如何使用Netstat检查Linux中的TCP连接状态
时间:2020-02-23 14:38:19 来源:igfitidea点击:
TCP(传输控制协议)是定义如何
建立并维护两个系统之间的网络对话
促进应用程序之间的数据交换。互联网
协议(IP)定义系统如何相互发送数据包。
Linux中的TCP状态
以下是可以在Linux上使用netstator sscommand查看的TCP连接状态的列表。
ESTABLISHED
The socket has an established connection.
SYN_SENT
The socket is actively attempting to establish a connection.
SYN_RECV
A connection request has been received from the network.
FIN_WAIT1
The socket is closed, and the connection is shutting down.
FIN_WAIT2
Connection is closed, and the socket is waiting for a shutdown
from the remote end.
TIME_WAIT
The socket is waiting after close to handle packets still in
the network.
CLOSE The socket is not being used.
CLOSE_WAIT
The remote end has shut down, waiting for the socket to close.
LAST_ACK
The remote end has shut down, and the socket is closed.
Waiting for acknowledgement.
LISTEN The socket is listening for incoming connections.
Such sockets are not included in the output unless you
specify the --listening
(-l) or --all (-a) option.
CLOSING
Both sockets are shut down but we still don't have all our
data sent.
UNKNOWN
The state of the socket is unknown.
有关ss和netstat命令在用法上的差异,请参阅Linux上的checknetstat vs ss使用指南。
使用以下命令检查所有应用程序TCP状态
Linux服务器,它将为我们提供每种状态下的进程数。
# netstat -nat | awk '{print }' | sort | uniq -c | sort -r
8959 CLOSE_WAIT
887 FIN_WAIT2
6 SYN_RECV
5597 TIME_WAIT
472 ESTABLISHED
24 LISTEN
1 SYN_SENT
1 Foreign
1 FIN_WAIT1
1 established)
183 LAST_ACK
要了解命令中使用的选项,请阅读Linux上的readnetstat vs ss使用指南。
我们还可以通过管道获取特定状态下的进程列表
输出togrep。例如,使进程处于CLOSEWAIT状态,请使用netstat -apn |。 grep CLOSE_WAIT我们可以进一步过滤此输出以获取处于CLOSEWAIT状态的进程的进程ID。
netstat -apn | grep CLOSE_WAIT | awk '{ print }' | sort | uniq -c | sort -nr
如果要将输出限制为CLOSE_WAIT TCP连接状态的前10个进程,请使用head
# netstat -apn | grep CLOSE_WAIT | awk '{ print }' | sort | uniq -c | sort -nr | head -n 10
3856 8166/jsvc.exec
1783 15643/jsvc.exec
1313 26749/jsvc.exec
1203 11450/jsvc.exec
563 22495/jsvc.exec
270 6698/jsvc.exec
229 22625/jsvc.exec
9 9729/jsvc.exec
2 32038/httpd
2 29352/httpd
这表明ID8166的进程具有3856 CLOSE_WAIT连接状态。
如果我们缺少TCP连接或者正在进行故障排除,
我们可能需要使用大量CLOSE_WAIT来确定此过程
连接状态。这可能意味着该应用程序没有关闭
连接符合预期。
# ps 8166 PID TTY STAT TIME COMMAND 8166 ? Sl 242:29 jsvc.exec -debug -pidfile /var/run/myapp.pid myapp.jar
我制作了一个简单的bash脚本,该脚本使用命令netstat来识别TCP连接状态的计数以及CLOSE_WAIT中具有许多状态的进程。
#!/bin/bash
# Script to print Linux TCP connections using netstat
# Github: https://github.com/jmutai
#
# vvvv vvvv-- the code from above
RED='3[0;31m'
NC='3[0m' # No Color
echo ""
echo -en "${RED} ALL TCP Connections Count: ${NC}\n"
netstat -nat | awk '{print }' | sort | uniq -c | sort -r
echo ""
echo -en "${RED} Top CLOSE_WAIT state TCP Connections: ${NC}\n"
netstat -apn | grep CLOSE_WAIT | awk '{ print }' | sort | uniq -c | sort -nr | head -n 10
