linux netstat 命令用法
来源:互联网 发布:基因工程中数据分析 编辑:程序博客网 时间:2024/06/06 01:19
linux 系统常用的网络操作命令包括netstat、nslookup、 host、 finger 和ping。netstat 命令的功能是显示网络连接、路由表和网络接口信息,可以让用户得知目前都有哪些网络连接正在运作。
is under attack or not. You can also list abusive IP address using this method.
# netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n
Output:
1 CLOSE_WAIT
1 established)
1 Foreign
3 FIN_WAIT1
3 LAST_ACK
13 ESTABLISHED
17 LISTEN
154 FIN_WAIT2
327 TIME_WAIT
Dig out more information about a specific ip address:
# netstat -nat |grep {IP-address} | awk '{print $6}' | sort | uniq -c | sort -n
2 LAST_ACK
2 LISTEN
4 FIN_WAIT1
14 ESTABLISHED
91 TIME_WAIT
130 FIN_WAIT2
Busy server can give out more information:
# netstat -nat |grep 202.54.1.10 | awk '{print $6}' | sort | uniq -c | sort -n
Output:
15 CLOSE_WAIT
37 LAST_ACK
64 FIN_WAIT_1
65 FIN_WAIT_2
1251 TIME_WAIT
3597 SYN_SENT
5124 ESTABLISHED
Get List Of All Unique IP Address
To print list of all unique IP address connected to server, enter:
# netstat -nat | awk '{ print $5}' | cut -d: -f1 | sed -e '/^$/d' | uniq
To print total of all unique IP address, enter:
# netstat -nat | awk '{ print $5}' | cut -d: -f1 | sed -e '/^$/d' | uniq | wc -l
Output:
449
Find Out If Box is Under DoS Attack or Not
If you think your Linux box is under attack, print out a list of open connections on your box and sorts them by according to IP address, enter:
# netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort | uniq -c | sort -n
Output:
1 10.0.77.52
2 10.1.11.3
4 12.109.42.21
6 12.191.136.3
.....
...
....
13 202.155.209.202
18 208.67.222.222
28 0.0.0.0
233 127.0.0.1
You can simply block all abusiveIPs using iptables or just null route them.
Get Live View of TCP Connections
You can usetcptrack command to display the status of TCP connections that it sees on a given network interface. tcptrack monitors their state and displays information such as state, source/destination addresses and bandwidth usage in a sorted, updated list very much like the top command.
Display Summary Statistics for Each Protocol
Simply use netstat -s:
# netstat -s | less
# netstat -t -s | less
# netstat -u -s | less
# netstat -w -s | less
# netstat -s
Output:
Ip:
88354557 total packets received
0 forwarded
0 incoming packets discarded
88104061 incoming packets delivered
96037391 requests sent out
13 outgoing packets dropped
66 fragments dropped after timeout
295 reassemblies required
106 packets reassembled ok
66 packet reassembles failed
34 fragments failed
Icmp:
18108 ICMP messages received
58 input ICMP message failed.
ICMP input histogram:
destination unreachable: 7173
timeout in transit: 472
redirects: 353
echo requests: 10096
28977 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 18881
echo replies: 10096
Tcp:
1202226 active connections openings
2706802 passive connection openings
7394 failed connection attempts
47018 connection resets received
23 connections established
87975383 segments received
95235730 segments send out
681174 segments retransmited
2044 bad segments received.
80805 resets sent
Udp:
92689 packets received
14611 packets to unknown port received.
0 packet receive errors
96755 packets sent
TcpExt:
48452 invalid SYN cookies received
7357 resets received for embryonic SYN_RECV sockets
43 ICMP packets dropped because they were out-of-window
5 ICMP packets dropped because socket was locked
2672073 TCP sockets finished time wait in fast timer
441 time wait sockets recycled by time stamp
368562 delayed acks sent
430 delayed acks further delayed because of locked socket
Quick ack mode was activated 36127 times
32318597 packets directly queued to recvmsg prequeue.
741479256 packets directly received from backlog
1502338990 packets directly received from prequeue
18343750 packets header predicted
10220683 packets header predicted and directly queued to user
17516622 acknowledgments not containing data received
36549771 predicted acknowledgments
102672 times recovered from packet loss due to fast retransmit
Detected reordering 1596 times using reno fast retransmit
Detected reordering 1 times using time stamp
8 congestion windows fully recovered
32 congestion windows partially recovered using Hoe heuristic
19 congestion windows recovered after partial ack
0 TCP data loss events
39951 timeouts after reno fast retransmit
29653 timeouts in loss state
197005 fast retransmits
186937 retransmits in slow start
131433 other TCP timeouts
TCPRenoRecoveryFail: 20217
147 times receiver scheduled too late for direct processing
29010 connections reset due to unexpected data
365 connections reset due to early user close
6979 connections aborted due to timeout
Display Interface Table
You can easily display dropped and total transmitted packets with netstat for eth0:
# netstat --interfaces=eth0
Output:
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 2040929 0 0 0 3850539 0
检查net.ipv4.tcp_tw当前值,将当前的值更改为1分钟:
[root@aaa1 ~]# sysctl -a|grep net.ipv4.tcp_tw
net.ipv4.tcp_tw_reuse = 0
net.ipv4.tcp_tw_recycle = 0
[root@aaa1 ~]#
vi /etc/sysctl
增加或修改net.ipv4.tcp_tw值:
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
使内核参数生效:
[root@aaa1 ~]# sysctl -p
[root@aaa1 ~]# sysctl -a|grep net.ipv4.tcp_tw
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
用netstat再观察正常
这里解决问题的关键是如何能够重复利用time_wait的值,我们可以设置时检查一下time和wait的值
#sysctl -a | grep time | grep wait
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
设置修改apache的最大线程数
vi /include/httpd.h
将#define DYNAMIC_MODULE_LIMIT 128
改为 #define DYNAMIC_MODULE_LIMIT 2560
这两天搭建了一组Apache服务器,每台服务器4G内存,采用的是prefork模式,一开始设置的连接数太少了,需要较长的时间去响应用户的请求,后来修改了一下Apache 2.0.59的配置文件httpd.conf:
引用
# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
StartServers 10
MinSpareServers 10
MaxSpareServers 15
ServerLimit 2000
MaxClients 2000
MaxRequestsPerChild 10000
--------------------------------------------------------------------------------
查看httpd进程数(即prefork模式下Apache能够处理的并发请求数):
Linux命令:
引用
ps -ef | grep httpd | wc -l
返回结果示例:
1388
表示Apache能够处理1388个并发请求,这个值Apache可根据负载情况自动调整,我这组服务器中每台的峰值曾达到过2002。
--------------------------------------------------------------------------------
查看Apache的并发请求数及其TCP连接状态:
Linux命令:
引用
netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'
(这条语句是从新浪互动社区事业部新浪互动社区事业部新浪互动社区事业部技术总监王老大那儿获得的,非常不错)
返回结果示例:
LAST_ACK 5
SYN_RECV 30
ESTABLISHED 1597
FIN_WAIT1 51
FIN_WAIT2 504
TIME_WAIT 1057
其中的SYN_RECV表示正在等待处理的请求数;ESTABLISHED表示正常数据传输状态;TIME_WAIT表示处理完毕,等待超时结束的请求数。
--------------------------------------------------------------------------------
关于TCP状态的变迁,可以从下图形象地看出:
状态:描述
CLOSED:无连接是活动的或正在进行
LISTEN:服务器在等待进入呼叫
SYN_RECV:一个连接请求已经到达,等待确认
SYN_SENT:应用已经开始,打开一个连接
ESTABLISHED:正常数据传输状态
FIN_WAIT1:应用说它已经完成
FIN_WAIT2:另一边已同意释放
ITMED_WAIT:等待所有分组死掉
CLOSING:两边同时尝试关闭
TIME_WAIT:另一边已初始化一个释放
LAST_ACK:等待所有分组死掉
About netstat
Syntax
Examples
Related commands
Linux / Unix main page
About netstat
Shows network status.
Syntax
netstat [-a] [-n] [-v]
netstat [-g | -m | -p | -s | -f address_family ] [-n] [-P protocol]
netstat [ -i ] [ -I interface ] [ interval ]
netstat -r [-a] [-n] [-v ]
netstat -M [-n] [-s ]
netstat -D [ -I interface ] -aShow the state of all sockets and all routing table entries; normally, sockets used by server processes are not shown and only interface, host, network, and default routes are shown.-nShow network addresses as numbers. netstat normally displays addresses as symbols. This option may be used with any of the display formats.-vVerbose. Show additional information for the sockets and the routing table.-gShow the multicast group memberships for all interfaces.-mShow the STREAMS statistics.-pShow the address resolution (ARP) tables.-sShow per-protocol statistics. When used with the -M option, show multicast routing statistics instead.-iShow the state of the interfaces that are used for TCP/IP traffic.-rShow the routing tables.-MShow the multicast routing tables. When used with the -s option, show multicast routing statistics instead.-dShow the state of all interfaces that are under Dynamic Host Configuration Protocol (DHCP) control.-DShow the status of DHCP configured interfaces.-f address_familyimit statistics or address control block reports to those of the specified address_family, which can be one of:
inetFor the AF_INET address family
unixFor the AF_Unix address family-P protocolLimit display of statistics or state of all sockets to those applicable to protocol.- I interfaceShow the state of a particular interface. interface can be any valid interface such as ie0 or
le0.
Examples
netstat
Displays generic net statistics of the host you are currently connected to.
netstat -an
Shows all connections to the server including the source and destination ips and ports if you have proper permissions.
netstat -rn
Displays routing table for all ips bound to the server.
netstat -an |grep :80 |wc -l
Display the amount of active connections onport80. Removing the pipeand wc command would display each connection.
netstat -natp
Display active Internet connections. Seedocument CH001079 for an example of output.
Related commands
ac
arp
ifconfig
route
rpcinfo
is under attack or not. You can also list abusive IP address using this method.
# netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n
Output:
Dig out more information about a specific ip address:
# netstat -nat |grep {IP-address} | awk '{print $6}' | sort | uniq -c | sort -n
Busy server can give out more information:
# netstat -nat |grep 202.54.1.10 | awk '{print $6}' | sort | uniq -c | sort -n
Output:
15 CLOSE_WAIT
37 LAST_ACK
64 FIN_WAIT_1
65 FIN_WAIT_2
1251 TIME_WAIT
3597 SYN_SENT
5124 ESTABLISHED
Get List Of All Unique IP Address
To print list of all unique IP address connected to server, enter:
# netstat -nat | awk '{ print $5}' | cut -d: -f1 | sed -e '/^$/d' | uniq
To print total of all unique IP address, enter:
# netstat -nat | awk '{ print $5}' | cut -d: -f1 | sed -e '/^$/d' | uniq | wc -l
Output:
449
Find Out If Box is Under DoS Attack or Not
If you think your Linux box is under attack, print out a list of open connections on your box and sorts them by according to IP address, enter:
# netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort | uniq -c | sort -n
Output:
.....
...
....
You can simply block all abusiveIPs using iptables or just null route them.
Get Live View of TCP Connections
You can usetcptrack command to display the status of TCP connections that it sees on a given network interface. tcptrack monitors their state and displays information such as state, source/destination addresses and bandwidth usage in a sorted, updated list very much like the top command.
Display Summary Statistics for Each Protocol
Simply use netstat -s:
# netstat -s | less
# netstat -t -s | less
# netstat -u -s | less
# netstat -w -s | less
# netstat -s
Output:
Ip:
Icmp:
Tcp:
Udp:
TcpExt:
Display Interface Table
You can easily display dropped and total transmitted packets with netstat for eth0:
# netstat --interfaces=eth0
Output:
Kernel Interface table
Iface
eth0
检查net.ipv4.tcp_tw当前值,将当前的值更改为1分钟:
[root@aaa1 ~]# sysctl -a|grep net.ipv4.tcp_tw
net.ipv4.tcp_tw_reuse = 0
net.ipv4.tcp_tw_recycle = 0
[root@aaa1 ~]#
vi /etc/sysctl
增加或修改net.ipv4.tcp_tw值:
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
使内核参数生效:
[root@aaa1 ~]# sysctl -p
[root@aaa1 ~]# sysctl -a|grep net.ipv4.tcp_tw
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
用netstat再观察正常
这里解决问题的关键是如何能够重复利用time_wait的值,我们可以设置时检查一下time和wait的值
#sysctl -a | grep time | grep wait
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
设置修改apache的最大线程数
vi /include/httpd.h
将#define DYNAMIC_MODULE_LIMIT 128
改为 #define DYNAMIC_MODULE_LIMIT 2560
这两天搭建了一组Apache服务器,每台服务器4G内存,采用的是prefork模式,一开始设置的连接数太少了,需要较长的时间去响应用户的请求,后来修改了一下Apache 2.0.59的配置文件httpd.conf:
引用
# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
StartServers
MinSpareServers
MaxSpareServers
ServerLimit
MaxClients
MaxRequestsPerChild 10000
--------------------------------------------------------------------------------
查看httpd进程数(即prefork模式下Apache能够处理的并发请求数):
Linux命令:
引用
ps -ef | grep httpd | wc -l
返回结果示例:
1388
表示Apache能够处理1388个并发请求,这个值Apache可根据负载情况自动调整,我这组服务器中每台的峰值曾达到过2002。
--------------------------------------------------------------------------------
查看Apache的并发请求数及其TCP连接状态:
Linux命令:
引用
netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'
(这条语句是从新浪互动社区事业部新浪互动社区事业部新浪互动社区事业部技术总监王老大那儿获得的,非常不错)
返回结果示例:
LAST_ACK 5
SYN_RECV 30
ESTABLISHED 1597
FIN_WAIT1 51
FIN_WAIT2 504
TIME_WAIT 1057
其中的SYN_RECV表示正在等待处理的请求数;ESTABLISHED表示正常数据传输状态;TIME_WAIT表示处理完毕,等待超时结束的请求数。
--------------------------------------------------------------------------------
关于TCP状态的变迁,可以从下图形象地看出:
状态:描述
CLOSED:无连接是活动的或正在进行
LISTEN:服务器在等待进入呼叫
SYN_RECV:一个连接请求已经到达,等待确认
SYN_SENT:应用已经开始,打开一个连接
ESTABLISHED:正常数据传输状态
FIN_WAIT1:应用说它已经完成
FIN_WAIT2:另一边已同意释放
ITMED_WAIT:等待所有分组死掉
CLOSING:两边同时尝试关闭
TIME_WAIT:另一边已初始化一个释放
LAST_ACK:等待所有分组死掉
Linux / Unix netstat command
Quick linksAbout netstat
Syntax
Examples
Related commands
Linux / Unix main page
About netstat
Shows network status.
Syntax
netstat [-a] [-n] [-v]
netstat [-g | -m | -p | -s | -f address_family ] [-n] [-P protocol]
netstat [ -i ] [ -I interface ] [ interval ]
netstat -r [-a] [-n] [-v ]
netstat -M [-n] [-s ]
netstat -D [ -I interface ]
inetFor the AF_INET address family
unixFor the AF_Unix address family-P protocolLimit display of statistics or state of all sockets to those applicable to protocol.- I interfaceShow the state of a particular interface. interface can be any valid interface such as ie0 or
le0.
Examples
netstat
Displays generic net statistics of the host you are currently connected to.
netstat -an
Shows all connections to the server including the source and destination ips and ports if you have proper permissions.
netstat -rn
Displays routing table for all ips bound to the server.
netstat -an |grep :80 |wc -l
Display the amount of active connections onport80. Removing the pipeand wc command would display each connection.
netstat -natp
Display active Internet connections. Seedocument CH001079 for an example of output.
Related commands
ac
arp
ifconfig
route
rpcinfo
0 0
- linux netstat 命令用法
- Linux中netstat命令的用法详解
- linux中netstat命令用法详解
- Linux中netstat命令的用法详解
- Linux中netstat命令的用法详解
- Linux中netstat命令的用法详解
- Netstat命令用法
- linux netstat命令参数及用法(整理)
- Linux: netstat的用法
- linux netstat 用法
- linux---netstat用法
- linux下netstat命令
- NETSTAT linux 命令说明
- Linux netstat 命令详解
- Linux命令netstat
- linux netstat 命令详解
- Linux netstat命令
- Linux命令:service & netstat !
- Unity3D Compute Shader 新解 简单体绘制技术与点吸引【三】
- asp.net 学习之路之控件使用
- html css学习笔记-定位
- poj 3468 A Simple Problem with Integers 【线段树 + 区间更新lazy】
- 自动测试之一(QTP)
- linux netstat 命令用法
- VimGDB install
- python3 数据类型转换
- oracle 自学笔记1
- 关于项目上出现问号的情况
- DC知识总结
- MYSQL缓存机制
- POJ 题目1455Crazy tea party(数学)
- MFC动态创建右键菜单