Netstat 是一款命令行工具,可用于列出系统上所有的网络套接字连接情况,包括 tcp, udp 以及 unix 套接字,另外它还能列出处于监听状态(即等待接入请求)的套接字。在Linux使用过程中,需要了解当前系统开放了哪些端口,并且要查看开放这些端口的具体进程和用户,可以通过netstat命令进行简单查询。
1. 帮助文档[root@jiangnan ~]# netstat --help usage: netstat [-vWeenNcCF] [] -r netstat {-V|--version|-h|--help} netstat [-vWnNcaeol] [ ...] netstat { [-vWeenNac] -I[ ] | [-veenNac] -i | [-cnNe] -M | -s [-6tuw] } [delay] -r, --route display routing table -I, --interfaces= display interface table for -i, --interfaces display interface table -g, --groups display multicast group memberships -s, --statistics display networking statistics (like SNMP) -M, --masquerade display masqueraded connections -v, --verbose be verbose -W, --wide don't truncate IP addresses -n, --numeric don't resolve names --numeric-hosts don't resolve host names --numeric-ports don't resolve port names --numeric-users don't resolve user names -N, --symbolic resolve hardware names -e, --extend display other/more information -p, --programs display PID/Program name for sockets -o, --timers display timers -c, --continuous continuous listing -l, --listening display listening server sockets -a, --all display all sockets (default: connected) -F, --fib display Forwarding Information Base (default) -C, --cache display routing cache instead of FIB -Z, --context display SELinux security context for sockets ={-t|--tcp} {-u|--udp} {-U|--udplite} {-S|--sctp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom =Use '-6|-4' or '-A ' or '-- '; default: inet List of possible address families (which support routing): inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25) netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP) x25 (CCITT X.25) [root@jiangnan ~]#
netstat命令几个常用的参数说明如下:
-t : 指明显示TCP端口
-u : 指明显示UDP端口
-l : 仅显示监听套接字(所谓套接字就是使应用程序能够读写与收发通讯协议(protocol)与资料的程序)
-p : 显示进程标识符和程序名称,每一个套接字/端口都属于一个程序。
-n : 不进行DNS轮询(禁用反向域名解析),显示IP(可以加速操作)
netstat -ntlp //查看当前所有tcp端口. netstat -ntulp |grep 80 //查看所有80端口使用情况. netstat -an | grep 3306 //查看所有3306端口使用情况.
- 列出所有当前的连接。使用 -a 选项即可。
[root@jiangnan ~]# netstat -a Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 localhost:10248 0.0.0.0:* LISTEN tcp 0 0 localhost:10257 0.0.0.0:* LISTEN tcp 0 0 localhost:10259 0.0.0.0:* LISTEN tcp 0 0 localhost:35700 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN tcp 0 0 iZ2ze746e6572mmbd:40852 100.100.30.26:http ESTABLISHED ... unix 3 [ ] STREAM CONNECTED 4853258 /run/containerd/containerd.sock [root@jiangnan ~]#
- 只列出 TCP 协议的连接,使用 -t 选项列出 TCP 协议的连接:
[root@jiangnan ~]# netstat -at Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 localhost:10248 0.0.0.0:* LISTEN tcp 0 0 localhost:10257 0.0.0.0:* LISTEN tcp 0 0 localhost:10259 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN ... tcp6 0 0 [::]:webcache [::]:* LISTEN tcp6 0 0 localhost:smtp [::]:* LISTEN tcp6 0 0 localhost:mxi [::]:* LISTEN [root@jiangnan ~]#
- 只列出 UDP 协议的连接,使用 -u 选项列出 TCP 协议的连接:
[root@jiangnan ~]# netstat -au Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 localhost:323 0.0.0.0:* udp 0 0 0.0.0.0:bootpc 0.0.0.0:* udp6 0 0 localhost:323 [::]:* [root@jiangnan ~]#
- 禁用反向域名解析,加快查询速度
[root@jiangnan ~]# netstat -ant Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:10248 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:10257 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:10259 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:45251 0.0.0.0:* LISTEN tcp 0 0 172.31.179.120:40852 100.100.30.26:80 ESTABLISHED tcp 0 1 172.31.179.120:34790 101.200.149.4:6443 SYN_SENT ... tcp6 0 0 ::1:25 :::* LISTEN tcp6 0 0 127.0.0.1:8005 :::* LISTEN [root@jiangnan ~]#
- 只查看处于监听状态的连接,并且不解析域名
[root@jiangnan ~]# netstat -ntl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:10248 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:10257 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:10259 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:45251 0.0.0.0:* LISTEN tcp6 0 0 :::10250 :::* LISTEN tcp6 0 0 :::10251 :::* LISTEN tcp6 0 0 :::10252 :::* LISTEN tcp6 0 0 :::8080 :::* LISTEN tcp6 0 0 ::1:25 :::* LISTEN tcp6 0 0 127.0.0.1:8005 :::* LISTEN [root@jiangnan ~]#
- 查询指定端口或状态的连接
[root@jiangnan ~]# netstat -atnp | grep ESTA tcp 0 0 172.31.179.120:40852 100.100.30.26:80 ESTABLISHED 28385/AliYunDun tcp 0 52 172.31.179.120:22 120.244.188.179:12035 ESTABLISHED 25718/sshd: root@pt [root@jiangnan ~]#
通过管道符并配合grep命令查看。
微信公众号先已开通,搜索 “江小南和他的小伙伴们” 就能找到我哦,各位小伙伴们可以关注一下,文章会进行同步更新,方便查看哦。
