ITPub博客

首页 > Linux操作系统 > Linux操作系统 > 转载Linux Netstat 命令详细解释

转载Linux Netstat 命令详细解释

Linux操作系统 作者:urgel_babay 时间:2016-03-01 09:59:04 0 删除 编辑
2018.08.19<br /> <br /> 作为一个运维人员,居然对Netstat 命令不熟悉,实在是惭愧,今天找到一个帖子写的非常好,也非常使用,这里分享出来。<br /> 原文地址:http://www.cnblogs.com/ggjucheng/archive/2012/01/08/2316661.html<br /> <h1> <strong>简介</strong> </h1> <p> Netstat 命令用于显示各种网络相关信息,如网络连接,路由表,接口状态 (Interface Statistics),masquerade 连接,多播成员 (Multicast Memberships) 等等。 </p> <h1> <strong>输出信息含义</strong> </h1> <p> 执行netstat后,其输出结果为 </p> <div class="cnblogs_code"> <div class="cnblogs_code_toolbar"> <span class="cnblogs_code_copy"><img alt="复制代码" src="http://common.cnblogs.com/images/copycode.gif" /></span> </div> <pre>Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp <span style="color:#800080;">0</span> <span style="color:#800080;">2</span> <span style="color:#800080;">210.34</span>.<span style="color:#800080;">6.89</span>:telnet <span style="color:#800080;">210.34</span>.<span style="color:#800080;">6.96</span>:<span style="color:#800080;">2873</span> ESTABLISHED tcp <span style="color:#800080;">296</span> <span style="color:#800080;">0</span> <span style="color:#800080;">210.34</span>.<span style="color:#800080;">6.89</span>:<span style="color:#800080;">1165</span> <span style="color:#800080;">210.34</span>.<span style="color:#800080;">6.84</span>:netbios-ssn ESTABLISHED tcp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> localhost.localdom:<span style="color:#800080;">9001</span> localhost.localdom:<span style="color:#800080;">1162</span> ESTABLISHED tcp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> localhost.localdom:<span style="color:#800080;">1162</span> localhost.localdom:<span style="color:#800080;">9001</span> ESTABLISHED tcp <span style="color:#800080;">0</span> <span style="color:#800080;">80</span> <span style="color:#800080;">210.34</span>.<span style="color:#800080;">6.89</span>:<span style="color:#800080;">1161</span> <span style="color:#800080;">210.34</span>.<span style="color:#800080;">6.10</span>:netbios-ssn CLOSE Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix <span style="color:#800080;">1</span> [ ] STREAM CONNECTED <span style="color:#800080;">16178</span> @000000dd unix <span style="color:#800080;">1</span> [ ] STREAM CONNECTED <span style="color:#800080;">16176</span> @000000dc unix <span style="color:#800080;">9</span> [ ] DGRAM <span style="color:#800080;">5292</span> /dev/log unix <span style="color:#800080;">1</span> [ ] STREAM CONNECTED <span style="color:#800080;">16182</span> @000000df</pre> <div class="cnblogs_code_toolbar"> <span class="cnblogs_code_copy"><img alt="复制代码" src="http://common.cnblogs.com/images/copycode.gif" /></span> </div> </div> <p> <br /> 从整体上看,netstat的输出结果可以分为两个部分: </p> <p> 一个是Active Internet connections,称为有源TCP连接,其中"Recv-Q"和"Send-Q"指%0A的是接收队列和发送队列。这些数字一般都应该是0。如果不是则表示软件包正在队列中堆积。这种情况只能在非常少的情况见到。 </p> <p> 另一个是Active UNIX domain sockets,称为有源Unix域套接口(和网络套接字一样,但是只能用于本机通信,性能可以提高一倍)。<br /> Proto显示连接使用的协议,RefCnt表示连接到本套接口上的进程号,Types显示套接口的类型,State显示套接口当前的状态,Path表示连接到套接口的其它进程使用的路径名。 </p> <h1> <strong>常见参数</strong> </h1> <p> -a (all)显示所有选项,默认不显示LISTEN相关<br /> -t (tcp)仅显示tcp相关选项<br /> -u (udp)仅显示udp相关选项<br /> -n 拒绝显示别名,能显示数字的全部转化成数字。<br /> -l 仅列出有在 Listen (监听) 的服務状态 </p> <p> -p 显示建立相关链接的程序名<br /> -r 显示路由信息,路由表<br /> -e 显示扩展信息,例如uid等<br /> -s 按各个协议进行统计<br /> -c 每隔一个固定时间,执行该netstat命令。 </p> <p> 提示:LISTEN和LISTENING的状态只有用-a或者-l才能看到 </p> <p> &nbsp; </p> <h1> <strong>实用命令实例</strong> </h1> <h2> <strong>1. 列出所有端口 (包括监听和未监听的)</strong> </h2> <p> <strong>&nbsp; 列出所有端口 netstat -a</strong> </p> <div class="wp_syntax"> <div class="code"> <div class="cnblogs_code"> <div class="cnblogs_code_toolbar"> <span class="cnblogs_code_copy"><img alt="复制代码" src="http://common.cnblogs.com/images/copycode.gif" /></span> </div> <pre># netstat -a | more Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> localhost:<span style="color:#800080;">30037</span> *:* LISTEN udp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> *:bootpc *:* Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix <span style="color:#800080;">2</span> [ ACC ] STREAM LISTENING <span style="color:#800080;">6135</span> /tmp/.X11-unix/X0 unix <span style="color:#800080;">2</span> [ ACC ] STREAM LISTENING <span style="color:#800080;">5140</span> /<span style="color:#0000ff;">var</span>/run/acpid.socket</pre> <div class="cnblogs_code_toolbar"> <span class="cnblogs_code_copy"><img alt="复制代码" src="http://common.cnblogs.com/images/copycode.gif" /></span> </div> </div> </div> </div> <p> <strong>&nbsp; 列出所有 tcp 端口 netstat -at</strong> </p> <div class="wp_syntax"> <div class="code"> <div class="cnblogs_code"> <div class="cnblogs_code_toolbar"> <span class="cnblogs_code_copy"><img alt="复制代码" src="http://common.cnblogs.com/images/copycode.gif" /></span> </div> <pre># netstat -at Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> localhost:<span style="color:#800080;">30037</span> *:* LISTEN tcp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> localhost:ipp *:* LISTEN tcp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> *:smtp *:* LISTEN tcp6 <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> localhost:ipp [::]:* LISTEN</pre> <div class="cnblogs_code_toolbar"> <span class="cnblogs_code_copy"><img alt="复制代码" src="http://common.cnblogs.com/images/copycode.gif" /></span> </div> </div> </div> </div> <p> <strong>&nbsp; 列出所有 udp 端口 netstat -au</strong> </p> <div class="wp_syntax"> <div class="code"> <div class="cnblogs_code"> <pre># netstat -au Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State udp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> *:bootpc *:* udp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> *:<span style="color:#800080;">49119</span> *:* udp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> *:mdns *:*</pre> </div> </div> </div> <h2> <strong>2. 列出所有处于监听状态的 Sockets</strong> </h2> <p> <strong>&nbsp; 只显示监听端口 netstat -l</strong> </p> <div class="wp_syntax"> <div class="code"> <div class="cnblogs_code"> <pre># netstat -l Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> localhost:ipp *:* LISTEN tcp6 <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> localhost:ipp [::]:* LISTEN udp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> *:<span style="color:#800080;">49119</span> *:*</pre> </div> </div> </div> <p> <strong>&nbsp; 只列出所有监听 tcp 端口 netstat -lt</strong> </p> <div class="wp_syntax"> <div class="code"> <div class="cnblogs_code"> <pre># netstat -lt Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> localhost:<span style="color:#800080;">30037</span> *:* LISTEN tcp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> *:smtp *:* LISTEN tcp6 <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> localhost:ipp [::]:* LISTEN</pre> </div> </div> </div> <p> <strong>&nbsp; 只列出所有监听 udp 端口 netstat -lu</strong> </p> <div class="wp_syntax"> <div class="code"> <div class="cnblogs_code"> <pre># netstat -lu Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State udp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> *:<span style="color:#800080;">49119</span> *:* udp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> *:mdns *:*</pre> </div> </div> </div> <p> <strong>&nbsp; 只列出所有监听 UNIX 端口 netstat -lx</strong> </p> <div class="wp_syntax"> <div class="code"> <div class="cnblogs_code"> <div class="cnblogs_code_toolbar"> <span class="cnblogs_code_copy"><img alt="复制代码" src="http://common.cnblogs.com/images/copycode.gif" /></span> </div> <pre># netstat -lx Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node Path unix <span style="color:#800080;">2</span> [ ACC ] STREAM LISTENING <span style="color:#800080;">6294</span> <span style="color:#0000ff;">private</span>/maildrop unix <span style="color:#800080;">2</span> [ ACC ] STREAM LISTENING <span style="color:#800080;">6203</span> <span style="color:#0000ff;">public</span>/cleanup unix <span style="color:#800080;">2</span> [ ACC ] STREAM LISTENING <span style="color:#800080;">6302</span> <span style="color:#0000ff;">private</span>/ifmail unix <span style="color:#800080;">2</span> [ ACC ] STREAM LISTENING <span style="color:#800080;">6306</span> <span style="color:#0000ff;">private</span>/bsmtp</pre> <div class="cnblogs_code_toolbar"> <span class="cnblogs_code_copy"><img alt="复制代码" src="http://common.cnblogs.com/images/copycode.gif" /></span> </div> </div> </div> </div> <h2> <strong>3. 显示每个协议的统计信息</strong> </h2> <p> <strong>&nbsp; 显示所有端口的统计信息 netstat -s</strong> </p> <div class="wp_syntax"> <div class="code"> <div class="cnblogs_code"> <div class="cnblogs_code_toolbar"> <span class="cnblogs_code_copy"><img alt="复制代码" src="http://common.cnblogs.com/images/copycode.gif" /></span> </div> <pre># netstat -s Ip: <span style="color:#800080;">11150</span> total packets received <span style="color:#800080;">1</span> with invalid addresses <span style="color:#800080;">0</span> forwarded <span style="color:#800080;">0</span> incoming packets discarded <span style="color:#800080;">11149</span> incoming packets delivered <span style="color:#800080;">11635</span> requests sent <span style="color:#0000ff;">out</span> Icmp: <span style="color:#800080;">0</span> ICMP messages received <span style="color:#800080;">0</span> input ICMP message failed. Tcp: <span style="color:#800080;">582</span> active connections openings <span style="color:#800080;">2</span> failed connection attempts <span style="color:#800080;">25</span> connection resets received Udp: <span style="color:#800080;">1183</span> packets received <span style="color:#800080;">4</span> packets to unknown port received. .....</pre> <div class="cnblogs_code_toolbar"> <span class="cnblogs_code_copy"><img alt="复制代码" src="http://common.cnblogs.com/images/copycode.gif" /></span> </div> </div> </div> </div> <p> <strong>&nbsp; 显示 TCP 或 UDP 端口的统计信息 netstat -st 或 -su</strong> </p> <div class="wp_syntax"> <div class="code"> <div class="cnblogs_code"> <pre># netstat -st # netstat -su</pre> </div> </div> </div> <h2> <strong>4. 在 netstat 输出中显示 PID 和进程名称 netstat -p</strong> </h2> <p> netstat -p 可以与其它开关一起使用,就可以添加 “PID/进程名称” 到 netstat 输出中,这样 debugging 的时候可以很方便的发现特定端口运行的程序。 </p> <div class="wp_syntax"> <div class="code"> <div class="cnblogs_code"> <pre># netstat -pt Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp <span style="color:#800080;">1</span> <span style="color:#800080;">0</span> ramesh-laptop.loc:<span style="color:#800080;">47212</span> <span style="color:#800080;">192.168</span>.<span style="color:#800080;">185.75</span>:www CLOSE_WAIT <span style="color:#800080;">2109</span>/firefox tcp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> ramesh-laptop.loc:<span style="color:#800080;">52750</span> lax:www ESTABLISHED <span style="color:#800080;">2109</span>/firefox</pre> </div> <pre class="bash"></pre> </div> </div> <h2> <strong>5. 在 netstat 输出中不显示主机,端口和用户名 (host, port or user)</strong> </h2> <p> 当你不想让主机,端口和用户名显示,使用 netstat -n。将会使用数字代替那些名称。 </p> <p> 同样可以加速输出,因为不用进行比对查询。 </p> <div class="wp_syntax"> <div class="code"> <div class="cnblogs_code"> <pre># netstat -an</pre> </div> </div> </div> <p> 如果只是不想让这三个名称中的一个被显示,使用以下命令 </p> <div class="wp_syntax"> <div class="code"> <div class="cnblogs_code"> <pre># netsat -a --numeric-ports # netsat -a --numeric-hosts # netsat -a --numeric-users</pre> </div> </div> </div> <h2> <strong>6. 持续输出 netstat 信息</strong> </h2> <p> netstat 将每隔一秒输出网络信息。 </p> <div class="wp_syntax"> <div class="code"> <div class="cnblogs_code"> <div class="cnblogs_code_toolbar"> <span class="cnblogs_code_copy"><img alt="复制代码" src="http://common.cnblogs.com/images/copycode.gif" /></span> </div> <pre># netstat -c Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> ramesh-laptop.loc:<span style="color:#800080;">36130</span> <span style="color:#800080;">101</span>-<span style="color:#800080;">101</span>-<span style="color:#800080;">181</span>-<span style="color:#800080;">225</span>.ama:www ESTABLISHED tcp <span style="color:#800080;">1</span> <span style="color:#800080;">1</span> ramesh-laptop.loc:<span style="color:#800080;">52564</span> <span style="color:#800080;">101.11</span>.<span style="color:#800080;">169.230</span>:www CLOSING tcp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> ramesh-laptop.loc:<span style="color:#800080;">43758</span> server-<span style="color:#800080;">101</span>-<span style="color:#800080;">101</span>-<span style="color:#800080;">43</span>-<span style="color:#800080;">2</span>:www ESTABLISHED tcp <span style="color:#800080;">1</span> <span style="color:#800080;">1</span> ramesh-laptop.loc:<span style="color:#800080;">42367</span> <span style="color:#800080;">101.101</span>.<span style="color:#800080;">34.101</span>:www CLOSING ^C</pre> <div class="cnblogs_code_toolbar"> <span class="cnblogs_code_copy"><img alt="复制代码" src="http://common.cnblogs.com/images/copycode.gif" /></span> </div> </div> </div> </div> <h2> <strong>7. 显示系统不支持的地址族 (Address Families)</strong> </h2> <div class="wp_syntax"> <div class="code"> <div class="cnblogs_code"> <pre>netstat --verbose</pre> </div> </div> </div> <p> 在输出的末尾,会有如下的信息 </p> <div class="wp_syntax"> <div class="code"> <div class="cnblogs_code"> <pre>netstat: no support <span style="color:#0000ff;">for</span> `AF IPX<span style="color:#800000;">'</span><span style="color:#800000;"> on this system.</span><span style="color:#800000;"> </span>netstat: no support <span style="color:#0000ff;">for</span> `AF AX25<span style="color:#800000;">'</span><span style="color:#800000;"> on this system.</span><span style="color:#800000;"> </span>netstat: no support <span style="color:#0000ff;">for</span> `AF X25<span style="color:#800000;">'</span><span style="color:#800000;"> on this system.</span><span style="color:#800000;"> </span>netstat: no support <span style="color:#0000ff;">for</span> `AF NETROM<span style="color:#800000;">'</span><span style="color:#800000;"> on this system.</span></pre> </div> </div> </div> <h2> <strong>8. 显示核心路由信息 netstat -r</strong> </h2> <div class="wp_syntax"> <div class="code"> <div class="cnblogs_code"> <pre># netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface <span style="color:#800080;">192.168</span>.<span style="color:#800080;">1.0</span> * <span style="color:#800080;">255.255</span>.<span style="color:#800080;">255.0</span> U <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> eth2 link-local * <span style="color:#800080;">255.255</span>.<span style="color:#800080;">0.0</span> U <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> eth2 <span style="color:#0000ff;">default</span> <span style="color:#800080;">192.168</span>.<span style="color:#800080;">1.1</span> <span style="color:#800080;">0.0</span>.<span style="color:#800080;">0.0</span> UG <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> eth2</pre> </div> </div> </div> <p> <strong>注意:</strong>&nbsp;使用 netstat -rn 显示数字格式,不查询主机名称。 </p> <h2> <strong>9. 找出程序运行的端口</strong> </h2> <p> 并不是所有的进程都能找到,没有权限的会不显示,使用 root 权限查看所有的信息。 </p> <div class="wp_syntax"> <div class="code"> <div class="cnblogs_code"> <pre># netstat -ap | grep ssh tcp <span style="color:#800080;">1</span> <span style="color:#800080;">0</span> dev-db:ssh <span style="color:#800080;">101.174</span>.<span style="color:#800080;">100.22</span>:<span style="color:#800080;">39213</span> CLOSE_WAIT - tcp <span style="color:#800080;">1</span> <span style="color:#800080;">0</span> dev-db:ssh <span style="color:#800080;">101.174</span>.<span style="color:#800080;">100.22</span>:<span style="color:#800080;">57643</span> CLOSE_WAIT -</pre> </div> </div> </div> <p> <strong>&nbsp; 找出运行在指定端口的进程</strong> </p> <div class="wp_syntax"> <div class="code"> <div class="cnblogs_code"> <pre># netstat -an | grep <span style="color:#800000;">'</span><span style="color:#800000;">:80</span><span style="color:#800000;">'</span></pre> </div> </div> </div> <h2> <strong>10. 显示网络接口列表</strong> </h2> <div class="wp_syntax"> <div class="code"> <div class="cnblogs_code"> <pre># netstat -i Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 <span style="color:#800080;">1500</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> BMU eth2 <span style="color:#800080;">1500</span> <span style="color:#800080;">0</span> <span style="color:#800080;">26196</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">26883</span> <span style="color:#800080;">6</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> BMRU lo <span style="color:#800080;">16436</span> <span style="color:#800080;">0</span> <span style="color:#800080;">4</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">4</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> LRU</pre> </div> </div> </div> <p> 显示详细信息,像是 ifconfig 使用 netstat -ie: </p> <div class="wp_syntax"> <div class="code"> <div class="cnblogs_code"> <div class="cnblogs_code_toolbar"> <span class="cnblogs_code_copy"><img alt="复制代码" src="http://common.cnblogs.com/images/copycode.gif" /></span> </div> <pre># netstat -ie Kernel Interface table eth0 Link encap:Ethernet HWaddr <span style="color:#800080;">00</span>:<span style="color:#800080;">10</span>:<span style="color:#800080;">40</span>:<span style="color:#800080;">11</span>:<span style="color:#800080;">11</span>:<span style="color:#800080;">11</span> UP BROADCAST MULTICAST MTU:<span style="color:#800080;">1500</span> Metric:<span style="color:#800080;">1</span> RX packets:<span style="color:#800080;">0</span> errors:<span style="color:#800080;">0</span> dropped:<span style="color:#800080;">0</span> overruns:<span style="color:#800080;">0</span> frame:<span style="color:#800080;">0</span> TX packets:<span style="color:#800080;">0</span> errors:<span style="color:#800080;">0</span> dropped:<span style="color:#800080;">0</span> overruns:<span style="color:#800080;">0</span> carrier:<span style="color:#800080;">0</span> collisions:<span style="color:#800080;">0</span> txqueuelen:<span style="color:#800080;">1000</span> RX bytes:<span style="color:#800080;">0</span> (<span style="color:#800080;">0.0</span> B) TX bytes:<span style="color:#800080;">0</span> (<span style="color:#800080;">0.0</span> B) Memory:f6ae0000-f6b00000</pre> <div class="cnblogs_code_toolbar"> <span class="cnblogs_code_copy"><img alt="复制代码" src="http://common.cnblogs.com/images/copycode.gif" /></span> </div> </div> <h2> <strong>11. IP和TCP分析</strong> </h2> <p> <strong>&nbsp; 查看连接某服务端口最多的的IP地址</strong> </p> <div class="cnblogs_code"> <div class="cnblogs_code_toolbar"> <span class="cnblogs_code_copy"><img alt="复制代码" src="http://common.cnblogs.com/images/copycode.gif" /></span> </div> <pre>wss8848@ubuntu:~$ netstat -nat | grep <span style="color:#800000;">"</span><span style="color:#800000;">192.168.1.15:22</span><span style="color:#800000;">"</span> |awk <span style="color:#800000;">'</span><span style="color:#800000;">{print $5}</span><span style="color:#800000;">'</span>|awk -F: <span style="color:#800000;">'</span><span style="color:#800000;">{print $1}</span><span style="color:#800000;">'</span>|sort|uniq -c|sort -nr|head -<span style="color:#800080;">20</span> <span style="color:#800080;">18</span> <span style="color:#800080;">221.136</span>.<span style="color:#800080;">168.36</span> <span style="color:#800080;">3</span> <span style="color:#800080;">154.74</span>.<span style="color:#800080;">45.242</span> <span style="color:#800080;">2</span> <span style="color:#800080;">78.173</span>.<span style="color:#800080;">31.236</span> <span style="color:#800080;">2</span> <span style="color:#800080;">62.183</span>.<span style="color:#800080;">207.98</span> <span style="color:#800080;">2</span> <span style="color:#800080;">192.168</span>.<span style="color:#800080;">1.14</span> <span style="color:#800080;">2</span> <span style="color:#800080;">182.48</span>.<span style="color:#800080;">111.215</span> <span style="color:#800080;">2</span> <span style="color:#800080;">124.193</span>.<span style="color:#800080;">219.34</span> <span style="color:#800080;">2</span> <span style="color:#800080;">119.145</span>.<span style="color:#800080;">41.2</span> <span style="color:#800080;">2</span> <span style="color:#800080;">114.255</span>.<span style="color:#800080;">41.30</span> <span style="color:#800080;">1</span> <span style="color:#800080;">75.102</span>.<span style="color:#800080;">11.99</span></pre> <div class="cnblogs_code_toolbar"> <span class="cnblogs_code_copy"><img alt="复制代码" src="http://common.cnblogs.com/images/copycode.gif" /></span> </div> </div> <p> <strong>&nbsp; TCP各种状态列表</strong> </p> <div class="cnblogs_code"> <div class="cnblogs_code_toolbar"> <span class="cnblogs_code_copy"><img alt="复制代码" src="http://common.cnblogs.com/images/copycode.gif" /></span> </div> <pre>wss8848@ubuntu:~$ netstat -nat |awk <span style="color:#800000;">'</span><span style="color:#800000;">{print $6}</span><span style="color:#800000;">'</span> established) Foreign LISTEN TIME_WAIT ESTABLISHED TIME_WAIT SYN_SENT</pre> <div class="cnblogs_code_toolbar"> <span class="cnblogs_code_copy"><img alt="复制代码" src="http://common.cnblogs.com/images/copycode.gif" /></span> </div> </div> <pre class="php"><span style="font-size:14px;"> 先把状态全都取出来,然后使用uniq -c统计,之后再进行排序。</span></pre> <div class="cnblogs_code"> <div class="cnblogs_code_toolbar"> <span class="cnblogs_code_copy"><img alt="复制代码" src="http://common.cnblogs.com/images/copycode.gif" /></span> </div> <pre>wss8848@ubuntu:~$ netstat -nat |awk <span style="color:#800000;">'</span><span style="color:#800000;">{print $6}</span><span style="color:#800000;">'</span>|sort|uniq -c <span style="color:#800080;">143</span> ESTABLISHED <span style="color:#800080;">1</span> FIN_WAIT1 <span style="color:#800080;">1</span> Foreign <span style="color:#800080;">1</span> LAST_ACK <span style="color:#800080;">36</span> LISTEN <span style="color:#800080;">6</span> SYN_SENT <span style="color:#800080;">113</span> TIME_WAIT <span style="color:#800080;">1</span> established)</pre> <div class="cnblogs_code_toolbar"> <span class="cnblogs_code_copy"><img alt="复制代码" src="http://common.cnblogs.com/images/copycode.gif" /></span> </div> </div> <pre class="php"><span style="font-size:14px;"> 最后的命令如下:</span></pre> <div class="cnblogs_code"> <pre>netstat -nat |awk <span style="color:#800000;">'</span><span style="color:#800000;">{print $6}</span><span style="color:#800000;">'</span>|sort|uniq -c|sort -rn</pre> </div> <pre class="php"><span style="font-size:14px;"><strong>分析access.log获得访问前10位的ip地址</strong></span></pre> <div class="cnblogs_code"> <pre>awk <span style="color:#800000;">'</span><span style="color:#800000;">{print $1}</span><span style="color:#800000;">'</span> access.log |sort|uniq -c|sort -nr|head -<span style="color:#800080;">10</span></pre> </div> </div> </div>

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/30936525/viewspace-2018421/,如需转载,请注明出处,否则将追究法律责任。

请登录后发表评论 登录
全部评论

注册时间:2016-02-29

  • 博文量
    203
  • 访问量
    213319