netstat命令详解
0x01 功能说明
netstat命令用来显示本机网络连接、运行端口和中由表等信息
0x02 实验环境
Debian:bullseye-slim
0x03 命令的安装
apt-get install net-tools
0x04 命令文档
- 命令帮助
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35usage: netstat [-vWeenNcCF] [<Af>] -r netstat {-V|--version|-h|--help}
netstat [-vWnNcaeol] [<Socket> ...]
netstat { [-vWeenNac] -i | [-cnNe] -M | -s [-6tuw] }
-r, --route display routing table
-i, --interfaces display interface table
-g, --groups display multicast group memberships
-s, --statistics display networking statistics (like SNMP)
-M, --masquerade display masqueraded connections
-v, --verbose be verbose
-W, --wide don't truncate IP addresses
-n, --numeric don't resolve names
--numeric-hosts don't resolve host names
--numeric-ports don't resolve port names
--numeric-users don't resolve user names
-N, --symbolic resolve hardware names
-e, --extend display other/more information
-p, --programs display PID/Program name for sockets
-o, --timers display timers
-c, --continuous continuous listing
-l, --listening display listening server sockets
-a, --all display all sockets (default: connected)
-F, --fib display Forwarding Information Base (default)
-C, --cache display routing cache instead of FIB
-Z, --context display SELinux security context for sockets
<Socket>={-t|--tcp} {-u|--udp} {-U|--udplite} {-S|--sctp} {-w|--raw}
{-x|--unix} --ax25 --ipx --netrom
<AF>=Use '-6|-4' or '-A <af>' or '--<af>'; default: inet
List of possible address families (which support routing):
inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25)
netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP)
x25 (CCITT X.25) - 常用参数
| 选项 | 说明 |
|---|---|
| -a, –all | 显示本机所有连接和监听端口(若不加就不会展示LISTEN状态的连接) |
| -n, –numeric | 以网络IP地址的形式显示当前建立的有效连接和端口 |
| -t, –tcp | 显示所有的TCP协议连接情况 |
| -u, –udp | 显示所有的UDP协议连接情况 |
| -l | 仅显示连接状态为“LISTEN”的服务折网络状态 |
| -4 | 仅显示IPv4连接 |
| -6 | 仅显示IPv6连接 |
| -s | 显示按协议的统计信息。默认情况下,将显示IP、IPV6、ICMP、ICMPv6、TCP、TCPv6、UDP和UDPv6的统计信息 |
| -v | 显示当前的有效连接,与“-n”选项类似 |
| -p | 显示连接对应的PID与程序名 |
0x05 使用示例
- 列出所有TCP端口结果(有删减)
1
netstat -at
1
2
3
4
5
6Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 NAS4XUN:16509 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:microsoft-ds 0.0.0.0:* LISTEN
tcp 0 0 NAS4XUN:35743 0.0.0.0:* LISTEN
tcp 0 0 NAS4XUN:44947 NAS4XUN:54194 ESTABLISHED - 以IP地址显示结果(有删减)
1
netstat -nat
1
2
3
4
5
6
7
8Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:35743 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:44947 127.0.0.1:54194 ESTABLISHED
tcp 0 0 127.0.0.1:52506 127.0.0.1:44141 TIME_WAIT
tcp 0 0 192.168.7.100:53296 139.162.75.196:443 ESTABLISHED
tcp 0 0 192.168.7.100:58890 72.14.179.64:443 ESTABLISHED - 只展示IPv4的tcp连接结果(有删减)
1
netstat -nat4
1
2
3
4
5
6
7
8
9
10
11Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:35743 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:60126 127.0.0.1:37539 ESTABLISHED
tcp 1 0 192.168.7.100:35716 99.81.164.127:80 CLOSE_WAIT
tcp 1 0 192.168.7.100:49066 99.81.153.144:443 CLOSE_WAIT
tcp 0 0 127.0.0.1:39904 127.0.0.1:40061 TIME_WAIT
tcp 0 0 127.0.0.1:54506 127.0.0.1:41555 TIME_WAIT
tcp 0 0 127.0.0.1:46651 127.0.0.1:49900 ESTABLISHED
tcp 0 0 127.0.0.1:35603 127.0.0.1:32814 ESTABLISHED参考资料
- Linux命令(33):netstat命令-显示网络端口信息
- Linux 监控tcp连接数及状态
赏
使用支付宝打赏
使用微信打赏
若你觉得我的文章对你有帮助,欢迎点击上方按钮对我打赏
扫描二维码,分享此文章