出數(shù)據(jù)包的IP地址。
-t?設(shè)置檢測(cè)數(shù)據(jù)包的TOS數(shù)值。
-v?詳細(xì)顯示指令的執(zhí)行過程。
-w?設(shè)置等待遠(yuǎn)端主機(jī)回報(bào)的時(shí)間。
-x?開啟或關(guān)閉數(shù)據(jù)包的正確性檢驗(yàn)。
4.使用實(shí)例:
實(shí)例1:traceroute?用法簡(jiǎn)單、最常用的用法
命令:
traceroute?www.baidu.com?
輸出:
[root@localhost?~]#?traceroute?www.baidu.com
traceroute?to?www.baidu.com?(61.135.169.125),?30?hops?max,?40?byte?packets
?1??192.168.74.2?(192.168.74.2)??2.606?ms??2.771?ms??2.950?ms
?2??211.151.56.57?(211.151.56.57)??0.596?ms??0.598?ms??0.591?ms
?3??211.151.227.206?(211.151.227.206)??0.546?ms??0.544?ms??0.538?ms
?4??210.77.139.145?(210.77.139.145)??0.710?ms??0.748?ms??0.801?ms
?5??202.106.42.101?(202.106.42.101)??6.759?ms??6.945?ms??7.107?ms
?6??61.148.154.97?(61.148.154.97)??718.908?ms?*?bt-228-025.bta.net.cn?(202.106.228.25)??5.177?ms
?7??124.65.58.213?(124.65.58.213)??4.343?ms??4.336?ms??4.367?ms
?8??202.106.35.190?(202.106.35.190)??1.795?ms?61.148.156.138?(61.148.156.138)??1.899?ms??1.951?ms
?9??*?*?*
30??*?*?*
[root@localhost?~]#?
說明:
記錄按序列號(hào)從1開始,每個(gè)紀(jì)錄就是一跳?,每跳表示一個(gè)網(wǎng)關(guān),我們看到每行有三個(gè)時(shí)間,單位是?ms,其實(shí)就是-q的默認(rèn)參數(shù)。探測(cè)數(shù)據(jù)包向每個(gè)網(wǎng)關(guān)發(fā)送三個(gè)數(shù)據(jù)包后,網(wǎng)關(guān)響應(yīng)后返回的時(shí)間;如果您用?traceroute?-q?4?www.58.com?,表示向每個(gè)網(wǎng)關(guān)發(fā)送4個(gè)數(shù)據(jù)包。
有時(shí)我們traceroute?一臺(tái)主機(jī)時(shí),會(huì)看到有一些行是以星號(hào)表示的。出現(xiàn)這樣的情況,可能是防火墻封掉了ICMP的返回信息,所以我們得不到什么相關(guān)的數(shù)據(jù)包返回?cái)?shù)據(jù)。
有時(shí)我們?cè)谀骋痪W(wǎng)關(guān)處延時(shí)比較長(zhǎng),有可能是某臺(tái)網(wǎng)關(guān)比較阻塞,也可能是物理設(shè)備本身的原因。當(dāng)然如果某臺(tái)DNS出現(xiàn)問題時(shí),不能解析主機(jī)名、域名時(shí),也會(huì)?有延時(shí)長(zhǎng)的現(xiàn)象;您可以加-n?參數(shù)來避免DNS解析,以IP格式輸出數(shù)據(jù)。
如果在局域網(wǎng)中的不同網(wǎng)段之間,我們可以通過traceroute?來排查問題所在,是主機(jī)的問題還是網(wǎng)關(guān)的問題。如果我們通過遠(yuǎn)程來訪問某臺(tái)服務(wù)器遇到問題時(shí),我們用到traceroute?追蹤數(shù)據(jù)包所經(jīng)過的網(wǎng)關(guān),提交IDC服務(wù)商,也有助于解決問題;但目前看來在國(guó)內(nèi)解決這樣的問題是比較困難的,就是我們發(fā)現(xiàn)問題所在,IDC服務(wù)商也不可能幫助我們解決。
?
實(shí)例2:跳數(shù)設(shè)置
命令:
traceroute?-m?10?www.baidu.com
輸出:
[root@localhost?~]#?traceroute?-m?10?www.baidu.com
traceroute?to?www.baidu.com?(61.135.169.105),?10?hops?max,?40?byte?packets
?1??192.168.74.2?(192.168.74.2)??1.534?ms??1.775?ms??1.961?ms
?2??211.151.56.1?(211.151.56.1)??0.508?ms??0.514?ms??0.507?ms
?3??211.151.227.206?(211.151.227.206)??0.571?ms??0.558?ms??0.550?ms
?4??210.77.139.145?(210.77.139.145)??0.708?ms??0.729?ms??0.785?ms
?5??202.106.42.101?(202.106.42.101)??7.978?ms??8.155?ms??8.311?ms
?6??bt-228-037.bta.net.cn?(202.106.228.37)??772.460?ms?bt-228-025.bta.net.cn?(202.106.228.25)??2.152?ms?61.148.154.97?(61.148.154.97)??772.107?ms
?7??124.65.58.221?(124.65.58.221)??4.875?ms?61.148.146.29?(61.148.146.29)??2.124?ms?124.65.58.221?(124.65.58.221)??4.854?ms
?8??123.126.6.198?(123.126.6.198)??2.944?ms?61.148.156.6?(61.148.156.6)??3.505?ms?123.126.6.198?(123.126.6.198)??2.885?ms
?9??*?*?*
10??*?*?*
[root@localhost?~]#
說明:
?
實(shí)例3:顯示IP地址,不查主機(jī)名
命令:
traceroute?-n?www.baidu.com
輸出:
[root@localhost?~]#?traceroute?-n?www.baidu.com
traceroute?to?www.baidu.com?(61.135.169.125),?30?hops?max,?40?byte?packets
?1??211.151.74.2??5.430?ms??5.636?ms??5.802?ms
?2??211.151.56.57??0.627?ms??0.625?ms??0.617?ms
?3??211.151.227.206??0.575?ms??0.584?ms??0.576?ms
?4??210.77.139.145??0.703?ms??0.754?ms??0.806?ms
?5??202.106.42.101??23.683?ms??23.869?ms??23.998?ms
?6??202.106.228.37??247.101?ms?*?*
?7??61.148.146.29??5.256?ms?124.65.58.213??4.386?ms??4.373?ms
?8??202.106.35.190??1.610?ms?61.148.156.138??1.786?ms?61.148.3.34??2.089?ms
?9??*?*?*
30??*?*?*
[root@localhost?~]#?traceroute?www.baidu.com
traceroute?to?www.baidu.com?(61.135.169.125),?30?hops?max,?40?byte?packets
?1??211.151.74.2?(211.151.74.2)??4.671?ms??4.865?ms??5.055?ms
?2??211.151.56.57?(211.151.56.57)??0.619?ms??0.618?ms??0.612?ms
?3??211.151.227.206?(211.151.227.206)??0.620?ms??0.642?ms??0.636?ms
?4??210.77.139.145?(210.77.139.145)??0.720?ms??0.772?ms??0.816?ms
?5??202.106.42.101?(202.106.42.101)??7.667?ms??7.910?ms??8.012?ms
?6??bt-228-025.bta.net.cn?(202.106.228.25)??2.965?ms??2.440?ms?61.148.154.97?(61.148.154.97)??431.337?ms
?7??124.65.58.213?(124.65.58.213)??5.134?ms??5.124?ms??5.044?ms
?8??202.106.35.190?(202.106.35.190)??1.917?ms??2.052?ms??2.059?ms
?9??*?*?*
30??*?*?*
[root@localhost?~]#?
說明:
?
實(shí)例4:探測(cè)包使用的基本UDP端口設(shè)置6888
命令:
traceroute?-p?6888?www.baidu.com
輸出:
[root@localhost?~]#?traceroute?-p?6888?www.baidu.com
traceroute?to?www.baidu.com?(220.181.111.147),?30?hops?max,?40?byte?packets
?1??211.151.74.2?(211.151.74.2)??4.927?ms??5.121?ms??5.298?ms
?2??211.151.56.1?(211.151.56.1)??0.500?ms??0.499?ms??0.509?ms
?3??211.151.224.90?(211.151.224.90)??0.637?ms??0.631?ms??0.641?ms
?4??*?*?*
?5??220.181.70.98?(220.181.70.98)??5.050?ms??5.313?ms??5.596?ms
?6??220.181.17.94?(220.181.17.94)??1.665?ms?!X?*?*
[root@localhost?~]#?
說明:
?
實(shí)例5:把探測(cè)包的個(gè)數(shù)設(shè)置為值4
命令:
traceroute?-q?4?www.baidu.com
輸出:
[root@localhost?~]#?traceroute?-q?4?www.baidu.com
traceroute?to?www.baidu.com?(61.135.169.125),?30?hops?max,?40?byte?packets
?1??211.151.74.2?(211.151.74.2)??40.633?ms??40.819?ms??41.004?ms??41.188?ms
?2??211.151.56.57?(211.151.56.57)??0.637?ms??0.633?ms??0.627?ms??0.619?ms
?3??211.151.227.206?(211.151.227.206)??0.505?ms??0.580?ms??0.571?ms??0.569?ms
?4??210.77.139.145?(210.77.139.145)??0.753?ms??0.800?ms??0.853?ms??0.904?ms
?5??202.106.42.101?(202.106.42.101)??7.449?ms??7.543?ms??7.738?ms??7.893?ms
?6??61.148.154.97?(61.148.154.97)??316.817?ms?bt-228-025.bta.net.cn?(202.106.228.25)??3.695?ms??3.672?ms?*
?7??124.65.58.213?(124.65.58.213)??3.056?ms??2.993?ms??2.960?ms?61.148.146.29?(61.148.146.29)??2.837?ms
?8??61.148.3.34?(61.148.3.34)??2.179?ms??2.295?ms??2.442?ms?202.106.35.190?(202.106.35.190)??7.136?ms
?9??*?*?*?*
30??*?*?*?*
[root@localhost?~]#?
說明:
?
實(shí)例6:繞過正常的路由表,直接發(fā)送到網(wǎng)絡(luò)相連的主機(jī)
命令:
?traceroute?-r?www.baidu.com
輸出:
[root@localhost?~]#?traceroute?-r?www.baidu.com
traceroute?to?www.baidu.com?(61.135.169.125),?30?hops?max,?40?byte?packets
connect:?網(wǎng)絡(luò)不可達(dá)
[root@localhost?~]#??
說明:
?
實(shí)例7:把對(duì)外發(fā)探測(cè)包的等待響應(yīng)時(shí)間設(shè)置為3秒
命令:
traceroute?-w?3?www.baidu.com
輸出:
[root@localhost?~]#?traceroute?-w?3?www.baidu.com
traceroute?to?www.baidu.com?(61.135.169.105),?30?hops?max,?40?byte?packets
?1??211.151.74.2?(211.151.74.2)??2.306?ms??2.469?ms??2.650?ms
?2??211.151.56.1?(211.151.56.1)??0.621?ms??0.613?ms??0.603?ms
?3??211.151.227.206?(211.151.227.206)??0.557?ms??0.560?ms??0.552?ms
?4??210.77.139.145?(210.77.139.145)??0.708?ms??0.761?ms??0.817?ms
?5??202.106.42.101?(202.106.42.101)??7.520?ms??7.774?ms??7.902?ms
?6??bt-228-025.bta.net.cn?(202.106.228.25)??2.890?ms??2.369?ms?61.148.154.97?(61.148.154.97)??471.961?ms
?7??124.65.58.221?(124.65.58.221)??4.490?ms??4.483?ms??4.472?ms
?8??123.126.6.198?(123.126.6.198)??2.948?ms?61.148.156.6?(61.148.156.6)??7.688?ms??7.756?ms
?9??*?*?*
30??*?*?*
[root@localhost?~]#?
說明:
?
Traceroute的工作原理:
Traceroute最簡(jiǎn)單的基本用法是:traceroute?hostname
Traceroute程序的設(shè)計(jì)是利用ICMP及IP?header的TTL(Time?To?Live)欄位(field)。首先,traceroute送出一個(gè)TTL是1的IP?datagram(其實(shí),每次送出的為3個(gè)40字節(jié)的包,包括源地址,目的地址和包發(fā)出的時(shí)間標(biāo)簽)到目的地,當(dāng)路徑上的第一個(gè)路由器(router)收到這個(gè)datagram時(shí),它將TTL減1。此時(shí),TTL變?yōu)?了,所以該路由器會(huì)將此datagram丟掉,并送回一個(gè)「ICMP?time?exceeded」消息(包括發(fā)IP包的源地址,IP包的所有內(nèi)容及路由器的IP地址),traceroute?收到這個(gè)消息后,便知道這個(gè)路由器存在于這個(gè)路徑上,接著traceroute?再送出另一個(gè)TTL是2?的datagram,發(fā)現(xiàn)第2?個(gè)路由器......?traceroute?每次將送出的datagram的TTL?加1來發(fā)現(xiàn)另一個(gè)路由器,這個(gè)重復(fù)的動(dòng)作一直持續(xù)到某個(gè)datagram?抵達(dá)目的地。當(dāng)datagram到達(dá)目的地后,該主機(jī)并不會(huì)送回ICMP?time?exceeded消息,因?yàn)樗咽悄康牡亓?#xff0c;那么traceroute如何得知目的地到達(dá)了呢?
Traceroute在送出UDP?datagrams到目的地時(shí),它所選擇送達(dá)的port?number?是一個(gè)一般應(yīng)用程序都不會(huì)用的號(hào)碼(30000?以上),所以當(dāng)此UDP?datagram?到達(dá)目的地后該主機(jī)會(huì)送回一個(gè)「ICMP?port?unreachable」的消息,而當(dāng)traceroute?收到這個(gè)消息時(shí),便知道目的地已經(jīng)到達(dá)了。所以traceroute?在Server端也是沒有所謂的Daemon?程式。
Traceroute提取發(fā)?ICMP?TTL到期消息設(shè)備的IP地址并作域名解析。每次?,Traceroute都打印出一系列數(shù)據(jù),包括所經(jīng)過的路由設(shè)備的域名及?IP地址,三個(gè)包每次來回所花時(shí)間。
?
windows之tracert:
格式:
tracert?[-d]?[-h?maximum_hops]?[-j?host-list]?[-w?timeout]?target_name
參數(shù)說明:
tracert?[-d]?[-h?maximum_hops]?[-j?computer-list]?[-w?timeout]?target_name
該診斷實(shí)用程序通過向目的地發(fā)送具有不同生存時(shí)間?(TL)?的?Internet?控制信息協(xié)議?(CMP)?回應(yīng)報(bào)文,以確定至目的地的路由。路徑上的每個(gè)路由器都要在轉(zhuǎn)發(fā)該?ICMP?回應(yīng)報(bào)文之前將其?TTL?值至少減?1,因此?TTL?是有效的跳轉(zhuǎn)計(jì)數(shù)。當(dāng)報(bào)文的?TTL?值減少到?0?時(shí),路由器向源系統(tǒng)發(fā)回?ICMP?超時(shí)信息。通過發(fā)送?TTL?為?1?的第一個(gè)回應(yīng)報(bào)文并且在隨后的發(fā)送中每次將?TTL?值加?1,直到目標(biāo)響應(yīng)或達(dá)到最大?TTL?值,Tracert?可以確定路由。通過檢查中間路由器發(fā)發(fā)回的?ICMP?超時(shí)?(ime?Exceeded)?信息,可以確定路由器。注意,有些路由器“安靜”地丟棄生存時(shí)間?(TLS)?過期的報(bào)文并且對(duì)?tracert?無效。
參數(shù):
-d?指定不對(duì)計(jì)算機(jī)名解析地址。
-h?maximum_hops?指定查找目標(biāo)的跳轉(zhuǎn)的最大數(shù)目。
-jcomputer-list?指定在?computer-list?中松散源路由。
-w?timeout?等待由?timeout?對(duì)每個(gè)應(yīng)答指定的毫秒數(shù)。
target_name?目標(biāo)計(jì)算機(jī)的名稱。
實(shí)例:
C:\Users\Administrator>tracert?www.58.comTracing?route?to?www.58.com?[221.187.111.30]
over?a?maximum?of?30?hops:
??1?????1?ms?????1?ms?????1?ms??10.58.156.1
??2?????1?ms????<1?ms????<1?ms??10.10.10.1
??3?????1?ms?????1?ms?????1?ms??211.103.193.129
??4?????2?ms?????2?ms?????2?ms??10.255.109.129
??5?????1?ms?????1?ms?????3?ms??124.205.98.205
??6?????2?ms?????2?ms?????2?ms??124.205.98.253
??7?????2?ms?????6?ms?????1?ms??202.99.1.125
??8?????5?ms?????6?ms?????5?ms??118.186.0.113
??9???207?ms?????*????????*?????118.186.0.106
?10?????8?ms?????6?ms????11?ms??124.238.226.201
?11?????6?ms?????7?ms?????6?ms??219.148.19.177
?12????12?ms????12?ms????16?ms??219.148.18.117
?13????14?ms????17?ms????16?ms??219.148.19.125
?14????13?ms????13?ms????12?ms??202.97.80.113
?15?????*????????*????????*?????Request?timed?out.
?16????12?ms????12?ms????17?ms??bj141-147-82.bjtelecom.net?[219.141.147.82]
?17????13?ms????13?ms????12?ms??202.97.48.2
?18?????*????????*????????*?????Request?timed?out.
?19????14?ms????14?ms????12?ms??221.187.224.85
?20????15?ms????13?ms????12?ms??221.187.104.2
?21?????*????????*????????*?????Request?timed?out.
?22????15?ms????17?ms????18?ms??221.187.111.30
Trace?complete.
netstat命令用于顯示與IP、TCP、UDP和ICMP協(xié)議相關(guān)的統(tǒng)計(jì)數(shù)據(jù),一般用于檢驗(yàn)本機(jī)各端口的網(wǎng)絡(luò)連接情況。netstat是在內(nèi)核中訪問網(wǎng)絡(luò)及相關(guān)信息的程序,它能提供TCP連接,TCP和UDP監(jiān)聽,進(jìn)程內(nèi)存管理的相關(guān)報(bào)告。
如果你的計(jì)算機(jī)有時(shí)候接收到的數(shù)據(jù)報(bào)導(dǎo)致出錯(cuò)數(shù)據(jù)或故障,你不必感到奇怪,TCP/IP可以容許這些類型的錯(cuò)誤,并能夠自動(dòng)重發(fā)數(shù)據(jù)報(bào)。但如果累計(jì)的出錯(cuò)情況數(shù)目占到所接收的IP數(shù)據(jù)報(bào)相當(dāng)大的百分比,或者它的數(shù)目正迅速增加,那么你就應(yīng)該使用netstat查一查為什么會(huì)出現(xiàn)這些情況了。
1.命令格式:
netstat?[-acCeFghilMnNoprstuvVwx][-A<網(wǎng)絡(luò)類型>][--ip]
2.命令功能:
netstat用于顯示與IP、TCP、UDP和ICMP協(xié)議相關(guān)的統(tǒng)計(jì)數(shù)據(jù),一般用于檢驗(yàn)本機(jī)各端口的網(wǎng)絡(luò)連接情況。
3.命令參數(shù):
-a或–all?顯示所有連線中的Socket。
-A<網(wǎng)絡(luò)類型>或–<網(wǎng)絡(luò)類型>?列出該網(wǎng)絡(luò)類型連線中的相關(guān)地址。
-c或–continuous?持續(xù)列出網(wǎng)絡(luò)狀態(tài)。
-C或–cache?顯示路由器配置的快取信息。
-e或–extend?顯示網(wǎng)絡(luò)其他相關(guān)信息。
-F或–fib?顯示FIB。
-g或–groups?顯示多重廣播功能群組組員名單。
-h或–help?在線幫助。
-i或–interfaces?顯示網(wǎng)絡(luò)界面信息表單。
-l或–listening?顯示監(jiān)控中的服務(wù)器的Socket。
-M或–masquerade?顯示偽裝的網(wǎng)絡(luò)連線。
-n或–numeric?直接使用IP地址,而不通過域名服務(wù)器。
-N或–netlink或–symbolic?顯示網(wǎng)絡(luò)硬件外圍設(shè)備的符號(hào)連接名稱。
-o或–timers?顯示計(jì)時(shí)器。
-p或–programs?顯示正在使用Socket的程序識(shí)別碼和程序名稱。
-r或–route?顯示Routing?Table。
-s或–statistice?顯示網(wǎng)絡(luò)工作信息統(tǒng)計(jì)表。
-t或–tcp?顯示TCP傳輸協(xié)議的連線狀況。
-u或–udp?顯示UDP傳輸協(xié)議的連線狀況。
-v或–verbose?顯示指令執(zhí)行過程。
-V或–version?顯示版本信息。
-w或–raw?顯示RAW傳輸協(xié)議的連線狀況。
-x或–unix?此參數(shù)的效果和指定”-A?unix”參數(shù)相同。
–ip或–inet?此參數(shù)的效果和指定”-A?inet”參數(shù)相同。
4.使用實(shí)例:
實(shí)例1:無參數(shù)使用
命令:
netstat
輸出:
[root@localhost?~]#?netstat
Active?Internet?connections?(w/o?servers)
Proto?Recv-Q?Send-Q?Local?Address???????????????Foreign?Address?????????????State??????
tcp????????0????268?192.168.120.204:ssh?????????10.2.0.68:62420?????????????ESTABLISHED?
udp????????0??????0?192.168.120.204:4371????????10.58.119.119:domain????????ESTABLISHED?
Active?UNIX?domain?sockets?(w/o?servers)
Proto?RefCnt?Flags???????Type???????State?????????I-Node?Path
unix??2??????[?]?????????DGRAM????????????????????1491???@/org/kernel/udev/udevd
unix??4??????[?]?????????DGRAM????????????????????7337???/dev/log
unix??2??????[?]?????????DGRAM????????????????????708823?
unix??2??????[?]?????????DGRAM????????????????????7539???
unix??3??????[?]?????????STREAM?????CONNECTED?????7287???
unix??3??????[?]?????????STREAM?????CONNECTED?????7286???
[root@localhost?~]#
說明:
從整體上看,netstat的輸出結(jié)果可以分為兩個(gè)部分:
一個(gè)是Active?Internet?connections,稱為有源TCP連接,其中"Recv-Q"和"Send-Q"指的是接收隊(duì)列和發(fā)送隊(duì)列。這些數(shù)字一般都應(yīng)該是0。如果不是則表示軟件包正在隊(duì)列中堆積。這種情況只能在非常少的情況見到。
另一個(gè)是Active?UNIX?domain?sockets,稱為有源Unix域套接口(和網(wǎng)絡(luò)套接字一樣,但是只能用于本機(jī)通信,性能可以提高一倍)。
Proto顯示連接使用的協(xié)議,RefCnt表示連接到本套接口上的進(jìn)程號(hào),Types顯示套接口的類型,State顯示套接口當(dāng)前的狀態(tài),Path表示連接到套接口的其它進(jìn)程使用的路徑名。
套接口類型:
-t?:TCP
-u?:UDP
-raw?:RAW類型
--unix?:UNIX域類型
--ax25?:AX25類型
--ipx?:ipx類型
--netrom?:netrom類型
狀態(tài)說明:
LISTEN:偵聽來自遠(yuǎn)方的TCP端口的連接請(qǐng)求
SYN-SENT:再發(fā)送連接請(qǐng)求后等待匹配的連接請(qǐng)求(如果有大量這樣的狀態(tài)包,檢查是否中招了)
SYN-RECEIVED:再收到和發(fā)送一個(gè)連接請(qǐng)求后等待對(duì)方對(duì)連接請(qǐng)求的確認(rèn)(如有大量此狀態(tài),估計(jì)被flood攻擊了)
ESTABLISHED:代表一個(gè)打開的連接
FIN-WAIT-1:等待遠(yuǎn)程TCP連接中斷請(qǐng)求,或先前的連接中斷請(qǐng)求的確認(rèn)
FIN-WAIT-2:從遠(yuǎn)程TCP等待連接中斷請(qǐng)求
CLOSE-WAIT:等待從本地用戶發(fā)來的連接中斷請(qǐng)求
CLOSING:等待遠(yuǎn)程TCP對(duì)連接中斷的確認(rèn)
LAST-ACK:等待原來的發(fā)向遠(yuǎn)程TCP的連接中斷請(qǐng)求的確認(rèn)(不是什么好東西,此項(xiàng)出現(xiàn),檢查是否被攻擊)
TIME-WAIT:等待足夠的時(shí)間以確保遠(yuǎn)程TCP接收到連接中斷請(qǐng)求的確認(rèn)
CLOSED:沒有任何連接狀態(tài)
?
? ? 實(shí)例2:列出所有端口
命令:
netstat?-a
輸出:
[root@localhost?~]#?netstat?-a
Active?Internet?connections?(servers?and?established)
Proto?Recv-Q?Send-Q?Local?Address???????????????Foreign?Address?????????????State??????
tcp????????0??????0?localhost:smux??????????????*:*?????????????????????????LISTEN??????
tcp????????0??????0?*:svn???????????????????????*:*?????????????????????????LISTEN??????
tcp????????0??????0?*:ssh???????????????????????*:*?????????????????????????LISTEN??????
tcp????????0????284?192.168.120.204:ssh?????????10.2.0.68:62420?????????????ESTABLISHED?
udp????????0??????0?localhost:syslog????????????*:*?????????????????????????????????????
udp????????0??????0?*:snmp??????????????????????*:*?????????????????????????????????????
Active?UNIX?domain?sockets?(servers?and?established)
Proto?RefCnt?Flags???????Type???????State?????????I-Node?Path
unix??2??????[?ACC?]?????STREAM?????LISTENING?????708833?/tmp/ssh-yKnDB15725/agent.15725
unix??2??????[?ACC?]?????STREAM?????LISTENING?????7296???/var/run/audispd_events
unix??2??????[?]?????????DGRAM????????????????????1491???@/org/kernel/udev/udevd
unix??4??????[?]?????????DGRAM????????????????????7337???/dev/log
unix??2??????[?]?????????DGRAM????????????????????708823?
unix??2??????[?]?????????DGRAM????????????????????7539???
unix??3??????[?]?????????STREAM?????CONNECTED?????7287???
unix??3??????[?]?????????STREAM?????CONNECTED?????7286???
[root@localhost?~]#?
說明:
顯示一個(gè)所有的有效連接信息列表,包括已建立的連接(ESTABLISHED),也包括監(jiān)聽連接請(qǐng)(LISTENING)的那些連接。
?
? ? 實(shí)例3:顯示當(dāng)前UDP連接狀況
命令:
netstat?-nu
輸出:
[root@andy?~]#?netstat?-nu
Active?Internet?connections?(w/o?servers)
Proto?Recv-Q?Send-Q?Local?Address???????????????Foreign?Address?????????????State??????
udp????????0??????0?::ffff:192.168.12:53392?????::ffff:192.168.9.120:10000??ESTABLISHED?
udp????????0??????0?::ffff:192.168.12:56723?????::ffff:192.168.9.120:10000??ESTABLISHED?
udp????????0??????0?::ffff:192.168.12:56480?????::ffff:192.168.9.120:10000??ESTABLISHED?
udp????????0??????0?::ffff:192.168.12:58154?????::ffff:192.168.9.120:10000??ESTABLISHED?
udp????????0??????0?::ffff:192.168.12:44227?????::ffff:192.168.9.120:10000??ESTABLISHED?
udp????????0??????0?::ffff:192.168.12:36954?????::ffff:192.168.9.120:10000??ESTABLISHED?
udp????????0??????0?::ffff:192.168.12:53984?????::ffff:192.168.9.120:10000??ESTABLISHED?
udp????????0??????0?::ffff:192.168.12:57703?????::ffff:192.168.9.120:10000??ESTABLISHED?
udp????????0??????0?::ffff:192.168.12:53613?????::ffff:192.168.9.120:10000??ESTABLISHED?
[root@andy?~]#?
說明:
?
? ? 實(shí)例4:顯示UDP端口號(hào)的使用情況
命令:
netstat?-apu
輸出:
[root@andy?~]#?netstat?-apu
Active?Internet?connections?(servers?and?established)
Proto?Recv-Q?Send-Q?Local?Address???????????????Foreign?Address?????????????State???????PID/Program?name???
udp????????0??????0?*:57604?????????????????????*:*?????????????????????????????????????28094/java??????????
udp????????0??????0?*:40583?????????????????????*:*?????????????????????????????????????21220/java??????????
udp????????0??????0?*:45451?????????????????????*:*?????????????????????????????????????14583/java??????????
udp????????0??????0?::ffff:192.168.12:53392?????::ffff:192.168.9.120:ndmp???ESTABLISHED?19327/java??????????
udp????????0??????0?*:52370?????????????????????*:*?????????????????????????????????????15841/java??????????
udp????????0??????0?::ffff:192.168.12:56723?????::ffff:192.168.9.120:ndmp???ESTABLISHED?15841/java??????????
udp????????0??????0?*:44182?????????????????????*:*?????????????????????????????????????31757/java??????????
udp????????0??????0?*:48155?????????????????????*:*?????????????????????????????????????5476/java???????????
udp????????0??????0?*:59808?????????????????????*:*?????????????????????????????????????17333/java??????????
udp????????0??????0?::ffff:192.168.12:56480?????::ffff:192.168.9.120:ndmp???ESTABLISHED?28094/java??????????
udp????????0??????0?::ffff:192.168.12:58154?????::ffff:192.168.9.120:ndmp???ESTABLISHED?15429/java??????????
udp????????0??????0?*:36780?????????????????????*:*?????????????????????????????????????10091/java??????????
udp????????0??????0?*:36795?????????????????????*:*?????????????????????????????????????24594/java??????????
udp????????0??????0?*:41922?????????????????????*:*?????????????????????????????????????20506/java??????????
udp????????0??????0?::ffff:192.168.12:44227?????::ffff:192.168.9.120:ndmp???ESTABLISHED?17333/java??????????
udp????????0??????0?*:34258?????????????????????*:*?????????????????????????????????????8866/java???????????
udp????????0??????0?*:55508?????????????????????*:*?????????????????????????????????????11667/java??????????
udp????????0??????0?*:36055?????????????????????*:*?????????????????????????????????????12425/java??????????
udp????????0??????0?::ffff:192.168.12:36954?????::ffff:192.168.9.120:ndmp???ESTABLISHED?16532/java??????????
udp????????0??????0?::ffff:192.168.12:53984?????::ffff:192.168.9.120:ndmp???ESTABLISHED?20506/java??????????
udp????????0??????0?::ffff:192.168.12:57703?????::ffff:192.168.9.120:ndmp???ESTABLISHED?31757/java??????????
udp????????0??????0?::ffff:192.168.12:53613?????::ffff:192.168.9.120:ndmp???ESTABLISHED?3199/java???????????
udp????????0??????0?*:56309?????????????????????*:*?????????????????????????????????????15429/java??????????
udp????????0??????0?*:54007?????????????????????*:*?????????????????????????????????????16532/java??????????
udp????????0??????0?*:39544?????????????????????*:*?????????????????????????????????????3199/java???????????
udp????????0??????0?*:43900?????????????????????*:*?????????????????????????????????????19327/java??????????
[root@andy?~]#?
說明:
?
? ? 實(shí)例5:顯示網(wǎng)卡列表
命令:
netstat?-i
輸出:
[root@andy?~]#?netstat?-i
Kernel?Interface?table
Iface???????MTU?Met????RX-OK?RX-ERR?RX-DRP?RX-OVR????TX-OK?TX-ERR?TX-DRP?TX-OVR?Flg
eth0???????1500???0?151818887??????0??????0??????0?198928403??????0??????0??????0?BMRU
lo????????16436???0???107235??????0??????0??????0???107235??????0??????0??????0?LRU
[root@andy?~]#?
說明:
?
? ? 實(shí)例6:顯示組播組的關(guān)系
命令:
netstat?-g
輸出:
[root@andy?~]#?netstat?-g
IPv6/IPv4?Group?Memberships
Interface???????RefCnt?Group
---------------?------?---------------------
lo??????????????1??????all-systems.mcast.net
eth0????????????1??????all-systems.mcast.net
lo??????????????1??????ff02::1
eth0????????????1??????ff02::1:ffff:9b0c
eth0????????????1??????ff02::1
[root@andy?~]#?
說明:
?
? ?實(shí)例7:顯示網(wǎng)絡(luò)統(tǒng)計(jì)信息
命令:
netstat?-s
輸出:
[root@localhost?~]#?netstat?-sIp:
????530999?total?packets?received
????0?forwarded
????0?incoming?packets?discarded
????530999?incoming?packets?delivered
????8258?requests?sent?out
????1?dropped?because?of?missing?route
Icmp:
????90?ICMP?messages?received
????0?input?ICMP?message?failed.
????ICMP?input?histogram:
????????destination?unreachable:?17
????????echo?requests:?1
????????echo?replies:?72
????106?ICMP?messages?sent
????0?ICMP?messages?failed
????ICMP?output?histogram:
????????destination?unreachable:?8
????????echo?request:?97
????????echo?replies:?1
IcmpMsg:
????????InType0:?72
????????InType3:?17
????????InType8:?1
????????OutType0:?1
????????OutType3:?8
????????OutType8:?97
Tcp:
????8?active?connections?openings
????15?passive?connection?openings
????8?failed?connection?attempts
????3?connection?resets?received
????1?connections?established
????3132?segments?received
????2617?segments?send?out
????53?segments?retransmited
????0?bad?segments?received.
????252?resets?sent
Udp:
????0?packets?received
????0?packets?to?unknown?port?received.
????0?packet?receive?errors
????5482?packets?sent
TcpExt:
????1?invalid?SYN?cookies?received
????1?TCP?sockets?finished?time?wait?in?fast?timer
????57?delayed?acks?sent
????Quick?ack?mode?was?activated?50?times
????60?packets?directly?queued?to?recvmsg?prequeue.
????68?packets?directly?received?from?backlog
????4399?packets?directly?received?from?prequeue
????520?packets?header?predicted
????51?packets?header?predicted?and?directly?queued?to?user
????1194?acknowledgments?not?containing?data?received
????21?predicted?acknowledgments
????0?TCP?data?loss?events
????1?timeouts?after?reno?fast?retransmit
????9?retransmits?in?slow?start
????42?other?TCP?timeouts
????3?connections?aborted?due?to?timeout
IpExt:
????InBcastPkts:?527777
說明:
按照各個(gè)協(xié)議分別顯示其統(tǒng)計(jì)數(shù)據(jù)。如果我們的應(yīng)用程序(如Web瀏覽器)運(yùn)行速度比較慢,或者不能顯示W(wǎng)eb頁(yè)之類的數(shù)據(jù),那么我們就可以用本選項(xiàng)來查看一下所顯示的信息。我們需要仔細(xì)查看統(tǒng)計(jì)數(shù)據(jù)的各行,找到出錯(cuò)的關(guān)鍵字,進(jìn)而確定問題所在。
?
? ?實(shí)例8:顯示監(jiān)聽的套接口
命令:
netstat?-l
輸出:
[root@localhost?~]#?netstat?-l
Active?Internet?connections?(only?servers)
Proto?Recv-Q?Send-Q?Local?Address???????????????Foreign?Address?????????????State??????
tcp????????0??????0?localhost:smux??????????????*:*?????????????????????????LISTEN??????
tcp????????0??????0?*:svn???????????????????????*:*?????????????????????????LISTEN??????
tcp????????0??????0?*:ssh???????????????????????*:*?????????????????????????LISTEN??????
udp????????0??????0?localhost:syslog????????????*:*?????????????????????????????????????
udp????????0??????0?*:snmp??????????????????????*:*?????????????????????????????????????
Active?UNIX?domain?sockets?(only?servers)
Proto?RefCnt?Flags???????Type???????State?????????I-Node?Path
unix??2??????[?ACC?]?????STREAM?????LISTENING?????708833?/tmp/ssh-yKnDB15725/agent.15725
unix??2??????[?ACC?]?????STREAM?????LISTENING?????7296???/var/run/audispd_events
[root@localhost?~]#?
?
說明:
?
? ? 實(shí)例9:顯示所有已建立的有效連接
命令:
netstat?-n
輸出:
[root@localhost?~]#?netstat?-n
Active?Internet?connections?(w/o?servers)
Proto?Recv-Q?Send-Q?Local?Address???????????????Foreign?Address?????????????State??????
tcp????????0????268?192.168.120.204:22??????????10.2.0.68:62420?????????????ESTABLISHED?
Active?UNIX?domain?sockets?(w/o?servers)
Proto?RefCnt?Flags???????Type???????State?????????I-Node?Path
unix??2??????[?]?????????DGRAM????????????????????1491???@/org/kernel/udev/udevd
unix??4??????[?]?????????DGRAM????????????????????7337???/dev/log
unix??2??????[?]?????????DGRAM????????????????????708823?
unix??2??????[?]?????????DGRAM????????????????????7539???
unix??3??????[?]?????????STREAM?????CONNECTED?????7287???
unix??3??????[?]?????????STREAM?????CONNECTED?????7286???
[root@localhost?~]#?
?
說明:
?
? ?實(shí)例10:顯示關(guān)于以太網(wǎng)的統(tǒng)計(jì)數(shù)據(jù)
命令:
netstat?-e
輸出:
[root@localhost?~]#?netstat?-e
Active?Internet?connections?(w/o?servers)
Proto?Recv-Q?Send-Q?Local?Address???????????????Foreign?Address?????????????State???????User???????Inode?????
tcp????????0????248?192.168.120.204:ssh?????????10.2.0.68:62420?????????????ESTABLISHED?root???????708795?????
Active?UNIX?domain?sockets?(w/o?servers)
Proto?RefCnt?Flags???????Type???????State?????????I-Node?Path
unix??2??????[?]?????????DGRAM????????????????????1491???@/org/kernel/udev/udevd
unix??4??????[?]?????????DGRAM????????????????????7337???/dev/log
unix??2??????[?]?????????DGRAM????????????????????708823?
unix??2??????[?]?????????DGRAM????????????????????7539???
unix??3??????[?]?????????STREAM?????CONNECTED?????7287???
unix??3??????[?]?????????STREAM?????CONNECTED?????7286???
[root@localhost?~]#
?
說明:
用于顯示關(guān)于以太網(wǎng)的統(tǒng)計(jì)數(shù)據(jù)。它列出的項(xiàng)目包括傳送的數(shù)據(jù)報(bào)的總字節(jié)數(shù)、錯(cuò)誤數(shù)、刪除數(shù)、數(shù)據(jù)報(bào)的數(shù)量和廣播的數(shù)量。這些統(tǒng)計(jì)數(shù)據(jù)既有發(fā)送的數(shù)據(jù)報(bào)數(shù)量,也有接收的數(shù)據(jù)報(bào)數(shù)量。這個(gè)選項(xiàng)可以用來統(tǒng)計(jì)一些基本的網(wǎng)絡(luò)流量)
?
? ? 實(shí)例11:顯示關(guān)于路由表的信息
命令:
netstat?-r
輸出:
[root@localhost?~]#?netstat?-r
Kernel?IP?routing?table
Destination?????Gateway?????????Genmask?????????Flags???MSS?Window??irtt?Iface
192.168.120.0???*???????????????255.255.255.0???U?????????0?0??????????0?eth0
192.168.0.0?????192.168.120.1???255.255.0.0?????UG????????0?0??????????0?eth0
10.0.0.0????????192.168.120.1???255.0.0.0???????UG????????0?0??????????0?eth0
default?????????192.168.120.240?0.0.0.0?????????UG????????0?0??????????0?eth0
[root@localhost?~]#?
?
說明:
?
? ? 實(shí)例12:列出所有?tcp?端口
命令:
netstat?-at
輸出:
[root@localhost?~]#?netstat?-at
Active?Internet?connections?(servers?and?established)
Proto?Recv-Q?Send-Q?Local?Address???????????????Foreign?Address?????????????State??????
tcp????????0??????0?localhost:smux??????????????*:*?????????????????????????LISTEN??????
tcp????????0??????0?*:svn???????????????????????*:*?????????????????????????LISTEN??????
tcp????????0??????0?*:ssh???????????????????????*:*?????????????????????????LISTEN??????
tcp????????0????284?192.168.120.204:ssh?????????10.2.0.68:62420?????????????ESTABLISHED?
[root@localhost?~]#
?
說明:
?
? ? 實(shí)例13:統(tǒng)計(jì)機(jī)器中網(wǎng)絡(luò)連接各個(gè)狀態(tài)個(gè)數(shù)
命令:
netstat?-a?|?awk?'/^tcp/?{++S[$NF]}?END?{for(a?in?S)?print?a,?S[a]}'
輸出:
[root@localhost?~]#?netstat?-a?|?awk?'/^tcp/?{++S[$NF]}?END?{for(a?in?S)?print?a,?S[a]}'
ESTABLISHED?1
LISTEN?3
[root@localhost?~]#?
?
說明:
?
? ? 實(shí)例14:把狀態(tài)全都取出來后使用uniq?-c統(tǒng)計(jì)后再進(jìn)行排序
命令:
netstat?-nat?|awk?'{print?$6}'|sort|uniq?-c
輸出:
[root@andy?~]#?netstat?-nat?|awk?'{print?$6}'|sort|uniq?-c
?????14?CLOSE_WAIT
??????1?established)
????578?ESTABLISHED
??????1?Foreign
?????43?LISTEN
??????5?TIME_WAIT
[root@andy?~]#?netstat?-nat?|awk?'{print?$6}'|sort|uniq?-c|sort?-rn
????576?ESTABLISHED
?????43?LISTEN
?????14?CLOSE_WAIT
??????5?TIME_WAIT
??????1?Foreign
??????1?established)
[root@andy?~]#
?
說明:
?
? ? 實(shí)例15:查看連接某服務(wù)端口最多的的IP地址
命令:
netstat?-nat?|?grep?"192.168.120.20:16067"?|awk?'{print?$5}'|awk?-F:?'{print?$4}'|sort|uniq?-c|sort?-nr|head?-20
輸出:
[root@andy?~]#?netstat?-nat?|?grep?"192.168.120.20:16067"?|awk?'{print?$5}'|awk?-F:?'{print?$4}'|sort|uniq?-c|sort?-nr|head?-20
??????8?10.2.1.68
??????7?192.168.119.13
??????6?192.168.119.201
??????6?192.168.119.20
??????6?192.168.119.10
??????4?10.2.1.199
??????3?10.2.1.207
??????2?192.168.120.20
??????2?192.168.120.15
??????2?192.168.119.197
??????2?192.168.119.11
??????2?10.2.1.206
??????2?10.2.1.203
??????2?10.2.1.189
??????2?10.2.1.173
??????1?192.168.120.18
??????1?192.168.119.19
??????1?10.2.2.227
??????1?10.2.2.138
??????1?10.2.1.208
[root@andy?~]#?
?
說明:
?
? ? 實(shí)例16:找出程序運(yùn)行的端口
命令:
netstat?-ap?|?grep?ssh
輸出:
[root@andy?~]#?netstat?-ap?|?grep?ssh
tcp????????0??????0?*:ssh???????????????????????*:*?????????????????????????LISTEN??????2570/sshd???????????
tcp????????0??????0?::ffff:192.168.120.206:ssh??::ffff:10.2.1.205:54508?????ESTABLISHED?13883/14????????????
tcp????????0??????0?::ffff:192.168.120.206:ssh??::ffff:10.2.0.68:62886??????ESTABLISHED?20900/6?????????????
tcp????????0??????0?::ffff:192.168.120.206:ssh??::ffff:10.2.2.131:52730?????ESTABLISHED?20285/sshd:?root@no?
unix??2??????[?ACC?]?????STREAM?????LISTENING?????194494461?20900/6?????????????/tmp/ssh-cXIJj20900/agent.20900
unix??3??????[?]?????????STREAM?????CONNECTED?????194307443?20285/sshd:?root@no?
unix??3??????[?]?????????STREAM?????CONNECTED?????194307441?20285/sshd:?root@no?
[root@andy?~]#?
?
說明:
?
? ? 實(shí)例17:在?netstat?輸出中顯示?PID?和進(jìn)程名稱
命令:
netstat?-pt
輸出:
[root@localhost?~]#?netstat?-pt
Active?Internet?connections?(w/o?servers)
Proto?Recv-Q?Send-Q?Local?Address???????????????Foreign?Address?????????????State???????PID/Program?name???
tcp????????0????248?192.168.120.204:ssh?????????10.2.0.68:62420?????????????ESTABLISHED?15725/0?????????????
[root@localhost?~]#?
?
說明:
netstat?-p?可以與其它開關(guān)一起使用,就可以添加?“PID/進(jìn)程名稱”?到?netstat?輸出中,這樣?debugging?的時(shí)候可以很方便的發(fā)現(xiàn)特定端口運(yùn)行的程序。
?
? ? 實(shí)例18:找出運(yùn)行在指定端口的進(jìn)程
命令:
netstat?-anpt?|?grep?':16064'
輸出:
[root@andy?~]#?netstat?-anpt?|?grep?':16064'
tcp????????0??????0?:::16064????????????????????:::*????????????????????????LISTEN??????24594/java??????????
tcp????????0??????0?::ffff:192.168.120.20:16064?::ffff:192.168.119.201:6462?ESTABLISHED?24594/java??????????
tcp????????0??????0?::ffff:192.168.120.20:16064?::ffff:192.168.119.20:26341?ESTABLISHED?24594/java??????????
tcp????????0??????0?::ffff:192.168.120.20:16064?::ffff:192.168.119.20:32208?ESTABLISHED?24594/java??????????
tcp????????0??????0?::ffff:192.168.120.20:16064?::ffff:192.168.119.20:32207?ESTABLISHED?24594/java??????????
tcp????????0??????0?::ffff:192.168.120.20:16064?::ffff:10.2.1.68:51303??????ESTABLISHED?24594/java??????????
tcp????????0??????0?::ffff:192.168.120.20:16064?::ffff:10.2.1.68:51302??????ESTABLISHED?24594/java??????????
tcp????????0??????0?::ffff:192.168.120.20:16064?::ffff:10.2.1.68:50020??????ESTABLISHED?24594/java??????????
tcp????????0??????0?::ffff:192.168.120.20:16064?::ffff:10.2.1.68:50019??????ESTABLISHED?24594/java??????????
tcp????????0??????0?::ffff:192.168.120.20:16064?::ffff:10.2.1.68:56155??????ESTABLISHED?24594/java??????????
tcp????????0??????0?::ffff:192.168.120.20:16064?::ffff:10.2.1.68:50681??????ESTABLISHED?24594/java??????????
tcp????????0??????0?::ffff:192.168.120.20:16064?::ffff:10.2.1.68:50680??????ESTABLISHED?24594/java??????????
tcp????????0??????0?::ffff:192.168.120.20:16064?::ffff:10.2.1.68:52136??????ESTABLISHED?24594/java??????????
tcp????????0??????0?::ffff:192.168.120.20:16064?::ffff:10.2.1.68:56989??????ESTABLISHED?24594/java??????????
tcp????????0??????0?::ffff:192.168.120.20:16064?::ffff:10.2.1.68:56988??????ESTABLISHED?24594/java??????????
[root@andy?~]#?
?
說明:
運(yùn)行在端口16064的進(jìn)程id為24596,再通過ps命令就可以找到具體的應(yīng)用程序了。
ss是Socket?Statistics的縮寫。顧名思義,ss命令可以用來獲取socket統(tǒng)計(jì)信息,它可以顯示和netstat類似的內(nèi)容。但ss的優(yōu)勢(shì)在于它能夠顯示更多更詳細(xì)的有關(guān)TCP和連接狀態(tài)的信息,而且比netstat更快速更高效。
當(dāng)服務(wù)器的socket連接數(shù)量變得非常大時(shí),無論是使用netstat命令還是直接cat?/proc/net/tcp,執(zhí)行速度都會(huì)很慢。可能你不會(huì)有切身的感受,但請(qǐng)相信我,當(dāng)服務(wù)器維持的連接達(dá)到上萬個(gè)的時(shí)候,使用netstat等于浪費(fèi)?生命,而用ss才是節(jié)省時(shí)間。
天下武功唯快不破。ss快的秘訣在于,它利用到了TCP協(xié)議棧中tcp_diag。tcp_diag是一個(gè)用于分析統(tǒng)計(jì)的模塊,可以獲得Linux?內(nèi)核中第一手的信息,這就確保了ss的快捷高效。當(dāng)然,如果你的系統(tǒng)中沒有tcp_diag,ss也可以正常運(yùn)行,只是效率會(huì)變得稍慢。(但仍然比?netstat要快。)
1.命令格式:
ss?[參數(shù)]
ss?[參數(shù)]?[過濾]
2.命令功能:
ss(Socket?Statistics的縮寫)命令可以用來獲取?socket統(tǒng)計(jì)信息,此命令輸出的結(jié)果類似于?netstat輸出的內(nèi)容,但它能顯示更多更詳細(xì)的?TCP連接狀態(tài)的信息,且比?netstat?更快速高效。它使用了?TCP協(xié)議棧中?tcp_diag(是一個(gè)用于分析統(tǒng)計(jì)的模塊),能直接從獲得第一手內(nèi)核信息,這就使得?ss命令快捷高效。在沒有?tcp_diag,ss也可以正常運(yùn)行。
3.命令參數(shù):
-h,?--help 幫助信息
-V,?--version 程序版本信息
-n,?--numeric 不解析服務(wù)名稱
-r,?--resolve????????解析主機(jī)名
-a,?--all 顯示所有套接字(sockets)
-l,?--listening 顯示監(jiān)聽狀態(tài)的套接字(sockets)
-o,?--options????????顯示計(jì)時(shí)器信息
-e,?--extended???????顯示詳細(xì)的套接字(sockets)信息
-m,?--memory?????????顯示套接字(socket)的內(nèi)存使用情況
-p,?--processes 顯示使用套接字(socket)的進(jìn)程
-i,?--info 顯示?TCP內(nèi)部信息
-s,?--summary 顯示套接字(socket)使用概況
-4,?--ipv4???????????僅顯示IPv4的套接字(sockets)
-6,?--ipv6???????????僅顯示IPv6的套接字(sockets)
-0,?--packet ????????顯示?PACKET?套接字(socket)
-t,?--tcp 僅顯示?TCP套接字(sockets)
-u,?--udp 僅顯示?UCP套接字(sockets)
-d,?--dccp 僅顯示?DCCP套接字(sockets)
-w,?--raw 僅顯示?RAW套接字(sockets)
-x,?--unix 僅顯示?Unix套接字(sockets)
-f,?--family=FAMILY??顯示?FAMILY類型的套接字(sockets),FAMILY可選,支持??unix,?inet,?inet6,?link,?netlink
-A,?--query=QUERY,?--socket=QUERY
??????QUERY?:=?{all|inet|tcp|udp|raw|unix|packet|netlink}[,QUERY]
-D,?--diag=FILE?????將原始TCP套接字(sockets)信息轉(zhuǎn)儲(chǔ)到文件
?-F,?--filter=FILE???從文件中都去過濾器信息
???????FILTER?:=?[?state?TCP-STATE?]?[?EXPRESSION?]
4.使用實(shí)例:
實(shí)例1:顯示TCP連接
命令:
ss?-t?-a
輸出:
[root@localhost?~]#?ss?-t?-aState??????Recv-Q?Send-Q????????????????????????????????Local?Address:Port????????????????????????????????????Peer?Address:Port???
LISTEN?????0??????0?????????????????????????????????????????127.0.0.1:smux???????????????????????????????????????????????*:*???????
LISTEN?????0??????0?????????????????????????????????????????????????*:3690???????????????????????????????????????????????*:*???????
LISTEN?????0??????0?????????????????????????????????????????????????*:ssh????????????????????????????????????????????????*:*???????
ESTAB??????0??????0???????????????????????????????????192.168.120.204:ssh????????????????????????????????????????10.2.0.68:49368???
[root@localhost?~]#?
說明:
實(shí)例2:顯示?Sockets?摘要
命令:
ss?-s
輸出:
[root@localhost?~]#?ss?-sTotal:?34?(kernel?48)
TCP:???4?(estab?1,?closed?0,?orphaned?0,?synrecv?0,?timewait?0/0),?ports?3
Transport?Total?????IP????????IPv6
*?????????48????????-?????????-????????
RAW???????0?????????0?????????0????????
UDP???????5?????????5?????????0????????
TCP???????4?????????4?????????0????????
INET??????9?????????9?????????0????????
FRAG??????0?????????0?????????0????????
[root@localhost?~]#?
說明:
列出當(dāng)前的established,?closed,?orphaned?and?waiting?TCP?sockets
實(shí)例3:列出所有打開的網(wǎng)絡(luò)連接端口
命令:
ss?-l
輸出:
[root@localhost?~]#?ss?-lRecv-Q?Send-Q?????????????????????????????????????Local?Address:Port?????????????????????????????????????????Peer?Address:Port???
0??????0??????????????????????????????????????????????127.0.0.1:smux????????????????????????????????????????????????????*:*???????
0??????0??????????????????????????????????????????????????????*:3690????????????????????????????????????????????????????*:*???????
0??????0??????????????????????????????????????????????????????*:ssh?????????????????????????????????????????????????????*:*???????
[root@localhost?~]#??
說明:
實(shí)例4:查看進(jìn)程使用的socket
命令:
ss?-pl
輸出:
[root@localhost?~]#?ss?-plRecv-Q?Send-Q?????????????????????????????????????Local?Address:Port?????????????????????????????????????????Peer?Address:Port???
0??????0??????????????????????????????????????????????127.0.0.1:smux????????????????????????????????????????????????????*:*????????users:(("snmpd",2716,8))
0??????0??????????????????????????????????????????????????????*:3690????????????????????????????????????????????????????*:*????????users:(("svnserve",3590,3))
0??????0??????????????????????????????????????????????????????*:ssh?????????????????????????????????????????????????????*:*????????users:(("sshd",2735,3))
[root@localhost?~]#
說明:
實(shí)例5:找出打開套接字/端口應(yīng)用程序
命令:
ss?-lp?|?grep?3306
輸出:
[root@localhost?~]#?ss?-lp|grep?19350??????0????????????????????????????*:1935??????????????????????????*:*????????users:(("fmsedge",2913,18))
0??????0????????????????????127.0.0.1:19350?????????????????????????*:*????????users:(("fmsedge",2913,17))
[root@localhost?~]#?ss?-lp|grep?3306
0??????0????????????????????????????*:3306??????????????????????????*:*????????users:(("mysqld",2871,10))
[root@localhost?~]#?
說明:
實(shí)例6:顯示所有UDP?Sockets
命令:
ss?-u?-a
輸出:
[root@localhost?~]#?ss?-u?-aState??????Recv-Q?Send-Q????????????????????????????????Local?Address:Port????????????????????????????????????Peer?Address:Port???
UNCONN?????0??????0?????????????????????????????????????????127.0.0.1:syslog?????????????????????????????????????????????*:*???????
UNCONN?????0??????0?????????????????????????????????????????????????*:snmp???????????????????????????????????????????????*:*???????
ESTAB??????0??????0???????????????????????????????????192.168.120.203:39641??????????????????????????????????10.58.119.119:domain?
[root@localhost?~]#
說明:
實(shí)例7:顯示所有狀態(tài)為established的SMTP連接
命令:
ss?-o?state?established?'(?dport?=?:smtp?or?sport?=?:smtp?)'?
輸出:
[root@localhost?~]#?ss?-o?state?established?'(?dport?=?:smtp?or?sport?=?:smtp?)'?Recv-Q?Send-Q?????????????????????????????????????Local?Address:Port?????????????????????????????????????????Peer?Address:Port???
[root@localhost?~]#
說明:
實(shí)例8:顯示所有狀態(tài)為Established的HTTP連接
命令:
ss?-o?state?established?'(?dport?=?:http?or?sport?=?:http?)'?
輸出:
[root@localhost?~]#?ss?-o?state?established?'(?dport?=?:http?or?sport?=?:http?)'?Recv-Q?Send-Q?????????????????????????????????????Local?Address:Port?????????????????????????????????????????Peer?Address:Port???
0??????0??????????????????????????????????????????????75.126.153.214:2164????????????????????????????????????????192.168.10.42:http????
[root@localhost?~]#?
說明:
實(shí)例9:列舉出處于?FIN-WAIT-1狀態(tài)的源端口為?80或者?443,目標(biāo)網(wǎng)絡(luò)為?193.233.7/24所有?tcp套接字
命令:
ss?-o?state?fin-wait-1?'(?sport?=?:http?or?sport?=?:https?)'?dst?193.233.7/24
輸出:
說明:
實(shí)例10:用TCP?狀態(tài)過濾Sockets:
命令:
ss?-4?state?FILTER-NAME-HERE?
ss?-6?state?FILTER-NAME-HERE
輸出:
[root@localhost?~]#ss?-4?state?closing?Recv-Q?Send-Q??????????????????????????????????????????????????Local?Address:Port??????????????????????????????????????????????????????Peer?Address:Port?
1??????11094??????????????????????????????????????????????????75.126.153.214:http??????????????????????????????????????????????????????192.168.10.42:4669?
說明:
FILTER-NAME-HERE?可以代表以下任何一個(gè):
established
syn-sent
syn-recv
fin-wait-1
fin-wait-2
time-wait
closed
close-wait
last-ack
listen
closing
?
all?:?所有以上狀態(tài)
connected?:?除了listen?and?closed的所有狀態(tài)
synchronized?:所有已連接的狀態(tài)除了syn-sent
bucket?:?顯示狀態(tài)為maintained?as?minisockets,如:time-wait和syn-recv.
big?:?和bucket相反.
實(shí)例11:匹配遠(yuǎn)程地址和端口號(hào)
命令:
ss?dst?ADDRESS_PATTERN
ss?dst?192.168.1.5
ss?dst?192.168.119.113:http?
ss?dst?192.168.119.113:smtp?
ss?dst?192.168.119.113:443
輸出:
[root@localhost?~]#?ss?dst?192.168.119.113State??????Recv-Q?Send-Q????????????????????????????????Local?Address:Port????????????????????????????????????Peer?Address:Port???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16014????????????????????????????????192.168.119.113:20229???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16014????????????????????????????????192.168.119.113:61056???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16014????????????????????????????????192.168.119.113:61623???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16014????????????????????????????????192.168.119.113:60924???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16050????????????????????????????????192.168.119.113:43701???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16073????????????????????????????????192.168.119.113:32930???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16073????????????????????????????????192.168.119.113:49318???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16014????????????????????????????????192.168.119.113:3844????
[root@localhost?~]#?ss?dst?192.168.119.113:http
State??????Recv-Q?Send-Q????????????????????????????????Local?Address:Port????????????????????????????????????Peer?Address:Port???
[root@localhost?~]#?ss?dst?192.168.119.113:3844
State??????Recv-Q?Send-Q????????????????????????????????Local?Address:Port????????????????????????????????????Peer?Address:Port???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16014????????????????????????????????192.168.119.113:3844????
[root@localhost?~]#?
說明:
實(shí)例12:匹配本地地址和端口號(hào)
命令:
ss?src?ADDRESS_PATTERN
ss?src?192.168.119.103
ss?src?192.168.119.103:http
ss?src?192.168.119.103:80
ss?src?192.168.119.103:smtp
ss?src?192.168.119.103:25
輸出:
[root@localhost?~]#?ss?src?192.168.119.103:16021State??????Recv-Q?Send-Q????????????????????????????????Local?Address:Port????????????????????????????????????Peer?Address:Port???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021????????????????????????????????192.168.119.201:63054???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021????????????????????????????????192.168.119.201:62894???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021????????????????????????????????192.168.119.201:63055???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021????????????????????????????????192.168.119.201:2274????
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021????????????????????????????????192.168.119.201:44784???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021????????????????????????????????192.168.119.201:7233????
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021????????????????????????????????192.168.119.103:58660???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021????????????????????????????????192.168.119.201:44822???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021?????????????????????????????????????10.2.1.206:56737???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021?????????????????????????????????????10.2.1.206:57487???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021?????????????????????????????????????10.2.1.206:56736???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021?????????????????????????????????????10.2.1.206:64652???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021?????????????????????????????????????10.2.1.206:56586???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021?????????????????????????????????????10.2.1.206:64653???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021?????????????????????????????????????10.2.1.206:56587???
[root@localhost?~]#?
說明:
實(shí)例13:將本地或者遠(yuǎn)程端口和一個(gè)數(shù)比較
命令:
ss?dport?OP?PORT?
ss?sport?OP?PORT
輸出:
[root@localhost?~]#?ss??sport?=?:http?[root@localhost?~]#?ss??dport?=?:http?
[root@localhost?~]#?ss??dport?\>?:1024?
[root@localhost?~]#?ss??sport?\>?:1024?
[root@localhost?~]#?ss?sport?\<?:32000?
[root@localhost?~]#?ss??sport?eq?:22?
[root@localhost?~]#?ss??dport?!=?:22?
[root@localhost?~]#?ss??state?connected?sport?=?:http?
[root@localhost?~]#?ss?\(?sport?=?:http?or?sport?=?:https?\)?
[root@localhost?~]#?ss?-o?state?fin-wait-1?\(?sport?=?:http?or?sport?=?:https?\)?dst?192.168.1/24
說明:
ss?dport?OP?PORT?遠(yuǎn)程端口和一個(gè)數(shù)比較;ss?sport?OP?PORT?本地端口和一個(gè)數(shù)比較。
OP?可以代表以下任意一個(gè):?
<=?or?le?:?小于或等于端口號(hào)
>=?or?ge?:?大于或等于端口號(hào)
==?or?eq?:?等于端口號(hào)
!=?or?ne?:?不等于端口號(hào)
<?or?gt?:?小于端口號(hào)
>?or?lt?:?大于端口號(hào)
實(shí)例14:ss?和?netstat?效率對(duì)比
命令:
time?netstat?-at
time?ss
輸出:
[root@localhost?~]#?time?ss???real????0m0.739s
user????0m0.019s
sys?????0m0.013s
[root@localhost?~]#?
[root@localhost?~]#?time?netstat?-at
real????2m45.907s
user????0m0.063s
sys?????0m0.067s
[root@localhost?~]#
?
說明:
用time?命令分別獲取通過netstat和ss命令獲取程序和概要占用資源所使用的時(shí)間。在服務(wù)器連接數(shù)比較多的時(shí)候,netstat的效率完全沒法和ss比。
?
總結(jié)
以上是生活随笔為你收集整理的Linux指令--traceroute,netstat,ss的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: python基本数_python--基本
- 下一篇: linux ss的使用方法