netstat
Linux Command – netstat ใช้ในการแสดงสถานะ network connection ทั้งหมด
คำสั่ง
1. แสดงข้อมูลสถานะ network
netstat
$ netstat Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 216 xxx.com:ssh cm-134-196-90-62.:49639 ESTABLISHED tcp6 0 0 xxx.com:https cm-134-196-90-62.:50393 FIN_WAIT2 tcp6 0 0 xxx.com:https cm-134-196-90-62.:50389 TIME_WAIT tcp6 0 0 localhost:39280 localhost:2181 ESTABLISHED Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ] DGRAM 18607 /run/user/1000/systemd/notify unix 6 [ ] DGRAM 11162 /run/systemd/journal/socket unix 13 [ ] DGRAM 1618 /run/systemd/journal/dev-log unix 2 [ ] DGRAM 1620 /run/systemd/journal/syslog
2. แสดงข้อมูบ connection ,ip , port ที่มีการใช้งาน
netstat -an
$ netstat -an Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN tcp 0 0 192.168.1.200:53 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
3. แสดงข้อมูบ routing table
netstat -rn
$ netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 enp2s0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enp2s0
4. แสดงสถานะข้อมูล internet connection
netstat -natp
$ netstat -natp (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN - tcp 0 0 192.168.1.200:53 0.0.0.0:* LISTEN -
โครงสร้างคำสั่ง
netstat [address_family_options] [--tcp|-t] [--udp|-u] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--symbolic|-N]
[--extend|-e[--extend|-e]] [--timers|-o] [--program|-p] [--verbose|-v] [--continuous|-c]
netstat {--route|-r} [address_family_options] [--extend|-e[--extend|-e]] [--verbose|-v] [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--continuous|-c]
netstat {--interfaces|-i} [--all|-a] [--extend|-e[--extend|-e]] [--verbose|-v] [--program|-p] [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--continuous|-c]
netstat {--groups|-g} [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--continuous|-c]
netstat {--masquerade|-M} [--extend|-e] [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--continuous|-c]
netstat {--statistics|-s} [--tcp|-t] [--udp|-u] [--raw|-w]
netstat {--version|-V}
netstat {--help|-h}
รายละเอียด
เป็นคำสั่งที่ใช้ในการแสดงสถานะ network connection ทั้งหมด เช่น สถานะ connection, routing table, interface stat
Option
--verbose , -v Tell the user what is going on by being verbose. Especially print some useful information about unconfigured address families. --wide , -W Do not truncate IP addresses by using output as wide as needed. This is optional for now to not break existing scripts. --numeric , -n Show numerical addresses instead of trying to determine symbolic host, port or user names. --numeric-hosts shows numerical host addresses but does not affect the resolution of port or user names. --numeric-ports shows numerical port numbers but does not affect the resolution of host or user names. --numeric-users shows numerical user IDs but does not affect the resolution of host or port names. --protocol=family , -A Specifies the address families (perhaps better described as low level protocols) for which connections are to be shown. family is a comma (',') separated list of address family keywords like inet, unix, ipx, ax25, netrom, and ddp. This has the same effect as using the --inet, --unix (-x), --ipx, --ax25, --netrom, and --ddp options. The address family inet includes raw, udp and tcp protocol sockets. -c, --continuous This will cause netstat to print the selected information every second continuously. -e, --extend Display additional information. Use this option twice for maximum detail. -o, --timers Include information related to networking timers. -p, --program Show the PID and name of the program to which each socket belongs. -l, --listening Show only listening sockets. (These are omitted by default.) -a, --all Show both listening and non-listening sockets. With the --interfaces option, show interfaces that are not up -F Print routing information from the FIB. (This is the default.) -C Print routing information from the route cache.
กลุ่มคำสั่ง
ping, traceroute, route(8), ifconfig(8), ipchains(8), iptables(8), proc(5)
Reference:
Author: Suphakit Annoppornchai
Credit: https://saixiii.com
[…] netstat(1), ifconfig(8). […]