轉載Linux Netstat 命令詳細解釋
2018.08.19<br />
<br />
作為一個運維人員,居然對Netstat 命令不熟悉,實在是慚愧,今天找到一個帖子寫的非常好,也非常使用,這裡分享出來。<br />
原文地址:http://www.cnblogs.com/ggjucheng/archive/2012/01/08/2316661.html<br />
<h1>
<strong>簡介</strong>
</h1>
<p>
Netstat 命令用於顯示各種網路相關資訊,如網路連線,路由表,介面狀態 (Interface Statistics),masquerade
連線,多播成員 (Multicast Memberships) 等等。
</p>
<h1>
<strong>輸出資訊含義</strong>
</h1>
<p>
執行netstat後,其輸出結果為
</p>
<div class="cnblogs_code">
<div class="cnblogs_code_toolbar">
<span class="cnblogs_code_copy"><img alt="複製程式碼" src="http://common.cnblogs.com/images/copycode.gif" /></span>
</div>
<pre>Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp <span style="color:#800080;">0</span> <span style="color:#800080;">2</span> <span style="color:#800080;">210.34</span>.<span style="color:#800080;">6.89</span>:telnet <span style="color:#800080;">210.34</span>.<span style="color:#800080;">6.96</span>:<span style="color:#800080;">2873</span> ESTABLISHED
tcp <span style="color:#800080;">296</span> <span style="color:#800080;">0</span> <span style="color:#800080;">210.34</span>.<span style="color:#800080;">6.89</span>:<span style="color:#800080;">1165</span> <span style="color:#800080;">210.34</span>.<span style="color:#800080;">6.84</span>:netbios-ssn ESTABLISHED
tcp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> localhost.localdom:<span style="color:#800080;">9001</span> localhost.localdom:<span style="color:#800080;">1162</span> ESTABLISHED
tcp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> localhost.localdom:<span style="color:#800080;">1162</span> localhost.localdom:<span style="color:#800080;">9001</span> ESTABLISHED
tcp <span style="color:#800080;">0</span> <span style="color:#800080;">80</span> <span style="color:#800080;">210.34</span>.<span style="color:#800080;">6.89</span>:<span style="color:#800080;">1161</span> <span style="color:#800080;">210.34</span>.<span style="color:#800080;">6.10</span>:netbios-ssn CLOSE
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix <span style="color:#800080;">1</span> [ ] STREAM CONNECTED <span style="color:#800080;">16178</span> @000000dd
unix <span style="color:#800080;">1</span> [ ] STREAM CONNECTED <span style="color:#800080;">16176</span> @000000dc
unix <span style="color:#800080;">9</span> [ ] DGRAM <span style="color:#800080;">5292</span> /dev/log
unix <span style="color:#800080;">1</span> [ ] STREAM CONNECTED <span style="color:#800080;">16182</span> @000000df</pre>
<div class="cnblogs_code_toolbar">
<span class="cnblogs_code_copy"><img alt="複製程式碼" src="http://common.cnblogs.com/images/copycode.gif" /></span>
</div>
</div>
<p>
<br />
從整體上看,netstat的輸出結果可以分為兩個部分:
</p>
<p>
一個是Active Internet
connections,稱為有源TCP連線,其中"Recv-Q"和"Send-Q"指%0A的是接收佇列和傳送佇列。這些數字一般都應該是0。如果不是則表示軟體包正在佇列中堆積。這種情況只能在非常少的情況見到。
</p>
<p>
另一個是Active UNIX domain
sockets,稱為有源Unix域套介面(和網路套接字一樣,但是隻能用於本機通訊,效能可以提高一倍)。<br />
Proto顯示連線使用的協議,RefCnt表示連線到本套介面上的程式號,Types顯示套介面的型別,State顯示套介面當前的狀態,Path表示連線到套介面的其它程式使用的路徑名。
</p>
<h1>
<strong>常見引數</strong>
</h1>
<p>
-a (all)顯示所有選項,預設不顯示LISTEN相關<br />
-t (tcp)僅顯示tcp相關選項<br />
-u
(udp)僅顯示udp相關選項<br />
-n 拒絕顯示別名,能顯示數字的全部轉化成數字。<br />
-l 僅列出有在 Listen (監聽) 的服務狀態
</p>
<p>
-p 顯示建立相關連結的程式名<br />
-r 顯示路由資訊,路由表<br />
-e 顯示擴充套件資訊,例如uid等<br />
-s 按各個協議進行統計<br />
-c
每隔一個固定時間,執行該netstat命令。
</p>
<p>
提示:LISTEN和LISTENING的狀態只有用-a或者-l才能看到
</p>
<p>
</p>
<h1>
<strong>實用命令例項</strong>
</h1>
<h2>
<strong>1. 列出所有埠
(包括監聽和未監聽的)</strong>
</h2>
<p>
<strong> 列出所有埠 netstat -a</strong>
</p>
<div class="wp_syntax">
<div class="code">
<div class="cnblogs_code">
<div class="cnblogs_code_toolbar">
<span class="cnblogs_code_copy"><img alt="複製程式碼" src="http://common.cnblogs.com/images/copycode.gif" /></span>
</div>
<pre># netstat -a | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> localhost:<span style="color:#800080;">30037</span> *:* LISTEN
udp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> *:bootpc *:*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix <span style="color:#800080;">2</span> [ ACC ] STREAM LISTENING <span style="color:#800080;">6135</span> /tmp/.X11-unix/X0
unix <span style="color:#800080;">2</span> [ ACC ] STREAM LISTENING <span style="color:#800080;">5140</span> /<span style="color:#0000ff;">var</span>/run/acpid.socket</pre>
<div class="cnblogs_code_toolbar">
<span class="cnblogs_code_copy"><img alt="複製程式碼" src="http://common.cnblogs.com/images/copycode.gif" /></span>
</div>
</div>
</div>
</div>
<p>
<strong> 列出所有 tcp 埠 netstat -at</strong>
</p>
<div class="wp_syntax">
<div class="code">
<div class="cnblogs_code">
<div class="cnblogs_code_toolbar">
<span class="cnblogs_code_copy"><img alt="複製程式碼" src="http://common.cnblogs.com/images/copycode.gif" /></span>
</div>
<pre># netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> localhost:<span style="color:#800080;">30037</span> *:* LISTEN
tcp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> localhost:ipp *:* LISTEN
tcp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> *:smtp *:* LISTEN
tcp6 <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> localhost:ipp [::]:* LISTEN</pre>
<div class="cnblogs_code_toolbar">
<span class="cnblogs_code_copy"><img alt="複製程式碼" src="http://common.cnblogs.com/images/copycode.gif" /></span>
</div>
</div>
</div>
</div>
<p>
<strong> 列出所有 udp 埠 netstat -au</strong>
</p>
<div class="wp_syntax">
<div class="code">
<div class="cnblogs_code">
<pre># netstat -au
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> *:bootpc *:*
udp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> *:<span style="color:#800080;">49119</span> *:*
udp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> *:mdns *:*</pre>
</div>
</div>
</div>
<h2>
<strong>2. 列出所有處於監聽狀態的
Sockets</strong>
</h2>
<p>
<strong> 只顯示監聽埠 netstat -l</strong>
</p>
<div class="wp_syntax">
<div class="code">
<div class="cnblogs_code">
<pre># netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> localhost:ipp *:* LISTEN
tcp6 <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> localhost:ipp [::]:* LISTEN
udp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> *:<span style="color:#800080;">49119</span> *:*</pre>
</div>
</div>
</div>
<p>
<strong> 只列出所有監聽 tcp 埠 netstat -lt</strong>
</p>
<div class="wp_syntax">
<div class="code">
<div class="cnblogs_code">
<pre># netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> localhost:<span style="color:#800080;">30037</span> *:* LISTEN
tcp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> *:smtp *:* LISTEN
tcp6 <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> localhost:ipp [::]:* LISTEN</pre>
</div>
</div>
</div>
<p>
<strong> 只列出所有監聽 udp 埠 netstat -lu</strong>
</p>
<div class="wp_syntax">
<div class="code">
<div class="cnblogs_code">
<pre># netstat -lu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> *:<span style="color:#800080;">49119</span> *:*
udp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> *:mdns *:*</pre>
</div>
</div>
</div>
<p>
<strong> 只列出所有監聽 UNIX 埠 netstat -lx</strong>
</p>
<div class="wp_syntax">
<div class="code">
<div class="cnblogs_code">
<div class="cnblogs_code_toolbar">
<span class="cnblogs_code_copy"><img alt="複製程式碼" src="http://common.cnblogs.com/images/copycode.gif" /></span>
</div>
<pre># netstat -lx
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix <span style="color:#800080;">2</span> [ ACC ] STREAM LISTENING <span style="color:#800080;">6294</span> <span style="color:#0000ff;">private</span>/maildrop
unix <span style="color:#800080;">2</span> [ ACC ] STREAM LISTENING <span style="color:#800080;">6203</span> <span style="color:#0000ff;">public</span>/cleanup
unix <span style="color:#800080;">2</span> [ ACC ] STREAM LISTENING <span style="color:#800080;">6302</span> <span style="color:#0000ff;">private</span>/ifmail
unix <span style="color:#800080;">2</span> [ ACC ] STREAM LISTENING <span style="color:#800080;">6306</span> <span style="color:#0000ff;">private</span>/bsmtp</pre>
<div class="cnblogs_code_toolbar">
<span class="cnblogs_code_copy"><img alt="複製程式碼" src="http://common.cnblogs.com/images/copycode.gif" /></span>
</div>
</div>
</div>
</div>
<h2>
<strong>3. 顯示每個協議的統計資訊</strong>
</h2>
<p>
<strong> 顯示所有埠的統計資訊 netstat -s</strong>
</p>
<div class="wp_syntax">
<div class="code">
<div class="cnblogs_code">
<div class="cnblogs_code_toolbar">
<span class="cnblogs_code_copy"><img alt="複製程式碼" src="http://common.cnblogs.com/images/copycode.gif" /></span>
</div>
<pre># netstat -s
Ip: <span style="color:#800080;">11150</span> total packets received <span style="color:#800080;">1</span> with invalid addresses <span style="color:#800080;">0</span> forwarded <span style="color:#800080;">0</span> incoming packets discarded <span style="color:#800080;">11149</span> incoming packets delivered <span style="color:#800080;">11635</span> requests sent <span style="color:#0000ff;">out</span> Icmp: <span style="color:#800080;">0</span> ICMP messages received <span style="color:#800080;">0</span> input ICMP message failed.
Tcp: <span style="color:#800080;">582</span> active connections openings <span style="color:#800080;">2</span> failed connection attempts <span style="color:#800080;">25</span> connection resets received
Udp: <span style="color:#800080;">1183</span> packets received <span style="color:#800080;">4</span> packets to unknown port received.
.....</pre>
<div class="cnblogs_code_toolbar">
<span class="cnblogs_code_copy"><img alt="複製程式碼" src="http://common.cnblogs.com/images/copycode.gif" /></span>
</div>
</div>
</div>
</div>
<p>
<strong> 顯示 TCP 或 UDP 埠的統計資訊 netstat -st 或 -su</strong>
</p>
<div class="wp_syntax">
<div class="code">
<div class="cnblogs_code">
<pre># netstat -st
# netstat -su</pre>
</div>
</div>
</div>
<h2>
<strong>4. 在 netstat 輸出中顯示 PID 和程式名稱 netstat
-p</strong>
</h2>
<p>
netstat -p 可以與其它開關一起使用,就可以新增 “PID/程式名稱” 到 netstat 輸出中,這樣 debugging
的時候可以很方便的發現特定埠執行的程式。
</p>
<div class="wp_syntax">
<div class="code">
<div class="cnblogs_code">
<pre># netstat -pt
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp <span style="color:#800080;">1</span> <span style="color:#800080;">0</span> ramesh-laptop.loc:<span style="color:#800080;">47212</span> <span style="color:#800080;">192.168</span>.<span style="color:#800080;">185.75</span>:www CLOSE_WAIT <span style="color:#800080;">2109</span>/firefox
tcp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> ramesh-laptop.loc:<span style="color:#800080;">52750</span> lax:www ESTABLISHED <span style="color:#800080;">2109</span>/firefox</pre>
</div>
<pre class="bash"></pre>
</div>
</div>
<h2>
<strong>5. 在 netstat 輸出中不顯示主機,埠和使用者名稱 (host,
port or user)</strong>
</h2>
<p>
當你不想讓主機,埠和使用者名稱顯示,使用 netstat -n。將會使用數字代替那些名稱。
</p>
<p>
同樣可以加速輸出,因為不用進行比對查詢。
</p>
<div class="wp_syntax">
<div class="code">
<div class="cnblogs_code">
<pre># netstat -an</pre>
</div>
</div>
</div>
<p>
如果只是不想讓這三個名稱中的一個被顯示,使用以下命令
</p>
<div class="wp_syntax">
<div class="code">
<div class="cnblogs_code">
<pre># netsat -a --numeric-ports
# netsat -a --numeric-hosts
# netsat -a --numeric-users</pre>
</div>
</div>
</div>
<h2>
<strong>6. 持續輸出 netstat
資訊</strong>
</h2>
<p>
netstat 將每隔一秒輸出網路資訊。
</p>
<div class="wp_syntax">
<div class="code">
<div class="cnblogs_code">
<div class="cnblogs_code_toolbar">
<span class="cnblogs_code_copy"><img alt="複製程式碼" src="http://common.cnblogs.com/images/copycode.gif" /></span>
</div>
<pre># netstat -c
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> ramesh-laptop.loc:<span style="color:#800080;">36130</span> <span style="color:#800080;">101</span>-<span style="color:#800080;">101</span>-<span style="color:#800080;">181</span>-<span style="color:#800080;">225</span>.ama:www ESTABLISHED
tcp <span style="color:#800080;">1</span> <span style="color:#800080;">1</span> ramesh-laptop.loc:<span style="color:#800080;">52564</span> <span style="color:#800080;">101.11</span>.<span style="color:#800080;">169.230</span>:www CLOSING
tcp <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> ramesh-laptop.loc:<span style="color:#800080;">43758</span> server-<span style="color:#800080;">101</span>-<span style="color:#800080;">101</span>-<span style="color:#800080;">43</span>-<span style="color:#800080;">2</span>:www ESTABLISHED
tcp <span style="color:#800080;">1</span> <span style="color:#800080;">1</span> ramesh-laptop.loc:<span style="color:#800080;">42367</span> <span style="color:#800080;">101.101</span>.<span style="color:#800080;">34.101</span>:www CLOSING
^C</pre>
<div class="cnblogs_code_toolbar">
<span class="cnblogs_code_copy"><img alt="複製程式碼" src="http://common.cnblogs.com/images/copycode.gif" /></span>
</div>
</div>
</div>
</div>
<h2>
<strong>7. 顯示系統不支援的地址族 (Address
Families)</strong>
</h2>
<div class="wp_syntax">
<div class="code">
<div class="cnblogs_code">
<pre>netstat --verbose</pre>
</div>
</div>
</div>
<p>
在輸出的末尾,會有如下的資訊
</p>
<div class="wp_syntax">
<div class="code">
<div class="cnblogs_code">
<pre>netstat: no support <span style="color:#0000ff;">for</span> `AF IPX<span style="color:#800000;">'</span><span style="color:#800000;"> on this system.</span><span style="color:#800000;"> </span>netstat: no support <span style="color:#0000ff;">for</span> `AF AX25<span style="color:#800000;">'</span><span style="color:#800000;"> on this system.</span><span style="color:#800000;"> </span>netstat: no support <span style="color:#0000ff;">for</span> `AF X25<span style="color:#800000;">'</span><span style="color:#800000;"> on this system.</span><span style="color:#800000;"> </span>netstat: no support <span style="color:#0000ff;">for</span> `AF NETROM<span style="color:#800000;">'</span><span style="color:#800000;"> on this system.</span></pre>
</div>
</div>
</div>
<h2>
<strong>8. 顯示核心路由資訊 netstat
-r</strong>
</h2>
<div class="wp_syntax">
<div class="code">
<div class="cnblogs_code">
<pre># netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface <span style="color:#800080;">192.168</span>.<span style="color:#800080;">1.0</span> * <span style="color:#800080;">255.255</span>.<span style="color:#800080;">255.0</span> U <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> eth2
link-local * <span style="color:#800080;">255.255</span>.<span style="color:#800080;">0.0</span> U <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> eth2 <span style="color:#0000ff;">default</span> <span style="color:#800080;">192.168</span>.<span style="color:#800080;">1.1</span> <span style="color:#800080;">0.0</span>.<span style="color:#800080;">0.0</span> UG <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> eth2</pre>
</div>
</div>
</div>
<p>
<strong>注意:</strong> 使用 netstat -rn 顯示數字格式,不查詢主機名稱。
</p>
<h2>
<strong>9. 找出程式執行的埠</strong>
</h2>
<p>
並不是所有的程式都能找到,沒有許可權的會不顯示,使用 root 許可權檢視所有的資訊。
</p>
<div class="wp_syntax">
<div class="code">
<div class="cnblogs_code">
<pre># netstat -ap | grep ssh
tcp <span style="color:#800080;">1</span> <span style="color:#800080;">0</span> dev-db:ssh <span style="color:#800080;">101.174</span>.<span style="color:#800080;">100.22</span>:<span style="color:#800080;">39213</span> CLOSE_WAIT -
tcp <span style="color:#800080;">1</span> <span style="color:#800080;">0</span> dev-db:ssh <span style="color:#800080;">101.174</span>.<span style="color:#800080;">100.22</span>:<span style="color:#800080;">57643</span> CLOSE_WAIT -</pre>
</div>
</div>
</div>
<p>
<strong> 找出執行在指定埠的程式</strong>
</p>
<div class="wp_syntax">
<div class="code">
<div class="cnblogs_code">
<pre># netstat -an | grep <span style="color:#800000;">'</span><span style="color:#800000;">:80</span><span style="color:#800000;">'</span></pre>
</div>
</div>
</div>
<h2>
<strong>10. 顯示網路介面列表</strong>
</h2>
<div class="wp_syntax">
<div class="code">
<div class="cnblogs_code">
<pre># netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 <span style="color:#800080;">1500</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> BMU
eth2 <span style="color:#800080;">1500</span> <span style="color:#800080;">0</span> <span style="color:#800080;">26196</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">26883</span> <span style="color:#800080;">6</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> BMRU
lo <span style="color:#800080;">16436</span> <span style="color:#800080;">0</span> <span style="color:#800080;">4</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">4</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> <span style="color:#800080;">0</span> LRU</pre>
</div>
</div>
</div>
<p>
顯示詳細資訊,像是 ifconfig 使用 netstat -ie:
</p>
<div class="wp_syntax">
<div class="code">
<div class="cnblogs_code">
<div class="cnblogs_code_toolbar">
<span class="cnblogs_code_copy"><img alt="複製程式碼" src="http://common.cnblogs.com/images/copycode.gif" /></span>
</div>
<pre># netstat -ie
Kernel Interface table
eth0 Link encap:Ethernet HWaddr <span style="color:#800080;">00</span>:<span style="color:#800080;">10</span>:<span style="color:#800080;">40</span>:<span style="color:#800080;">11</span>:<span style="color:#800080;">11</span>:<span style="color:#800080;">11</span> UP BROADCAST MULTICAST MTU:<span style="color:#800080;">1500</span> Metric:<span style="color:#800080;">1</span> RX packets:<span style="color:#800080;">0</span> errors:<span style="color:#800080;">0</span> dropped:<span style="color:#800080;">0</span> overruns:<span style="color:#800080;">0</span> frame:<span style="color:#800080;">0</span> TX packets:<span style="color:#800080;">0</span> errors:<span style="color:#800080;">0</span> dropped:<span style="color:#800080;">0</span> overruns:<span style="color:#800080;">0</span> carrier:<span style="color:#800080;">0</span> collisions:<span style="color:#800080;">0</span> txqueuelen:<span style="color:#800080;">1000</span> RX bytes:<span style="color:#800080;">0</span> (<span style="color:#800080;">0.0</span> B) TX bytes:<span style="color:#800080;">0</span> (<span style="color:#800080;">0.0</span> B)
Memory:f6ae0000-f6b00000</pre>
<div class="cnblogs_code_toolbar">
<span class="cnblogs_code_copy"><img alt="複製程式碼" src="http://common.cnblogs.com/images/copycode.gif" /></span>
</div>
</div>
<h2>
<strong>11. IP和TCP分析</strong>
</h2>
<p>
<strong> 檢視連線某服務埠最多的的IP地址</strong>
</p>
<div class="cnblogs_code">
<div class="cnblogs_code_toolbar">
<span class="cnblogs_code_copy"><img alt="複製程式碼" src="http://common.cnblogs.com/images/copycode.gif" /></span>
</div>
<pre>wss8848@ubuntu:~$ netstat -nat | grep <span style="color:#800000;">"</span><span style="color:#800000;">192.168.1.15:22</span><span style="color:#800000;">"</span> |awk <span style="color:#800000;">'</span><span style="color:#800000;">{print $5}</span><span style="color:#800000;">'</span>|awk -F: <span style="color:#800000;">'</span><span style="color:#800000;">{print $1}</span><span style="color:#800000;">'</span>|sort|uniq -c|sort -nr|head -<span style="color:#800080;">20</span> <span style="color:#800080;">18</span> <span style="color:#800080;">221.136</span>.<span style="color:#800080;">168.36</span> <span style="color:#800080;">3</span> <span style="color:#800080;">154.74</span>.<span style="color:#800080;">45.242</span> <span style="color:#800080;">2</span> <span style="color:#800080;">78.173</span>.<span style="color:#800080;">31.236</span> <span style="color:#800080;">2</span> <span style="color:#800080;">62.183</span>.<span style="color:#800080;">207.98</span> <span style="color:#800080;">2</span> <span style="color:#800080;">192.168</span>.<span style="color:#800080;">1.14</span> <span style="color:#800080;">2</span> <span style="color:#800080;">182.48</span>.<span style="color:#800080;">111.215</span> <span style="color:#800080;">2</span> <span style="color:#800080;">124.193</span>.<span style="color:#800080;">219.34</span> <span style="color:#800080;">2</span> <span style="color:#800080;">119.145</span>.<span style="color:#800080;">41.2</span> <span style="color:#800080;">2</span> <span style="color:#800080;">114.255</span>.<span style="color:#800080;">41.30</span> <span style="color:#800080;">1</span> <span style="color:#800080;">75.102</span>.<span style="color:#800080;">11.99</span></pre>
<div class="cnblogs_code_toolbar">
<span class="cnblogs_code_copy"><img alt="複製程式碼" src="http://common.cnblogs.com/images/copycode.gif" /></span>
</div>
</div>
<p>
<strong> TCP各種狀態列表</strong>
</p>
<div class="cnblogs_code">
<div class="cnblogs_code_toolbar">
<span class="cnblogs_code_copy"><img alt="複製程式碼" src="http://common.cnblogs.com/images/copycode.gif" /></span>
</div>
<pre>wss8848@ubuntu:~$ netstat -nat |awk <span style="color:#800000;">'</span><span style="color:#800000;">{print $6}</span><span style="color:#800000;">'</span> established)
Foreign
LISTEN
TIME_WAIT
ESTABLISHED
TIME_WAIT
SYN_SENT</pre>
<div class="cnblogs_code_toolbar">
<span class="cnblogs_code_copy"><img alt="複製程式碼" src="http://common.cnblogs.com/images/copycode.gif" /></span>
</div>
</div>
<pre class="php"><span style="font-size:14px;"> 先把狀態全都取出來,然後使用uniq -c統計,之後再進行排序。</span></pre>
<div class="cnblogs_code">
<div class="cnblogs_code_toolbar">
<span class="cnblogs_code_copy"><img alt="複製程式碼" src="http://common.cnblogs.com/images/copycode.gif" /></span>
</div>
<pre>wss8848@ubuntu:~$ netstat -nat |awk <span style="color:#800000;">'</span><span style="color:#800000;">{print $6}</span><span style="color:#800000;">'</span>|sort|uniq -c <span style="color:#800080;">143</span> ESTABLISHED <span style="color:#800080;">1</span> FIN_WAIT1 <span style="color:#800080;">1</span> Foreign <span style="color:#800080;">1</span> LAST_ACK <span style="color:#800080;">36</span> LISTEN <span style="color:#800080;">6</span> SYN_SENT <span style="color:#800080;">113</span> TIME_WAIT <span style="color:#800080;">1</span> established)</pre>
<div class="cnblogs_code_toolbar">
<span class="cnblogs_code_copy"><img alt="複製程式碼" src="http://common.cnblogs.com/images/copycode.gif" /></span>
</div>
</div>
<pre class="php"><span style="font-size:14px;"> 最後的命令如下:</span></pre>
<div class="cnblogs_code">
<pre>netstat -nat |awk <span style="color:#800000;">'</span><span style="color:#800000;">{print $6}</span><span style="color:#800000;">'</span>|sort|uniq -c|sort -rn</pre>
</div>
<pre class="php"><span style="font-size:14px;"><strong>分析access.log獲得訪問前10位的ip地址</strong></span></pre>
<div class="cnblogs_code">
<pre>awk <span style="color:#800000;">'</span><span style="color:#800000;">{print $1}</span><span style="color:#800000;">'</span> access.log |sort|uniq -c|sort -nr|head -<span style="color:#800080;">10</span></pre>
</div>
</div>
</div>
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/30936525/viewspace-2018421/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Linux netstat命令詳解Linux
- linux netstat 命令詳解Linux
- Linux技術——netstat命令詳解Linux
- netstat命令詳解
- netstat 命令詳解
- Linux netstat 命令常用選項詳解Linux
- docker 命令詳細解釋Docker
- top命令詳細解釋
- linux awk命令詳解 --轉載Linux
- Linux netstat詳解Linux
- JPS 命令詳細解釋
- tar命令的詳細解釋
- Linux下 netstat ps kill 命令詳解及常用命令收集Linux
- LINUX top命令詳細解讀Linux
- LINUX ln命令硬連線軟連線詳細解釋Linux
- Linux - netstat命令Linux
- linux--ps命令詳細解說Linux
- 【轉載】linux tail命令的使用方法詳解LinuxAI
- git常用命令stash詳細解釋。Git
- Linux循序漸進(18):netstat命令(轉)Linux
- [轉]linux awk命令詳解Linux
- (轉)Linux find命令詳解Linux
- linux top命令詳解--轉Linux
- Linux命令詳解:efax(轉)Linux
- RAC詳細命令(轉)
- Linux之netstat命令Linux
- 轉載-RMAN下CROSSCHECK命令詳解ROS
- Linux下解壓命令、壓縮命令大全,詳細教程Linux
- 【轉】linux-命令top詳解Linux
- Linux關機命令詳解(轉)Linux
- MongoDB啟動命令mongod引數的詳細解釋MongoDB
- linux 定時任務 crontab 詳細解釋!Linux
- Linux grep命令詳細教程Linux
- [轉載] Linux 目錄詳解Linux
- Windows XP Services詳細解釋及建議(轉)Windows
- linux系統管理命令詳解(轉)Linux
- Servlet、HTTP詳細解釋!ServletHTTP
- LVM管理常用命令引數詳細解釋LVM