[#] Netstat - co i gdzie nasłuchuje?

( Ostatnio zmieniony sob., 10/01/2009 - 00:35 )
 

netstat  – wyświetla połączenia sieciowe, tablice routingu, statystykę interfejsów

Wyświetlenie tylko nasłuchujących usługi

netstat -l


Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 *:time                  *:*                     LISTEN
tcp        0      0 *:http                  *:*                     LISTEN
tcp        0      0 *:auth                  *:*                     LISTEN
tcp        0      0 *:ftp                   *:*                     LISTEN
tcp        0      0 *:ssh                   *:*                     LISTEN
udp        0      0 *:time                  *:*
udp        0      0 *:bootps                *:*
raw        0      0 *:icmp                  *:*                     7
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     723      /var/run/mysql/mysql.sock

Tabela wszystkich interfejsów

netstat -i


Kernel Interface table
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0   1500 0  111130953      0      0      0 84759045      0      0     10 BMRU
eth1   1500 0  55351269   8449     10    220 85940387 670588      0      1 BMRU
lo    16436 0      6924      0      0      0     6924      0      0      0 LRU

Statystyka totalna

netstat -s


Ip:
    166379280 total packets received
    148 with invalid headers
    101147836 forwarded
    0 incoming packets discarded
    54570927 incoming packets delivered
    62110382 requests sent out
    2119 outgoing packets dropped
    566 fragments dropped after timeout
    19682344 reassemblies required
    3283652 packets reassembled ok
    566 packet reassembles failed
    3279062 fragments received ok
    4568 fragments failed
    19671213 fragments created
Icmp:
    171886 ICMP messages received
    44 input ICMP message failed.
    ICMP input histogram:
        destination unreachable: 160207
        timeout in transit: 4429
        source quenches: 88
        redirects: 1285
        echo requests: 5773
        echo replies: 104
    8276 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 476
        redirect: 2027
        echo replies: 5773
Tcp:
    76892 active connections openings
    1427 passive connection openings
    1046 failed connection attempts
    3011 connection resets received
    8 connections established
    51263099 segments received
    57208874 segments send out
    1015378 segments retransmited
    569 bad segments received.
    1285 resets sent
Udp:
    2913046 packets received
    295 packets to unknown port received.
    195 packet receive errors
    4890755 packets sent
TcpExt:
    4 packets pruned from receive queue because of socket buffer overrun
    6 ICMP packets dropped because they were out-of-window
    2493 TCP sockets finished time wait in fast timer
    6149 packets rejects in established connections because of timestamp
    1609996 delayed acks sent
    1848 delayed acks further delayed because of locked socket
    Quick ack mode was activated 446887 times
    8541 packets directly queued to recvmsg prequeue.
    10136 of bytes directly received from backlog
    2181727 of bytes directly received from prequeue
    19555023 packet headers predicted
    2469 packets header predicted and directly queued to user
    5379557 acknowledgments not containing data received
    12563086 predicted acknowledgments
    206 times recovered from packet loss due to fast retransmit
    57103 times recovered from packet loss due to SACK data
    3 bad SACKs received
    Detected reordering 1 times using FACK
    Detected reordering 2 times using SACK
    Detected reordering 9 times using reno fast retransmit
    Detected reordering 14 times using time stamp
    51 congestion windows fully recovered
    34 congestion windows partially recovered using Hoe heuristic
    TCPDSACKUndo: 111
    290050 congestion windows recovered after partial ack
    24147 TCP data loss events
    TCPLostRetransmit: 2131
    380 timeouts after reno fast retransmit
    75127 timeouts after SACK recovery
    18024 timeouts in loss state
    64372 fast retransmits
    148 forward retransmits
    57823 retransmits in slow start
    503441 other TCP timeouts
    TCPRenoRecoveryFail: 76
    16636 sack retransmits failed
    822 packets collapsed in receive queue due to low socket buffer
    623568 DSACKs sent for old packets
    42829 DSACKs sent for out of order packets
    97289 DSACKs received
    5 DSACKs for out of order packets received
    135 connections reset due to unexpected data
    76 connections reset due to early user close
    41664 connections aborted due to timeout

Inne przykłady:

netstat -an | awk '/tcp/ {print $6}' | sort | uniq -c


      3 ESTABLISHED
      8 LISTEN
netstat -plan | grep :80 | grep 10.1.1.1 | wc -l

6
Twoja ocena: Brak Średnio: 3.8 (4 głosy)

Dodaj nową odpowiedź

Informacja:

Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich, mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Upewnij się, że twoja wypowiedź nie godzi w niczyje mienie.

  • Internal paths in single or double quotes, written as "internal:node/99", for example, are replaced with the appropriate absolute URL or path. Paths to files in single or double quotes, written as "files:somefile.ext", for example, are replaced with the appropriate URL that can be used to download the file.
  • Adresy internetowe są automatycznie zamieniane w odnośniki, które można kliknąć.
  • Dozwolone znaczniki HTML: <strong> <blockquote> <code>
  • Znaki końca linii i akapitu dodawane są automatycznie.

Więcej informacji na temat formatowania

Łapirobot
Proszę odpowiedzieć
V
H
h
n
G
g
d
S
8
Y
Enter the code without spaces and pay attention to upper/lower case.