如何使用NetStat检查Linux中的TCP连接状态
时间:2020-02-23 14:30:26 来源:igfitidea点击:
TCP(传输控制协议)是一个标准,它定义了建立和维护两个系统之间的网络对话,以便于应用程序之间的数据交换。
Internet协议(IP)定义系统如何彼此发送数据包。
在Linux中的TCP状态
以下是TCP连接状态列表,可以在Linux上使用netstat或者ss命令查看。
ESTABLISHED
The socket has an established connection.
SYN_SENT
The socket is actively attempting to establish a connection.
SYN_RECV
A connection request has been received from the network.
FIN_WAIT1
The socket is closed, and the connection is shutting down.
FIN_WAIT2
Connection is closed, and the socket is waiting for a shutdown
from the remote end.
TIME_WAIT
The socket is waiting after close to handle packets still in
the network.
CLOSE The socket is not being used.
CLOSE_WAIT
The remote end has shut down, waiting for the socket to close.
LAST_ACK
The remote end has shut down, and the socket is closed.
Waiting for acknowledgement.
LISTEN The socket is listening for incoming connections.
Such sockets are not included in the output unless you
specify the --listening
(-l) or --all (-a) option.
CLOSING
Both sockets are shut down but we still don't have all our
data sent.
UNKNOWN
The state of the socket is unknown.
对于SS和NetStat命令的使用差异,请在Linux上检查NetStat VS SS使用教程。
使用下面的命令在Linux服务器上检查所有应用程序TCP状态,它将为我们提供每个状态的进程数。
# netstat -nat | awk '{print }' | sort | uniq -c | sort -r
8959 CLOSE_WAIT
887 FIN_WAIT2
6 SYN_RECV
5597 TIME_WAIT
472 ESTABLISHED
24 LISTEN
1 SYN_SENT
1 Foreign
1 FIN_WAIT1
1 established)
183 LAST_ACK
要了解该命令中使用的选项,请阅读Linux上的NetStat VS SS使用教程。
我们还可以通过将输出输出到Grep获取特定状态中的进程列表。
例如,在Closewait状态下获取进程,使用 # netstat -apn | grep CLOSE_WAIT我们可以进一步过滤此输出以在Closewait状态下获取进程的进程ID。
netstat -apn | grep CLOSE_WAIT | awk '{ print }' | sort | uniq -c | sort -nr
如果要将输出限制为具有close_wait tcp连接状态的前10个进程,请使用head
# netstat -apn | grep CLOSE_WAIT | awk '{ print }' | sort | uniq -c | sort -nr | head -n 10
3856 8166/jsvc.exec
1783 15643/jsvc.exec
1313 26749/jsvc.exec
1203 11450/jsvc.exec
563 22495/jsvc.exec
270 6698/jsvc.exec
229 22625/jsvc.exec
9 9729/jsvc.exec
2 32038/httpd
2 29352/httpd
这表明具有ID 8166的过程具有3856个关闭连接状态。
如果我们正在运行TCP连接或者进行故障排除,则可能需要使用大量关闭_WAIT连接状态标识此过程。
它可能意味着应用程序不会按预期关闭连接。
# ps 8166 PID TTY STAT TIME COMMAND 8166 ? Sl 242:29 jsvc.exec -debug -pidfile /var/run/myapp.pid myapp.jar
我做了一个简单的bash脚本,它使用命令 netstat识别TCP连接状态的计数和许多州的流程 CLOSE_WAIT。
#!/bin/bash
# Script to print Linux TCP connections using netstat
# Github: https://github.com/jmutai
#
# vvvv vvvv-- the code from above
RED='3[0;31m'
NC='3[0m' # No Color
echo ""
echo -en "${RED} ALL TCP Connections Count: ${NC}\n"
netstat -nat | awk '{print }' | sort | uniq -c | sort -r
echo ""
echo -en "${RED} Top CLOSE_WAIT state TCP Connections: ${NC}\n"
netstat -apn | grep CLOSE_WAIT | awk '{ print }' | sort | uniq -c | sort -nr | head -n 10
