Linux下用netstat檢視網路狀態、埠狀態

      netstat命令是一個監控TCP/IP網路的非常有用的工具，它可以顯示路由表、實際的網路連線以及每一個網路介面裝置的

      netstat命令的功能是顯示網路連線、路由表和網路介面資訊，可以讓使用者得知目前都有哪些網路連線正在運作。

      該命令的一般格式為：


      netstat [選項]

      命令中各選項的含義如下：

      -a 顯示所有socket，包括正在監聽的。

      -c 每隔1秒就重新顯示一遍，直到使用者中斷它。

      -i 顯示所有網路介面的資訊，格式同“ifconfig -e”。

      -n 以網路IP地址代替名稱，顯示出網路連線情形。

      -r 顯示核心路由表，格式同“route -e”。

      -t 顯示TCP協議的連線情況。

      -u 顯示UDP協議的連線情況。

      -v 顯示正在進行的工作。

1. netstat -an | grep LISTEN
      0.0.0.0的就是每個IP都有的服務，寫明哪個IP的就是繫結那個IP的服務。

2. netstat -tln
      用來檢視linux的埠使用情況

3. /etc/init.d/vsftp start
      是用來啟動ftp埠~！

4. netstat
      檢視已經連線的服務埠（ESTABLISHED）

5. netstat -a
      檢視所有的服務埠（LISTEN，ESTABLISHED）

6. sudo netstat -ap
      檢視所有的服務埠並顯示對應的服務程式名

7. nmap ＜掃描型別＞＜掃描引數＞
例如：
       nmap localhost

nmap -p 1024-65535 localhost

nmap -PT 192.168.1.127-245

當我們使用　netstat -apn　檢視網路連線的時候，會發現很多類似下面的內容：
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 52 218.104.81.152：7710 211.100.39.250：29488 ESTABLISHED 6111/1

－－－－

 ESTABLISHED
          The socket has an established connection.
   SYN_SENT
          The socket is actively attempting to establish a connection.
   SYN_RECV
          A connection request has been received from the network.
   FIN_WAIT1
          The socket is closed, and the connection is shutting down.
   FIN_WAIT2
          Connection is closed, and the socket is waiting for  a  shutdown
          from the remote end.
   TIME_WAIT
          The socket is waiting after close to handle packets still in the
          network.
   CLOSE  The socket is not being used.
   CLOSE_WAIT
          The remote end has shut down, waiting for the socket to close.
   LAST_ACK
          The remote end has shut down, and the socket is closed.  Waiting
          for acknowledgement.
   LISTEN The  socket is listening for incoming connections.  Such sockets
          are  not  included  in  the  output  unless  you   specify   the
          --listening (-l) or --all (-a) option.
   CLOSING
          Both  sockets are shut down but we still don't have all our data
          sent.
   UNKNOWN
          The state of the socket is unknown.

Consider two programs attempting a socket connection (call them a and b). Both set up sockets and transition to the LISTEN state. Then one program (say a) tries to connect to the other (b). asends a request and enters the SYN_SENT state, and b receives the request and enters the SYN_RECV state. When b acknowledges the request, they enter the ESTABLISHED state, and do their business. Now a couple of things can happen:

1. a wishes to close the connection, and enters FIN_WAIT1. b receives the FIN request, sends an ACK (then a enters FIN_WAIT2), enters CLOSE_WAIT, tells a it is closing down and the enters LAST_ACK. Once a acknowledges this (and enters TIME_WAIT), b enters CLOSE. a waits a bit to see if anythings is left, then enters CLOSE.
2. a and b have finished their business and decide to close the connection (simultaneous closing). When a is in FIN_WAIT, and instead of receiving an ACK from b, it receives a FIN(as b wishes to close it as well), a enters CLOSING. But there are still some messages to send (the ACK that a is supposed to get for its original FIN), and once this ACK arrives, aenters TIME_WAIT as usual.

顯示這臺伺服器開放了7710埠，那麼這個埠屬於哪個程式呢？我們可以使用　lsof -i ：7710　命令來查詢：
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 1990 root 3u IPv4 4836 TCP *：7710 （LISTEN） 54com.cn

這樣，我們就知道了7710埠是屬於sshd程式的。