netstat

来源:互联网 发布:unity3d 模型闪烁 编辑:程序博客网 时间:2024/05/22 13:25

netstat 命令可以帮助检查本机的网络状况,man netstat 可以看到对其的基本描述:

netstat - Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships


先来一个简单的例子,要显示tcp协议,使用-t参数,包括了tcp和tcp6

[plain] view plaincopyprint?
  1.  netstat -t  
  2. Active Internet connections (w/o servers)  
  3. Proto Recv-Q Send-Q Local Address           Foreign Address         State        
  4. tcp        0      0 localhost:59226         localhost:8527          ESTABLISHED  
  5. tcp        0      0 bogon:44385             117.79.93.222:http      TIME_WAIT    
  6. tcp        0      0 localhost:8527          localhost:59305         CLOSE_WAIT   
  7. tcp        0      0 localhost:8527          localhost:59235         ESTABLISHED  
  8. tcp        0      1 bogon:36113             tf-in-f19.1e100.n:https SYN_SENT     
  9. tcp        0      0 bogon:49941             117.79.93.196:http      TIME_WAIT    
  10. tcp        0      0 bogon:53574             117.79.93.208:http      ESTABLISHED  
  11. tcp        0      0 localhost:59259         localhost:8527          ESTABLISHED  

数量太多,只显示了一部分。


添加一个-l参数,会只显示监听本地端口的TCP程序,现在一下子程序少了很多。

[plain] view plaincopyprint?
  1. netstat -tl  
  2. Active Internet connections (only servers)  
  3. Proto Recv-Q Send-Q Local Address           Foreign Address         State        
  4. tcp        0      0 localhost:8527          *:*                     LISTEN       
  5. tcp        0      0 *:http                  *:*                     LISTEN       
  6. tcp        0      0 localhost:domain        *:*                     LISTEN       
  7. tcp        0      0 localhost:ipp           *:*                     LISTEN       
  8. tcp        0      0 *:https                 *:*                     LISTEN       
  9. tcp6       0      0 ip6-localhost:8527      [::]:*                  LISTEN       
  10. tcp6       0      0 ip6-localhost:ipp       [::]:*                  LISTEN   

注意上面的Local Address一列,显示的不是ip地址,而是localhost, 如果想要显示IP地址,添加一个参数-n

[plain] view plaincopyprint?
  1. netstat -tln  
  2. Active Internet connections (only servers)  
  3. Proto Recv-Q Send-Q Local Address           Foreign Address         State        
  4. tcp        0      0 127.0.0.1:8527          0.0.0.0:*               LISTEN       
  5. tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN       
  6. tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN       
  7. tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN       
  8. tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN       
  9. tcp6       0      0 ::1:8527                :::*                    LISTEN       
  10. tcp6       0      0 ::1:631                 :::*                    LISTEN   

如果还想显示进程名称和ID,再添加一个参数-p

[plain] view plaincopyprint?
  1. netstat -tlnp  
  2. Active Internet connections (only servers)  
  3. Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name  
  4. tcp        0      0 127.0.0.1:8527          0.0.0.0:*               LISTEN      6506/ssh          
  5. tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      889/nginx         
  6. tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      1268/dnsmasq      
  7. tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      590/cupsd         
  8. tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      889/nginx         
  9. tcp6       0      0 ::1:8527                :::*                    LISTEN      6506/ssh          
  10. tcp6       0      0 ::1:631                 :::*                    LISTEN      590/cupsd   

配合grep,就可以查找监听本地某端口的进程

[plain] view plaincopyprint?
  1. netstat -tlnp | grep 127.0.0.1:8527  
  2. tcp        0      0 127.0.0.1:8527          0.0.0.0:*               LISTEN      6506/ssh  

配合awk,就可以快速找到进程名称

[plain] view plaincopyprint?
  1. netstat -tlnp | grep 127.0.0.1:8527 | awk '{print $7}'  
  2. 7458/ssh  

再做一次awk查找,去掉斜线后面的,只保留进程id

[plain] view plaincopyprint?
  1. netstat -tlnp | grep 127.0.0.1:8527 | awk '{print $7}' | awk -F '/' '{print $1}'  
  2. 7458  
原创粉丝点击