千家信息网

Linux下怎么用netstat查看网络状态、端口状态

发表于:2025-01-20 作者:千家信息网编辑
千家信息网最后更新 2025年01月20日,这篇文章给大家分享的是有关Linux下怎么用netstat查看网络状态、端口状态的内容。小编觉得挺实用的,因此分享给大家做个参考,一起跟随小编过来看看吧。netstat命令是一个监控TCP/IP网络的
千家信息网最后更新 2025年01月20日Linux下怎么用netstat查看网络状态、端口状态

这篇文章给大家分享的是有关Linux下怎么用netstat查看网络状态、端口状态的内容。小编觉得挺实用的,因此分享给大家做个参考,一起跟随小编过来看看吧。

netstat命令是一个监控TCP/IP网络的非常有用的工具,它可以显示路由表、实际的网络连接以及每一个网络接口设备的

netstat命令的功能是显示网络连接、路由表和网络接口信息,可以让用户得知目前都有哪些网络连接正在运作。

该命令的一般格式为:


netstat [选项]

命令中各选项的含义如下:

-a 显示所有socket,包括正在监听的。

-c 每隔1秒就重新显示一遍,直到用户中断它。

-i 显示所有网络接口的信息,格式同"ifconfig -e"。

-n 以网络IP地址代替名称,显示出网络连接情形。

-r 显示核心路由表,格式同"route -e"。

-t 显示TCP协议的连接情况。

-u 显示UDP协议的连接情况。

-v 显示正在进行的工作。

1. netstat -an | grep LISTEN
0.0.0.0的就是每个IP都有的服务,写明哪个IP的就是绑定那个IP的服务。

2. netstat -tln
用来查看linux的端口使用情况

3. /etc/init.d/vsftp start
是用来启动ftp端口~!

4. netstat
查看已经连接的服务端口(ESTABLISHED)

5. netstat -a
查看所有的服务端口(LISTEN,ESTABLISHED)

6. sudo netstat -ap
查看所有的服务端口并显示对应的服务程序名

7. nmap <扫描类型><扫描参数>
例如:
nmap localhost

nmap -p 1024-65535 localhost

nmap -PT 192.168.1.127-245

当我们使用 netstat -apn 查看网络连接的时候,会发现很多类似下面的内容:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 52 218.104.81.152:7710 211.100.39.250:29488 ESTABLISHED 6111/1

----

 ESTABLISHED          The socket has an established connection.   SYN_SENT          The socket is actively attempting to establish a connection.   SYN_RECV          A connection request has been received from the network.   FIN_WAIT1          The socket is closed, and the connection is shutting down.   FIN_WAIT2          Connection is closed, and the socket is waiting for  a  shutdown          from the remote end.   TIME_WAIT          The socket is waiting after close to handle packets still in the          network.   CLOSE  The socket is not being used.   CLOSE_WAIT          The remote end has shut down, waiting for the socket to close.   LAST_ACK          The remote end has shut down, and the socket is closed.  Waiting          for acknowledgement.   LISTEN The  socket is listening for incoming connections.  Such sockets          are  not  included  in  the  output  unless  you   specify   the          --listening (-l) or --all (-a) option.   CLOSING          Both  sockets are shut down but we still don't have all our data          sent.   UNKNOWN          The state of the socket is unknown.

Consider two programs attempting a socket connection (call them a and b). Both set up sockets and transition to the LISTEN state. Then one program (say a) tries to connect to the other (b). asends a request and enters the SYN_SENT state, and b receives the request and enters the SYN_RECV state. When b acknowledges the request, they enter the ESTABLISHED state, and do their business. Now a couple of things can happen:

  1. a wishes to close the connection, and enters FIN_WAIT1. b receives the FIN request, sends an ACK (then a enters FIN_WAIT2), enters CLOSE_WAIT, tells a it is closing down and the enters LAST_ACK. Once a acknowledges this (and enters TIME_WAIT), b enters CLOSE. a waits a bit to see if anythings is left, then enters CLOSE.

  2. a and b have finished their business and decide to close the connection (simultaneous closing). When a is in FIN_WAIT, and instead of receiving an ACK from b, it receives a FIN(as b wishes to close it as well), a enters CLOSING. But there are still some messages to send (the ACK that a is supposed to get for its original FIN), and once this ACK arrives, aenters TIME_WAIT as usual.



显示这台服务器开放了7710端口,那么这个端口属于哪个程序呢?我们可以使用 lsof -i :7710 命令来查询:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 1990 root 3u IPv4 4836 TCP *:7710 (LISTEN) 54com.cn

这样,我们就知道了7710端口是属于sshd程序的。

感谢各位的阅读!关于"Linux下怎么用netstat查看网络状态、端口状态"这篇文章就分享到这里了,希望以上内容可以对大家有一定的帮助,让大家可以学到更多知识,如果觉得文章不错,可以把它分享出去让更多的人看到吧!

0