netstat 中文man页面

NAME

netstat - 显示网络连接，路由表，接口状态，伪装连接，网络链路信息和组播成员组。  

总览 SYNOPSIS

netstat [address_family_options] [--tcp|-t] [--udp|-u] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--symbolic|-N] [--extend|-e[--extend|-e]] [--timers|-o] [--program|-p] [--verbose|-v] [--continuous|-c] [delay] netstat {--route|-r} [address_family_options] [--extend|-e[--extend|-e]] [--verbose|-v] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay] netstat {--interfaces|-i} [iface] [--all|-a] [--extend|-e[--extend|-e]] [--verbose|-v] [--program|-p] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay] netstat {--groups|-g} [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay] netstat {--masquerade|-M} [--extend|-e] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay] netstat {--statistics|-s} [--tcp|-t] [--udp|-u] [--raw|-w] [delay] netstat {--version|-V} netstat {--help|-h} address_family_options:

[--protocol={inet,unix,ipx,ax25,netrom,ddp}[,...]] [--unix|-x] [--inet|--ip] [--ax25] [--ipx] [--netrom] [--ddp]

描述 DESCRIPTION

Netstat 程序显示Linux网络子系统的信息。 输出信息的类型是由***个参数控制的，就像这样：  

(none)

无选项时, netstat 显示打开的套接字. 如果不指定任何地址族，那么打印出所有已配置地址族的有效套接字。  

--route , -r

显示内核路由表。  

--groups , -g

显示IPv4 和 IPv6的IGMP组播组成员关系信息。  

--interface=iface , -iiface 。  

显示所有网络接口列表或者是指定的

--masquerade , -M

显示一份所有经伪装的会话列表。  

--statistics , -s

显示每种协议的统计信息。  

选项 OPTIONS

--verbose , -v

详细模式运行。特别是打印一些关于未配置地址族的有用信息。  

--numeric , -n

显示数字形式地址而不是去解析主机、端口或用户名。  

--numeric-hosts

显示数字形式的主机但是不影响端口或用户名的解析。  

--numeric-ports

显示数字端口号，但是不影响主机或用户名的解析。  

--numeric-users

显示数字的用户ID，但是不影响主机和端口名的解析。  

--protocol=family , -Afamily 以逗号分隔的地址族列表，比如 inet, unix, ipx, ax25, netrom, 和 ddp。 这样和使用 --inet, --unix (-x), --ipx, --ax25, --netrom, 和 --ddp 选项效果相同。 地址族 inet 包括raw, udp 和tcp 协议套接字。  

指定要显示哪些连接的地址族(也许在底层协议中可以更好地描述)。

-c, --continuous

将使 netstat 不断地每秒输出所选的信息。  

-e, --extend

显示附加信息。使用这个选项两次来获得所有细节。  

-o, --timers

包含与网络定时器有关的信息。  

-p, --program

显示套接字所属进程的PID和名称。  

-l, --listening

只显示正在侦听的套接字(这是默认的选项)  

-a, --all

显示所有正在或不在侦听的套接字。加上 --interfaces 选项将显示没有标记的接口。  

-F

显示FIB中的路由信息。(这是默认的选项)  

-C

显示路由缓冲中的路由信息。  

delay

netstat将循环输出统计信息，每隔 delay 秒。  

输出 OUTPUT

活动的Internet网络连接 (TCP, UDP, raw)

Proto

套接字使用的协议。  

Recv-Q

连接此套接字的用户程序未拷贝的字节数。  

Send-Q

远程主机未确认的字节数。  

Local Address

套接字的本地地址(本地主机名)和端口号。除非给定-n --numeric (-n) 选项，否则套接字地址按标准主机名(FQDN)进行解析，而端口号则转换到相应的服务名。  

Foreign Address

套接字的远程地址(远程主机名)和端口号。 Analogous to "Local Address."  

State

套接字的状态。因为在RAW协议中没有状态，而且UDP也不用状态信息，所以此行留空。通常它为以下几个值之一：

ESTABLISHED

套接字有一个有效连接。

SYN_SENT

套接字尝试建立一个连接。

SYN_RECV

从网络上收到一个连接请求。

FIN_WAIT1

套接字已关闭，连接正在断开。

FIN_WAIT2

连接已关闭，套接字等待远程方中止。

TIME_WAIT

在关闭之后，套接字等待处理仍然在网络中的分组

CLOSED

套接字未用。

CLOSE_WAIT

远程方已关闭，等待套接字关闭。

LAST_ACK

远程方中止，套接字已关闭。等待确认。

LISTEN

套接字监听进来的连接。如果不设置 --listening (-l) 或者 --all (-a) 选项，将不显示出来这些连接。

CLOSING

套接字都已关闭，而还未把所有数据发出。

UNKNOWN

套接字状态未知。

User

套接字属主的名称或UID。  

PID/Program name

以斜线分隔的处理套接字程序的PID及进程名。 --program 使此栏目被显示。你需要 superuser 权限来查看不是你拥有的套接字的信息。对IPX套接字还无法获得此信息。  

Timer

(this needs to be written)  

活动的UNIX域套接字

Proto

套接字所用的协议(通常是unix)。  

RefCnt

使用数量(也就是通过此套接字连接的进程数)。  

Flags

显示的标志为SO_ACCEPTON(显示为 ACC), SO_WAITDATA (W) 或 SO_NOSPACE (N)。 如果相应的进程等待一个连接请求，那么SO_ACCECPTON用于未连接的套接字。其它标志通常并不重要  

Type

套接字使用的一些类型：

SOCK_DGRAM

此套接字用于数据报(无连接)模式。

SOCK_STREAM

流模式(连接)套接字

SOCK_RAW

此套接字用于RAW模式。

SOCK_RDM

一种服务可靠性传递信息。

SOCK_SEQPACKET

连续分组套接字。

SOCK_PACKET

RAW接口使用套接字。

UNKNOWN

将来谁知道它的话将告诉我们，就填在这里 :-)

State

此字段包含以下关键字之一：

FREE

套接字未分配。

LISTENING

套接字正在监听一个连接请求。除非设置 --listening (-l) 或者 --all (-a) 选项，否则不显示。

CONNECTING

套接字正要建立连接。

CONNECTED

套接字已连接。

DISCONNECTING

套接字已断开。

(empty)

套接字未连。

UNKNOWN

！不应当出现这种状态的。

PID/Program name

处理此套接字的程序进程名和PID。上面关于活动的Internet连接的部分有更详细的信息。  

Path

当相应进程连入套接字时显示路径名。  

活动的IPX套接字

(this needs to be done by somebody who knows it)  

Active NET/ROM sockets

(this needs to be done by somebody who knows it)  

Active AX.25 sockets

(this needs to be done by somebody who knows it)

注意 NOTES

从linux 2.2内核开始 netstat -i 不再显示别名接口的统计信息。要获得每个别名接口的计数器，则需要用 ipchains(8) 命令。

文件 FILES

/etc/services -- 服务解释文件

/proc -- proc文件系统的挂载点。proc文件系统通过下列文件给出了内核状态信息。

/proc/net/dev -- 设备信息

/proc/net/raw -- RAW套接字信息

/proc/net/tcp -- TCP套接字信息

/proc/net/udp -- UDP套接字信息

/proc/net/igmp -- IGMP组播信息

/proc/net/unix -- Unix域套接字信息

/proc/net/ipx -- IPX套接字信息

/proc/net/ax25 -- AX25套接字信息

/proc/net/appletalk -- DDP(appletalk)套接字信息

/proc/net/nr -- NET/ROM套接字信息

/proc/net/route -- IP路由信息

/proc/net/ax25_route -- AX25路由信息

/proc/net/ipx_route -- IPX路由信息

/proc/net/nr_nodes -- NET/ROM节点列表

/proc/net/nr_neigh -- NET/ROM邻站

/proc/net/ip_masquerade -- 伪装连接

/proc/net/snmp -- 统计  

参见 SEE ALSO

route(8), ifconfig(8), ipchains(8), iptables(8), proc(5)  

#p#

NAME

netstat - Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships

SYNOPSIS

netstat [address_family_options] [--tcp|-t] [--udp|-u] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--symbolic|-N] [--extend|-e[--extend|-e]] [--timers|-o] [--program|-p] [--verbose|-v] [--continuous|-c] [delay] netstat {--route|-r} [address_family_options] [--extend|-e[--extend|-e]] [--verbose|-v] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay] netstat {--interfaces|-i} [iface] [--all|-a] [--extend|-e[--extend|-e]] [--verbose|-v] [--program|-p] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay] netstat {--groups|-g} [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay] netstat {--masquerade|-M} [--extend|-e] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay] netstat {--statistics|-s} [--tcp|-t] [--udp|-u] [--raw|-w] [delay] netstat {--version|-V} netstat {--help|-h} address_family_options:

[--protocol={inet,unix,ipx,ax25,netrom,ddp}[,...]] [--unix|-x] [--inet|--ip] [--ax25] [--ipx] [--netrom] [--ddp]

DESCRIPTION

Netstat prints information about the Linux networking subsystem. The type of information printed is controlled by the first argument, as follows:  

(none)

By default, netstat displays a list of open sockets. If you don't specify any address families, then the active sockets of all configured address families will be printed.  

--route , -r

Display the kernel routing tables.  

--groups , -g

Display multicast group membership information for IPv4 and IPv6.  

--interface=iface , -iiface).  

Display a table of all network interfaces, or the specified

--masquerade , -M

Display a list of masqueraded connections.  

--statistics , -s

Display summary statistics for each protocol.  

OPTIONS

--verbose , -v

Tell the user what is going on by being verbose. Especially print some useful information about unconfigured address families.  

--numeric , -n

Show numerical addresses instead of trying to determine symbolic host, port or user names.  

--numeric-hosts

shows numerical host addresses but does not affect the resolution of port or user names.  

--numeric-ports

shows numerical port numbers but does not affect the resolution of host or user names.  

--numeric-users

shows numerical user IDs but does not affect the resolution of host or port names.

--protocol=family , -Afamily is a comma (',') separated list of address family keywords like inet, unix, ipx, ax25, netrom, and ddp. This has the same effect as using the --inet, --unix (-x), --ipx, --ax25, --netrom, and --ddp options. The address family inet includes raw, udp and tcp protocol sockets.  

Specifies the address families (perhaps better described as low level protocols) for which connections are to be shown.

-c, --continuous

This will cause netstat to print the selected information every second continuously.  

-e, --extend

Display additional information. Use this option twice for maximum detail.  

-o, --timers

Include information related to networking timers.  

-p, --program

Show the PID and name of the program to which each socket belongs.  

-l, --listening

Show only listening sockets. (These are omitted by default.)  

-a, --all

Show both listening and non-listening sockets. With the --interfaces option, show interfaces that are not marked  

-F

Print routing information from the FIB. (This is the default.)  

-C

Print routing information from the route cache.  

delay

Netstat will cycle printing through statistics every delay seconds. UP.  

OUTPUT

Active Internet connections (TCP, UDP, raw)

Proto

The protocol (tcp, udp, raw) used by the socket.  

Recv-Q

The count of bytes not copied by the user program connected to this socket.  

Send-Q

The count of bytes not acknowledged by the remote host.  

Local Address

Address and port number of the local end of the socket. Unless the --numeric (-n) option is specified, the socket address is resolved to its canonical host name (FQDN), and the port number is translated into the corresponding service name.  

Foreign Address

Address and port number of the remote end of the socket. Analogous to "Local Address."  

State

The state of the socket. Since there are no states in raw mode and usually no states used in UDP, this column may be left blank. Normally this can be one of several values:

ESTABLISHED

The socket has an established connection.

SYN_SENT

The socket is actively attempting to establish a connection.

SYN_RECV

A connection request has been received from the network.

FIN_WAIT1

The socket is closed, and the connection is shutting down.

FIN_WAIT2

Connection is closed, and the socket is waiting for a shutdown from the remote end.

TIME_WAIT

The socket is waiting after close to handle packets still in the network.

CLOSED

The socket is not being used.

CLOSE_WAIT

The remote end has shut down, waiting for the socket to close.

LAST_ACK

The remote end has shut down, and the socket is closed. Waiting for acknowledgement.

LISTEN

The socket is listening for incoming connections. Such sockets are not included in the output unless you specify the --listening (-l) or --all (-a) option.

CLOSING

Both sockets are shut down but we still don't have all our data sent.

UNKNOWN

The state of the socket is unknown.

User

The username or the user id (UID) of the owner of the socket.  

PID/Program name

Slash-separated pair of the process id (PID) and process name of the process that owns the socket. --program causes this column to be included. You will also need superuser privileges to see this information on sockets you don't own. This identification information is not yet available for IPX sockets.  

Timer

(this needs to be written)  

Active UNIX domain Sockets

Proto

The protocol (usually unix) used by the socket.  

RefCnt

The reference count (i.e. attached processes via this socket).  

Flags

The flags displayed is SO_ACCEPTON (displayed as ACC), SO_WAITDATA (W) or SO_NOSPACE (N). SO_ACCECPTON is used on unconnected sockets if their corresponding processes are waiting for a connect request. The other flags are not of normal interest.  

Type

There are several types of socket access:

SOCK_DGRAM

The socket is used in Datagram (connectionless) mode.

SOCK_STREAM

This is a stream (connection) socket.

SOCK_RAW

The socket is used as a raw socket.

SOCK_RDM

This one serves reliably-delivered messages.

SOCK_SEQPACKET

This is a sequential packet socket.

SOCK_PACKET

Raw interface access socket.

UNKNOWN

Who ever knows what the future will bring us - just fill in here :-)

State

This field will contain one of the following Keywords:

FREE

The socket is not allocated

LISTENING

The socket is listening for a connection request. Such sockets are only included in the output if you specify the --listening (-l) or --all (-a) option.

CONNECTING

The socket is about to establish a connection.

CONNECTED

The socket is connected.

DISCONNECTING

The socket is disconnecting.

(empty)

The socket is not connected to another one.

UNKNOWN

This state should never happen.

PID/Program name

Process ID (PID) and process name of the process that has the socket open. More info available in Active Internet connections section written above.  

Path

This is the path name as which the corresponding processes attached to the socket.  

Active IPX sockets

(this needs to be done by somebody who knows it)  

Active NET/ROM sockets

(this needs to be done by somebody who knows it)  

Active AX.25 sockets

(this needs to be done by somebody who knows it)

NOTES

Starting with Linux release 2.2 netstat -i does not show interface statistics for alias interfaces. To get per alias interface counters you need to setup explicit rules using the ipchains(8) command.

FILES

/etc/services -- The services translation file

/proc -- Mount point for the proc filesystem, which gives access to kernel status information via the following files.

/proc/net/dev -- device information

/proc/net/raw -- raw socket information

/proc/net/tcp -- TCP socket information

/proc/net/udp -- UDP socket information

/proc/net/igmp -- IGMP multicast information

/proc/net/unix -- Unix domain socket information

/proc/net/ipx -- IPX socket information

/proc/net/ax25 -- AX25 socket information

/proc/net/appletalk -- DDP (appletalk) socket information

/proc/net/nr -- NET/ROM socket information

/proc/net/route -- IP routing information

/proc/net/ax25_route -- AX25 routing information

/proc/net/ipx_route -- IPX routing information

/proc/net/nr_nodes -- NET/ROM nodelist

/proc/net/nr_neigh -- NET/ROM neighbours

/proc/net/ip_masquerade -- masqueraded connections

/proc/net/snmp -- statistics  

SEE ALSO

route(8), ifconfig(8), ipchains(8), iptables(8), proc(5)