酷酷是懒虫

这个屌丝很懒，什么也没留下！

热门标签

2024年Linux最全Linux 网络之netstat_netstat包(1)_cat netstat

作者：酷酷是懒虫 | 2024-07-28 02:51:06

踩

cat netstat

TCP 发送缓冲区的大小默认是受 net.ipv4.tcp_wmem 来控制：

[root@localhost ~]# cat /proc/sys/net/ipv4/tcp_wmem
4096    16384   4194304

1
2
3

tcp_wmem 中这三个数字的含义分别为 min、default、max。TCP 发送缓冲区的大小会在 min 和 max 之间动态调整，初始的大小是 default，这个动态调整的过程是由内核自动来做的，应用程序无法干预。自动调整的目的，是为了在尽可能少的浪费内存的情况下来满足发包的需要。

(3)

 --route , -r
       Display the kernel routing tables
等价于：
route 
	show / manipulate the IP routing table

ip - show / manipulate routing, devices, policy routing and tunnels
	route  - routing table entry.
ip route

1
2
3
4
5
6
7
8
9
10

(4)

 --groups , -g
       Display multicast group membership information for IPv4 and IPv6.


1
2
3
4

(5)

--numeric , -n
       Show numerical addresses instead of trying to determine symbolic host, port or user names.


1
2
3
4

(6)

--protocol=family , -A
       Specifies the address families (perhaps better described as low level protocols) for which connections are to be shown.  family is a comma (',') separated list of address family keywords like
       inet, inet6, unix, ipx, ax25, netrom, econet, and ddp.  This has the same effect as using the --inet|-4, --inet6|-6, --unix|-x, --ipx, --ax25, --netrom, and --ddp options.
 		The address family inet (Iv4) includes raw, udp, udplite and tcp protocol sockets.

1
2
3
4
5

(7)

-p, --program
       Show the PID and name of the program to which each socket belongs.


1
2
3
4

(8)

-l, --listening
       Show only listening sockets.  (These are omitted by default.)

1
2
3

二、netstat输出说明

[root@localhost ~]# netstat -tnp
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 xx.xx.xx.xxx:22         xx.xx.xx.xx:xxxxx       ESTABLISHED 28440/sshd: root@no
tcp        0      0 xx.xx.xx.xxx:22         xx.xx.xx.xx:xxxxx       ESTABLISHED 27357/sshd: root@pt
tcp        0      0 xx.xx.xx.xxx:22         xx.xx.xx.xx:xxxxx       ESTABLISHED 27361/sshd: root@no
tcp        0     96 xx.xx.xx.xxx:22         xx.xx.xx.xx:xxxxx       ESTABLISHED 28436/sshd: root@pt

1
2
3
4
5
6
7
8

Proto
       The protocol (tcp, udp, udpl, raw) used by the socket.

1
2
3

 Recv-Q
       Established: The count of bytes not copied by the user program connected to this socket. 

 Send-Q
       Established: The count of bytes not acknowledged by the remote host. 


1
2
3
4
5
6
7

Local Address
       Address and port number of the local end of the socket. 

Foreign Address
       Address and port number of the remote end of the socket. 

1
2
3
4
5
6

State

       ESTABLISHED
              The socket has an established connection.

       SYN_SENT
              The socket is actively attempting to establish a connection.

       SYN_RECV
              A connection request has been received from the network.

       FIN_WAIT1
              The socket is closed, and the connection is shutting down.

       FIN_WAIT2
              Connection is closed, and the socket is waiting for a shutdown from the remote end.

       TIME_WAIT
              The socket is waiting after close to handle packets still in the network.

       CLOSE  The socket is not being used.

       CLOSE_WAIT
              The remote end has shut down, waiting for the socket to close.

       LAST_ACK
              The remote end has shut down, and the socket is closed. Waiting for acknowledgement.

       LISTEN The socket is listening for incoming connections.  

       CLOSING
              Both sockets are shut down but we still don't have all our data sent.

       UNKNOWN
              The state of the socket is unknown.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

其中三次握手过程设计到的State：
在这里插入图片描述
其中四次挥手设计到state：

图片来源于：图解网络

User
    The username or the user id (UID) of the owner of the socket.

1
2
3

PID/Program name
    Slash-separated  pair of the process id (PID) and process name of the process that owns the socket.  

1
2
3

Linux内核关于state的定义：

// linux-3.10/include/net/tcp\_states.h

/\*
 \* INET An implementation of the TCP/IP protocol suite for the LINUX
 \* operating system. INET is implemented using the BSD Socket
 \* interface as the means of communication with the user level.
 \*
 \* Definitions for the TCP protocol sk\_state field.
 \*
 \* This program is free software; you can redistribute it and/or
 \* modify it under the terms of the GNU General Public License
 \* as published by the Free Software Foundation; either version
 \* 2 of the License, or (at your option) any later version.
 \*/
#ifndef \_LINUX\_TCP\_STATES\_H
#define \_LINUX\_TCP\_STATES\_H

enum {
	TCP_ESTABLISHED = 1,
	TCP_SYN_SENT,
	TCP_SYN_RECV,
	TCP_FIN_WAIT1,
	TCP_FIN_WAIT2,
	TCP_TIME_WAIT,
	TCP_CLOSE,
	TCP_CLOSE_WAIT,
	TCP_LAST_ACK,
	TCP_LISTEN,
	TCP_CLOSING,	/\* Now a valid state \*/

	TCP_MAX_STATES	/\* Leave at the end! \*/
};

#define TCP\_STATE\_MASK 0xF

#define TCP\_ACTION\_FIN (1 << 7)

enum {
	TCPF_ESTABLISHED = (1 << 1),
	TCPF_SYN_SENT	 = (1 << 2),
	TCPF_SYN_RECV	 = (1 << 3),
	TCPF_FIN_WAIT1	 = (1 << 4),
	TCPF_FIN_WAIT2	 = (1 << 5),
	TCPF_TIME_WAIT	 = (1 << 6),
	TCPF_CLOSE	 = (1 << 7),
	TCPF_CLOSE_WAIT	 = (1 << 8),
	TCPF_LAST_ACK	 = (1 << 9),
	TCPF_LISTEN	 = (1 << 10),
	TCPF_CLOSING	 = (1 << 11) 
};

#endif /\* \_LINUX\_TCP\_STATES\_H \*/


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

三、netstat数据来源

netstat的显示网络数据的原理通过解析/proc/net/下的文件：

FILES
       /etc/services -- The services translation file

       /proc -- Mount point for the proc filesystem, which gives access to kernel status information via the following files.

       /proc/net/dev -- device information

       /proc/net/raw -- raw socket information

       /proc/net/tcp -- TCP socket information

       /proc/net/udp -- UDP socket information

       /proc/net/udplite -- UDPLite socket information

       /proc/net/igmp -- IGMP multicast information

       /proc/net/unix -- Unix domain socket information

	   ......

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

我以查看tcp连接为例：

使用strace命令跟踪 netstat -t 过程中调用的open系统调用，然后重定向文件中：

strace -e open netstat -t 2>netstat_log

1
2

从结果可以看到 netstat -t 就是通过解析 /proc/net/tcp 文件获取tcp数据来源：

[root@localhost]# cat netstat_log | grep "/proc/net"
open("/proc/net/tcp", O_RDONLY)         = 3
open("/proc/net/tcp6", O_RDONLY)        = 3

1
2
3
4

由于/proc/net文件是文本文件，用netstat作为查看tcp临时报告的来源非常方便，只需要awk进行处理。在性能要求高的环境下，监视工具应该使用netlink接口，它以二进制格式传递信息，并避免文本解析的开销，比如ss。

当网络连接数量较多时，netstat解析数据的效率将会变低。现在一般用ss命令来替代netstat。

为了做好运维面试路上的助攻手，特整理了上百道 【运维技术栈面试题集锦】 ，让你面试不慌心不跳，高薪offer怀里抱！

这次整理的面试题，小到shell、MySQL，大到K8s等云原生技术栈，不仅适合运维新人入行面试需要，还适用于想提升进阶跳槽加薪的运维朋友。

本份面试集锦涵盖了

174 道运维工程师面试题
128道k8s面试题
108道shell脚本面试题
200道Linux面试题
51道docker面试题
35道Jenkis面试题
78道MongoDB面试题
17道ansible面试题
60道dubbo面试题
53道kafka面试
18道mysql面试题
40道nginx面试题
77道redis面试题
28道zookeeper

总计 1000+ 道面试题，内容又全含金量又高

174道运维工程师面试题

1、什么是运维?

2、在工作中，运维人员经常需要跟运营人员打交道，请问运营人员是做什么工作的?

3、现在给你三百台服务器，你怎么对他们进行管理?

4、简述raid0 raid1raid5二种工作模式的工作原理及特点

5、LVS、Nginx、HAproxy有什么区别?工作中你怎么选择?

6、Squid、Varinsh和Nginx有什么区别，工作中你怎么选择?

7、Tomcat和Resin有什么区别，工作中你怎么选择?

8、什么是中间件?什么是jdk?

9、讲述一下Tomcat8005、8009、8080三个端口的含义？

10、什么叫CDN?

11、什么叫网站灰度发布?

12、简述DNS进行域名解析的过程?

13、RabbitMQ是什么东西?

14、讲一下Keepalived的工作原理?

15、讲述一下LVS三种模式的工作过程?

16、mysql的innodb如何定位锁问题，mysql如何减少主从复制延迟?

17、如何重置mysql root密码?

网上学习资料一大堆，但如果学到的知识不成体系，遇到问题时只是浅尝辄止，不再深入研究，那么很难做到真正的技术提升。

需要这份系统化的资料的朋友，可以点击这里获取！

一个人可以走的很快，但一群人才能走的更远！不论你是正从事IT行业的老鸟或是对IT行业感兴趣的新人，都欢迎加入我们的的圈子（技术交流、学习资源、职场吐槽、大厂内推、面试辅导），让我们一起学习成长！
itMQ是什么东西?