NAME

netstat - 顯示網(wǎng)絡連接，路由表，接口狀態(tài)，偽裝連接，網(wǎng)絡鏈路信息和組播成員組。  

總覽 SYNOPSIS

netstat [address_family_options] [--tcp|-t] [--udp|-u] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--symbolic|-N] [--extend|-e[--extend|-e]] [--timers|-o] [--program|-p] [--verbose|-v] [--continuous|-c] [delay] netstat {--route|-r} [address_family_options] [--extend|-e[--extend|-e]] [--verbose|-v] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay] netstat {--interfaces|-i} [iface] [--all|-a] [--extend|-e[--extend|-e]] [--verbose|-v] [--program|-p] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay] netstat {--groups|-g} [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay] netstat {--masquerade|-M} [--extend|-e] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay] netstat {--statistics|-s} [--tcp|-t] [--udp|-u] [--raw|-w] [delay] netstat {--version|-V} netstat {--help|-h} address_family_options:

[--protocol={inet,unix,ipx,ax25,netrom,ddp}[,...]] [--unix|-x] [--inet|--ip] [--ax25] [--ipx] [--netrom] [--ddp]

描述 DESCRIPTION

Netstat 程序顯示Linux網(wǎng)絡子系統(tǒng)的信息。 輸出信息的類型是由***個參數(shù)控制的，就像這樣：  

(none)

無選項時, netstat 顯示打開的套接字. 如果不指定任何地址族，那么打印出所有已配置地址族的有效套接字。  

--route , -r

顯示內(nèi)核路由表。  

--groups , -g

顯示IPv4 和 IPv6的IGMP組播組成員關(guān)系信息。  

--interface=iface , -iiface 。  

顯示所有網(wǎng)絡接口列表或者是指定的

--masquerade , -M

顯示一份所有經(jīng)偽裝的會話列表。  

--statistics , -s

顯示每種協(xié)議的統(tǒng)計信息。  

選項 OPTIONS

--verbose , -v

詳細模式運行。特別是打印一些關(guān)于未配置地址族的有用信息。  

--numeric , -n

顯示數(shù)字形式地址而不是去解析主機、端口或用戶名。  

--numeric-hosts

顯示數(shù)字形式的主機但是不影響端口或用戶名的解析。  

--numeric-ports

顯示數(shù)字端口號，但是不影響主機或用戶名的解析。  

--numeric-users

顯示數(shù)字的用戶ID，但是不影響主機和端口名的解析。  

--protocol=family , -Afamily 以逗號分隔的地址族列表，比如 inet, unix, ipx, ax25, netrom, 和 ddp。 這樣和使用 --inet, --unix (-x), --ipx, --ax25, --netrom, 和 --ddp 選項效果相同。 地址族 inet 包括raw, udp 和tcp 協(xié)議套接字。  

指定要顯示哪些連接的地址族(也許在底層協(xié)議中可以更好地描述)。

-c, --continuous

將使 netstat 不斷地每秒輸出所選的信息。  

-e, --extend

顯示附加信息。使用這個選項兩次來獲得所有細節(jié)。  

-o, --timers

包含與網(wǎng)絡定時器有關(guān)的信息。  

-p, --program

顯示套接字所屬進程的PID和名稱。  

-l, --listening

只顯示正在偵聽的套接字(這是默認的選項)  

-a, --all

顯示所有正在或不在偵聽的套接字。加上 --interfaces 選項將顯示沒有標記的接口。  

-F

顯示FIB中的路由信息。(這是默認的選項)  

-C

顯示路由緩沖中的路由信息。  

delay

netstat將循環(huán)輸出統(tǒng)計信息，每隔 delay 秒。  

輸出 OUTPUT

活動的Internet網(wǎng)絡連接 (TCP, UDP, raw)

Proto

套接字使用的協(xié)議。  

Recv-Q

連接此套接字的用戶程序未拷貝的字節(jié)數(shù)。  

Send-Q

遠程主機未確認的字節(jié)數(shù)。  

Local Address

套接字的本地地址(本地主機名)和端口號。除非給定-n --numeric (-n) 選項，否則套接字地址按標準主機名(FQDN)進行解析，而端口號則轉(zhuǎn)換到相應的服務名。  

Foreign Address

套接字的遠程地址(遠程主機名)和端口號。 Analogous to "Local Address."  

State

套接字的狀態(tài)。因為在RAW協(xié)議中沒有狀態(tài)，而且UDP也不用狀態(tài)信息，所以此行留空。通常它為以下幾個值之一：

ESTABLISHED

套接字有一個有效連接。

SYN_SENT

套接字嘗試建立一個連接。

SYN_RECV

從網(wǎng)絡上收到一個連接請求。

FIN_WAIT1

套接字已關(guān)閉，連接正在斷開。

FIN_WAIT2

連接已關(guān)閉，套接字等待遠程方中止。

TIME_WAIT

在關(guān)閉之后，套接字等待處理仍然在網(wǎng)絡中的分組

CLOSED

套接字未用。

CLOSE_WAIT

遠程方已關(guān)閉，等待套接字關(guān)閉。

LAST_ACK

遠程方中止，套接字已關(guān)閉。等待確認。

LISTEN

套接字監(jiān)聽進來的連接。如果不設置 --listening (-l) 或者 --all (-a) 選項，將不顯示出來這些連接。

CLOSING

套接字都已關(guān)閉，而還未把所有數(shù)據(jù)發(fā)出。

UNKNOWN

套接字狀態(tài)未知。

User

套接字屬主的名稱或UID。  

PID/Program name

以斜線分隔的處理套接字程序的PID及進程名。 --program 使此欄目被顯示。你需要 superuser 權(quán)限來查看不是你擁有的套接字的信息。對IPX套接字還無法獲得此信息。  

Timer

(this needs to be written)  

活動的UNIX域套接字

Proto

套接字所用的協(xié)議(通常是unix)。  

RefCnt

使用數(shù)量(也就是通過此套接字連接的進程數(shù))。  

Flags

顯示的標志為SO_ACCEPTON(顯示為 ACC), SO_WAITDATA (W) 或 SO_NOSPACE (N)。 如果相應的進程等待一個連接請求，那么SO_ACCECPTON用于未連接的套接字。其它標志通常并不重要  

Type

套接字使用的一些類型：

SOCK_DGRAM

此套接字用于數(shù)據(jù)報(無連接)模式。

SOCK_STREAM

流模式(連接)套接字

SOCK_RAW

此套接字用于RAW模式。

SOCK_RDM

一種服務可靠性傳遞信息。

SOCK_SEQPACKET

連續(xù)分組套接字。

SOCK_PACKET

RAW接口使用套接字。

UNKNOWN

將來誰知道它的話將告訴我們，就填在這里 :-)

State

此字段包含以下關(guān)鍵字之一：

FREE

套接字未分配。

LISTENING

套接字正在監(jiān)聽一個連接請求。除非設置 --listening (-l) 或者 --all (-a) 選項，否則不顯示。

CONNECTING

套接字正要建立連接。

CONNECTED

套接字已連接。

DISCONNECTING

套接字已斷開。

(empty)

套接字未連。

UNKNOWN

！不應當出現(xiàn)這種狀態(tài)的。

PID/Program name

處理此套接字的程序進程名和PID。上面關(guān)于活動的Internet連接的部分有更詳細的信息。  

Path

當相應進程連入套接字時顯示路徑名。  

活動的IPX套接字

(this needs to be done by somebody who knows it)  

Active NET/ROM sockets

(this needs to be done by somebody who knows it)  

Active AX.25 sockets

(this needs to be done by somebody who knows it)

注意 NOTES

從linux 2.2內(nèi)核開始 netstat -i 不再顯示別名接口的統(tǒng)計信息。要獲得每個別名接口的計數(shù)器，則需要用 ipchains(8) 命令。

文件 FILES

/etc/services -- 服務解釋文件

/proc -- proc文件系統(tǒng)的掛載點。proc文件系統(tǒng)通過下列文件給出了內(nèi)核狀態(tài)信息。

/proc/net/dev -- 設備信息

/proc/net/raw -- RAW套接字信息

/proc/net/tcp -- TCP套接字信息

/proc/net/udp -- UDP套接字信息

/proc/net/igmp -- IGMP組播信息

/proc/net/unix -- Unix域套接字信息

/proc/net/ipx -- IPX套接字信息

/proc/net/ax25 -- AX25套接字信息

/proc/net/appletalk -- DDP(appletalk)套接字信息

/proc/net/nr -- NET/ROM套接字信息

/proc/net/route -- IP路由信息

/proc/net/ax25_route -- AX25路由信息

/proc/net/ipx_route -- IPX路由信息

/proc/net/nr_nodes -- NET/ROM節(jié)點列表

/proc/net/nr_neigh -- NET/ROM鄰站

/proc/net/ip_masquerade -- 偽裝連接

/proc/net/snmp -- 統(tǒng)計  

參見 SEE ALSO

route(8), ifconfig(8), ipchains(8), iptables(8), proc(5)  

#p#

NAME

netstat - Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships

SYNOPSIS

netstat [address_family_options] [--tcp|-t] [--udp|-u] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--symbolic|-N] [--extend|-e[--extend|-e]] [--timers|-o] [--program|-p] [--verbose|-v] [--continuous|-c] [delay] netstat {--route|-r} [address_family_options] [--extend|-e[--extend|-e]] [--verbose|-v] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay] netstat {--interfaces|-i} [iface] [--all|-a] [--extend|-e[--extend|-e]] [--verbose|-v] [--program|-p] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay] netstat {--groups|-g} [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay] netstat {--masquerade|-M} [--extend|-e] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay] netstat {--statistics|-s} [--tcp|-t] [--udp|-u] [--raw|-w] [delay] netstat {--version|-V} netstat {--help|-h} address_family_options:

[--protocol={inet,unix,ipx,ax25,netrom,ddp}[,...]] [--unix|-x] [--inet|--ip] [--ax25] [--ipx] [--netrom] [--ddp]

DESCRIPTION

Netstat prints information about the Linux networking subsystem. The type of information printed is controlled by the first argument, as follows:  

(none)

By default, netstat displays a list of open sockets. If you don't specify any address families, then the active sockets of all configured address families will be printed.  

--route , -r

Display the kernel routing tables.  

--groups , -g

Display multicast group membership information for IPv4 and IPv6.  

--interface=iface , -iiface).  

Display a table of all network interfaces, or the specified

--masquerade , -M

Display a list of masqueraded connections.  

--statistics , -s

Display summary statistics for each protocol.  

OPTIONS

--verbose , -v

Tell the user what is going on by being verbose. Especially print some useful information about unconfigured address families.  

--numeric , -n

Show numerical addresses instead of trying to determine symbolic host, port or user names.  

--numeric-hosts

shows numerical host addresses but does not affect the resolution of port or user names.  

--numeric-ports

shows numerical port numbers but does not affect the resolution of host or user names.  

--numeric-users

shows numerical user IDs but does not affect the resolution of host or port names.

--protocol=family , -Afamily is a comma (',') separated list of address family keywords like inet, unix, ipx, ax25, netrom, and ddp. This has the same effect as using the --inet, --unix (-x), --ipx, --ax25, --netrom, and --ddp options. The address family inet includes raw, udp and tcp protocol sockets.  

Specifies the address families (perhaps better described as low level protocols) for which connections are to be shown.

-c, --continuous

This will cause netstat to print the selected information every second continuously.  

-e, --extend

Display additional information. Use this option twice for maximum detail.  

-o, --timers

Include information related to networking timers.  

-p, --program

Show the PID and name of the program to which each socket belongs.  

-l, --listening

Show only listening sockets. (These are omitted by default.)  

-a, --all

Show both listening and non-listening sockets. With the --interfaces option, show interfaces that are not marked  

-F

Print routing information from the FIB. (This is the default.)  

-C

Print routing information from the route cache.  

delay

Netstat will cycle printing through statistics every delay seconds. UP.  

OUTPUT

Active Internet connections (TCP, UDP, raw)

Proto

The protocol (tcp, udp, raw) used by the socket.  

Recv-Q

The count of bytes not copied by the user program connected to this socket.  

Send-Q

The count of bytes not acknowledged by the remote host.  

Local Address

Address and port number of the local end of the socket. Unless the --numeric (-n) option is specified, the socket address is resolved to its canonical host name (FQDN), and the port number is translated into the corresponding service name.  

Foreign Address

Address and port number of the remote end of the socket. Analogous to "Local Address."  

State

The state of the socket. Since there are no states in raw mode and usually no states used in UDP, this column may be left blank. Normally this can be one of several values:

ESTABLISHED

The socket has an established connection.

SYN_SENT

The socket is actively attempting to establish a connection.

SYN_RECV

A connection request has been received from the network.

FIN_WAIT1

The socket is closed, and the connection is shutting down.

FIN_WAIT2

Connection is closed, and the socket is waiting for a shutdown from the remote end.

TIME_WAIT

The socket is waiting after close to handle packets still in the network.

CLOSED

The socket is not being used.

CLOSE_WAIT

The remote end has shut down, waiting for the socket to close.

LAST_ACK

The remote end has shut down, and the socket is closed. Waiting for acknowledgement.

LISTEN

The socket is listening for incoming connections. Such sockets are not included in the output unless you specify the --listening (-l) or --all (-a) option.

CLOSING

Both sockets are shut down but we still don't have all our data sent.

UNKNOWN

The state of the socket is unknown.

User

The username or the user id (UID) of the owner of the socket.  

PID/Program name

Slash-separated pair of the process id (PID) and process name of the process that owns the socket. --program causes this column to be included. You will also need superuser privileges to see this information on sockets you don't own. This identification information is not yet available for IPX sockets.  

Timer

(this needs to be written)  

Active UNIX domain Sockets

Proto

The protocol (usually unix) used by the socket.  

RefCnt

The reference count (i.e. attached processes via this socket).  

Flags

The flags displayed is SO_ACCEPTON (displayed as ACC), SO_WAITDATA (W) or SO_NOSPACE (N). SO_ACCECPTON is used on unconnected sockets if their corresponding processes are waiting for a connect request. The other flags are not of normal interest.  

Type

There are several types of socket access:

SOCK_DGRAM

The socket is used in Datagram (connectionless) mode.

SOCK_STREAM

This is a stream (connection) socket.

SOCK_RAW

The socket is used as a raw socket.

SOCK_RDM

This one serves reliably-delivered messages.

SOCK_SEQPACKET

This is a sequential packet socket.

SOCK_PACKET

Raw interface access socket.

UNKNOWN

Who ever knows what the future will bring us - just fill in here :-)

State

This field will contain one of the following Keywords:

FREE

The socket is not allocated

LISTENING

The socket is listening for a connection request. Such sockets are only included in the output if you specify the --listening (-l) or --all (-a) option.

CONNECTING

The socket is about to establish a connection.

CONNECTED

The socket is connected.

DISCONNECTING

The socket is disconnecting.

(empty)

The socket is not connected to another one.

UNKNOWN

This state should never happen.

PID/Program name

Process ID (PID) and process name of the process that has the socket open. More info available in Active Internet connections section written above.  

Path

This is the path name as which the corresponding processes attached to the socket.  

Active IPX sockets

(this needs to be done by somebody who knows it)  

Active NET/ROM sockets

(this needs to be done by somebody who knows it)  

Active AX.25 sockets

(this needs to be done by somebody who knows it)

NOTES

Starting with Linux release 2.2 netstat -i does not show interface statistics for alias interfaces. To get per alias interface counters you need to setup explicit rules using the ipchains(8) command.

FILES

/etc/services -- The services translation file

/proc -- Mount point for the proc filesystem, which gives access to kernel status information via the following files.

/proc/net/dev -- device information

/proc/net/raw -- raw socket information

/proc/net/tcp -- TCP socket information

/proc/net/udp -- UDP socket information

/proc/net/igmp -- IGMP multicast information

/proc/net/unix -- Unix domain socket information

/proc/net/ipx -- IPX socket information

/proc/net/ax25 -- AX25 socket information

/proc/net/appletalk -- DDP (appletalk) socket information

/proc/net/nr -- NET/ROM socket information

/proc/net/route -- IP routing information

/proc/net/ax25_route -- AX25 routing information

/proc/net/ipx_route -- IPX routing information

/proc/net/nr_nodes -- NET/ROM nodelist

/proc/net/nr_neigh -- NET/ROM neighbours

/proc/net/ip_masquerade -- masqueraded connections

/proc/net/snmp -- statistics  

SEE ALSO

route(8), ifconfig(8), ipchains(8), iptables(8), proc(5)