Linux下查看当前网络连接
2013-07-04 17:25:41 
阿炯
在Linux下有多种方法来查看当前系统中的网络连接,及其状态、带宽、协议等,先看看英文原文中对连接状态的简介。
TCP Connection States
SYN_SENT
The socket is actively attempting to establish a connection.
Indicates that the sender has initiated the active open process with the receiver.
SYN_RECEIVED
A connection request has been received from the network.
Indicates that the receiver has received a SYN segment from the sender.
ESTABLISHED
The socket has an established connection.
Indicates that the receiver has received a SYN segment from the sender, the sequence numbers are synchronized, and a connection is established.
LISTEN
The socket is listening for incoming connections.
Indicates a state of readiness to accept connection requests.
FIN_WAIT_1
The socket is closed, and the connection is shutting down.
Indicates that an active close process has been initiated. This state forms the first state in the three-step connection termination process.
TIMED_WAIT
The socket is waiting after close to handle packets still in the network.
Indicates that this side is waiting for acknowledgement from another side after it has initiated an active close process. The wait period is timed by a timer mechanism on the sender's machine.
CLOSE
The socket is not being used.
CLOSING
Both sockets are shut down but we still don't have all our data sent.
CLOSE_WAIT
The remote end has shut down, waiting for the socket to close.
Indicates that a FIN segment has arrived from another side to begin the process of terminating the connection.
FIN_WAIT_2
Connection is closed, and the socket is waiting for a shutdown from the remote end.
Indicates that the acknowledgement for the FIN segment sent to another side has arrived. This state forms the second state in the three-step connection termination process.
LAST_ACK
The remote end has shut down, and the socket is closed. Waiting for acknowledgement.
Indicates that user input for terminating a connection is obtained and that a FIN segment can now be sent to complete the connection termination process. This state is the last state in the three-step connection termination process.
CLOSED
Indicates that the acknowledgement for the last FIN segment has arrived and that the connection is terminated.
UNKNOWN
The state of the socket is unknown.
1、ss
It dump socket (network connection) statistics such as all TCP / UDP connections, established connection per protocol (e.g., display all established ssh connections), display all the tcp sockets in various state such as ESTABLISHED or FIN-WAIT-1 and so on.
用于查看当前所有的tcp/udp连接情况。如:
连接情况汇总
#ss -s
所有侦听的端口
#ss -l
所有的tcp连接
#ss -t -a
所有的udp连接
#ss -u -a
2、netstat
It can display network connections, routing tables, interfaces and much more.它也是最为常见和通用的指令了。
连接情况汇总
#netstat -s
所有侦听的端口
#netstat -tulpn
所有的tcp连接
#netstat -nat
所有的udp连接
#netstat -nau
取得当前状态为'ESTABLISHED'的连接
#netstat -natu | grep 'ESTABLISHED'
tcptrack and iftop
Displays information about TCP connections it sees on a network interface and display bandwidth usage on an interface by host respectively.
tcptrack
它可以显示指定接口的tcp连接状态,可对状态、源及目标地址、带宽等进行可实时排序地察看。与top指令相似。
# tcptrack -i eth0
iftop
它可对源、目标地址的使用带宽查看。
# iftop -i eth1
显示或分析网络段的数据包流
# iftop -F 192.168.16.0/24
另外,也可以使用lsof来查看相应的端口使用情况。
# lsof -i :portNumber
# lsof -i tcp:portNumber
# lsof -i udp:portNumber
# lsof -i :80 | grep LISTEN
如果需要对流量进行详细的查看,请访问此处。
TCP Connection States
SYN_SENT
The socket is actively attempting to establish a connection.
Indicates that the sender has initiated the active open process with the receiver.
SYN_RECEIVED
A connection request has been received from the network.
Indicates that the receiver has received a SYN segment from the sender.
ESTABLISHED
The socket has an established connection.
Indicates that the receiver has received a SYN segment from the sender, the sequence numbers are synchronized, and a connection is established.
LISTEN
The socket is listening for incoming connections.
Indicates a state of readiness to accept connection requests.
FIN_WAIT_1
The socket is closed, and the connection is shutting down.
Indicates that an active close process has been initiated. This state forms the first state in the three-step connection termination process.
TIMED_WAIT
The socket is waiting after close to handle packets still in the network.
Indicates that this side is waiting for acknowledgement from another side after it has initiated an active close process. The wait period is timed by a timer mechanism on the sender's machine.
CLOSE
The socket is not being used.
CLOSING
Both sockets are shut down but we still don't have all our data sent.
CLOSE_WAIT
The remote end has shut down, waiting for the socket to close.
Indicates that a FIN segment has arrived from another side to begin the process of terminating the connection.
FIN_WAIT_2
Connection is closed, and the socket is waiting for a shutdown from the remote end.
Indicates that the acknowledgement for the FIN segment sent to another side has arrived. This state forms the second state in the three-step connection termination process.
LAST_ACK
The remote end has shut down, and the socket is closed. Waiting for acknowledgement.
Indicates that user input for terminating a connection is obtained and that a FIN segment can now be sent to complete the connection termination process. This state is the last state in the three-step connection termination process.
CLOSED
Indicates that the acknowledgement for the last FIN segment has arrived and that the connection is terminated.
UNKNOWN
The state of the socket is unknown.
1、ss
It dump socket (network connection) statistics such as all TCP / UDP connections, established connection per protocol (e.g., display all established ssh connections), display all the tcp sockets in various state such as ESTABLISHED or FIN-WAIT-1 and so on.
用于查看当前所有的tcp/udp连接情况。如:
连接情况汇总
#ss -s
所有侦听的端口
#ss -l
所有的tcp连接
#ss -t -a
所有的udp连接
#ss -u -a
2、netstat
It can display network connections, routing tables, interfaces and much more.它也是最为常见和通用的指令了。
连接情况汇总
#netstat -s
所有侦听的端口
#netstat -tulpn
所有的tcp连接
#netstat -nat
所有的udp连接
#netstat -nau
取得当前状态为'ESTABLISHED'的连接
#netstat -natu | grep 'ESTABLISHED'
tcptrack and iftop
Displays information about TCP connections it sees on a network interface and display bandwidth usage on an interface by host respectively.
tcptrack
它可以显示指定接口的tcp连接状态,可对状态、源及目标地址、带宽等进行可实时排序地察看。与top指令相似。
# tcptrack -i eth0
iftop
它可对源、目标地址的使用带宽查看。
# iftop -i eth1
显示或分析网络段的数据包流
# iftop -F 192.168.16.0/24
另外,也可以使用lsof来查看相应的端口使用情况。
# lsof -i :portNumber
# lsof -i tcp:portNumber
# lsof -i udp:portNumber
# lsof -i :80 | grep LISTEN
如果需要对流量进行详细的查看,请访问此处。