Linux——端口命令

 

  • 查看TCP各个状态的数量
[root@localhost ~]# netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State      
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      
tcp        0      0 10.0.29.37:22               172.16.4.40:14005           ESTABLISHED 
tcp        0     64 10.0.29.37:22               172.16.4.40:13945           ESTABLISHED 
tcp        0      0 10.0.29.37:22               172.16.4.40:13946           ESTABLISHED 
tcp        0      0 :::8080                     :::*                        LISTEN      
tcp        0      0 ::ffff:10.0.29.37:8082      :::*                        LISTEN      
tcp        0      0 :::22                       :::*                        LISTEN      
tcp        0      0 ::1:25                      :::*                        LISTEN      
tcp        0      0 ::ffff:127.0.0.1:8005       :::*                        LISTEN      
tcp        0      0 ::ffff:10.0.29.37:57229     ::ffff:10.0.101.213:7003    ESTABLISHED 
  • 过滤指定端口号
[root@localhost ~]# netstat -nat|grep -i "8082"
tcp        0      0 ::ffff:10.0.29.37:8082      :::*                        LISTEN      
tcp        0      0 ::ffff:10.0.29.37:8082      ::ffff:10.0.29.3:42348      ESTABLISHED

注:增加属性【-c】,会每隔一秒输出一次。

  • 过滤【ESTABLISHED】状态的对方IP特征
[root@localhost ~]# netstat -na |grep ESTABLISHED|more
tcp        0      0 10.0.29.37:22               172.16.4.40:14005           ESTABLISHED 
tcp        0      0 10.0.29.37:22               172.16.4.40:14003           ESTABLISHED 
tcp        0     64 10.0.29.37:22               172.16.4.40:13945           ESTABLISHED 
tcp        0      0 10.0.29.37:22               172.16.4.40:13946           ESTABLISHED 
tcp        0      0 ::ffff:10.0.29.37:49617     ::ffff:10.0.101.215:7002    ESTABLISHED 
tcp        0      0 ::ffff:10.0.29.37:33047     ::ffff:10.0.101.5:7000      ESTABLISHED 
tcp        0      0 ::ffff:10.0.29.37:56644     ::ffff:10.0.101.213:7003    ESTABLISHED

 

  • 分组统计tcp端口各种状态的数量
# netstat -n | awk ‘/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}‘
TIME_WAIT 42349
CLOSE_WAIT 1
SYN_SENT 4
FIN_WAIT1 298
FIN_WAIT2 33
ESTABLISHED 12775
SYN_RECV 259
CLOSING 6
LAST_ACK 432
  • 查看打开套接字的状况
[root@mmc ~]# lsof -i:8085
COMMAND   PID USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME
java    10068 root   61u  IPv6 117807169      0t0  TCP 10.0.101.210:8085->10.0.101.104:21527 (ESTABLISHED)
java    10068 root   62u  IPv6 117807197      0t0  TCP 10.0.101.210:8085->10.0.101.102:30499 (ESTABLISHED)
java    10068 root   64u  IPv6 117807175      0t0  TCP 10.0.101.210:8085->10.0.101.103:9239 (ESTABLISHED)
java    10068 root  148u  IPv6 117807839      0t0  TCP 10.0.101.210:8085->10.0.101.102:30555 (ESTABLISHED)
  • 查看tcp创建的连接数
[root@mmc ~]# sar -n SOCK
Linux 2.6.32-431.el6.x86_64 (mmc)     01/20/2021     _x86_64_    (1 CPU)

12:00:01 AM    totsck    tcpsck    udpsck    rawsck   ip-frag    tcp-tw
12:10:01 AM       631        12         8         0         0         0
12:20:01 AM       630        12         8         0         0         0
12:30:01 AM       630        12         8         0         0         0
12:40:01 AM       628        12         8         0         0         0
12:50:01 AM       625        11         8         0         0         0
01:00:01 AM       627        11         8         0         0         0
01:10:01 AM       623        11         8         0         0         0
01:20:01 AM       623        11         8         0         0         0
01:30:01 AM       622        11         8         0         0         0
01:40:01 AM       622        11         8         0         0         0
  • 对tcp端口8085进行抓包
[root@mmc ~]# tcpdump -iany tcp port 8085
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
12:20:13.056978 IP 10.0.101.102.30478 > 10.0.101.210.8085: Flags [P.], seq 2507835916:2507836946, ack 943612003, win 229, options [nop,nop,TS val 2293112433 ecr 3296957473], length 1030
12:20:13.073465 IP 10.0.101.210.8085 > 10.0.101.102.30478: Flags [P.], seq 1:100, ack 1030, win 2989, options [nop,nop,TS val 3296990215 ecr 2293112433], length 99
12:20:13.073662 IP 10.0.101.102.30478 > 10.0.101.210.8085: Flags [.], ack 100, win 229, options [nop,nop,TS val 2293112450 ecr 3296990215], length 0
...............
  • TCP状态及其描述
状态 描述
LISTEN 等待来自远程TCP应用程序的请求
SYN_SENT 发送连接请求后等待来自远程端点的确认。TCP第一次握手后客户端所处的状态
SYN-RECEIVED 该端点已经接收到连接请求并发送确认。该端点正在等待最终确认。TCP第二次握手后服务端所处的状态
ESTABLISHED 代表连接已经建立起来了。这是连接数据传输阶段的正常状态
FIN_WAIT_1 等待来自远程TCP的终止连接请求或终止请求的确认
FIN_WAIT_2 在此端点发送终止连接请求后,等待来自远程TCP的连接终止请求
CLOSE_WAIT 该端点已经收到来自远程端点的关闭请求,此TCP正在等待本地应用程序的连接终止请求
CLOSING 等待来自远程TCP的连接终止请求确认
LAST_ACK 等待先前发送到远程TCP的连接终止请求的确认
TIME_WAIT 等待足够的时间来确保远程TCP接收到其连接终止请求的确认

Linux——端口命令

上一篇:Linux (centos6.5) 安装Node和pm2


下一篇:Ubuntu20 修改网卡名称