netstat man 手册页的详细中文翻译
原文地址
=========
以下是本文档完整版本地址:http://sanyk.is-programmer.com/posts/14825.html
(nt: 出现这一提示是为了避免一些网络蜘蛛把文章分成几个页面给查看带来不悦)
中文版
========
NETSTAT(8) Linux 程序员参考手册 NETSTAT(8)
名字
netstat - 显示以下网络信息: 网络连接, 路由表, 网络接口统计数据, 虚拟连接, 以及多播成员(nt:multicast memberships).
用法概览
(nt: 总体可分为以下VIII种使用方式)
(nt: 第I种)
netstat [address_family_options] [--tcp|-t] [--udp|-u] [--raw|-w] [--listening|-l] [--all|-a]
[--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--symbolic|-N]
[--extend|-e[--extend|-e]] [--timers|-o] [--program|-p] [--verbose|-v] [--continuous|-c]
(nt: 第II种)
netstat {--route|-r} [address_family_options] [--extend|-e[--extend|-e]] [--verbose|-v] [--numeric|-n]
[--numeric-hosts] [--numeric-ports] [--numeric-users] [--continuous|-c]
(nt: 第III种)
netstat {--interfaces|-i} [--all|-a] [--extend|-e[--extend|-e]] [--verbose|-v] [--program|-p]
[--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--continuous|-c]
(nt: 第IV种)
netstat {--groups|-g} [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--continuous|-c]
(nt: 第V种)
netstat {--masquerade|-M} [--extend|-e] [--numeric|-n] [--numeric-hosts] [--numeric-ports]
[--numeric-users] [--continuous|-c]
(nt: 第VI种)
netstat {--statistics|-s} [--tcp|-t] [--udp|-u] [--raw|-w]
(nt: 第VII种)
netstat {--version|-V}
(nt: 第VIII种)
netstat {--help|-h}
address_family_options 的可选值:
[-4] [-6] [--protocol={inet,unix,ipx,ax25,netrom,ddp}[,...]] [--unix|-x] [--inet|--ip] [--ax25] [--ipx]
[--netrom] [--ddp]
描述
netstat 可用来显示linux网络子系统中的信息.
所显示信息的类别由第一个参数规定, 此参数可取如下值:
(空)(nt: 即第I种使用方式)
netstat 默认会显示已打开套接字的一个列表. 如果不指定任何'地址族'信息,
则所有活动的套接字都会被显示(此套接字可属于已配置好的任何地址族)
--route , -r(nt: 即第II种使用方式)
显示内核中的路由表信息. 详细信息可参考route程序的man 文档(nt: 可通过在终端中输入'man 8 route' 来查看其信息).
实际上, 在终端中运行'netstat -r' 与 'route -e' 会产生相同的输出.
--groups , -g(nt: 即第IV种使用方式)
显示IPv4和IPv6中所使用到的'多播组'中所含成员的信息.(nt: '多播组', multicast group, 未知, 需补充 )
--interfaces, -i(nt: 即第III种使用方式)
以列表的形式显示所有的的网络接口
--masquerade , -M(nt: 即第V种使用方式)
以列表形式显示所有的'虚拟连接'(nt: '虚拟连接', masqueraded connection, 含义未知, 需补充)
--statistics , -s(nt: 即第VI种使用方式)
显示每种协议所对应的一些统计信息.(nt: 可通过其后的参数[--tcp|-t] [--udp|-u] [--raw|-w], 来指定协议)
选项
--verbose , -v
产生详细的输出信息, 使用户能知道网络子系统的运行细节. 如果遇到系统中尚未配置好的地址族, 此选项会打印出
一些有用的信息.
--numeric , -n
以数字形式而不是名字形式显示地址信息, 包括主机名, 端口号, 用户名.(如果以字符名字形式会涉及到通过DNS, NIS等途径,
对主机名, 端口名, 以及用户名进行解析)
--numeric-hosts
以数字形式显示主机地址, 但端口号和用户名会以名字形式显示(nt: 即端口号和用户名的解析不会
受到--numeric-hosts的影响).
--numeric-ports
以数字形式显示端口号, 但主机地址和用户名会以名字形式显示(nt: 即机地址和用户名的解析不会
受到--numeric-ports的影响).
--numeric-users
以数字形式显示用户编号, 但主机地址和端口号会以名字形式显示(nt: 即主机地址和端口号的解析不会
受到--numeric-users的影响)
--protocol=family , -A
指定要显示连接的'地址的协议族'(也许更准确的描述是低层协议信息). 协议族关键字之间可以用','分隔, 可取的协议族
有:inet, unix, ipx, ax25, netrom(nt: 未知, 需补充), ddp(nt:可理解为, appletalk 协议栈中用到的一个网络层协议)。
以下选项与相应--protocol=faily 选项含义相同:-inet, --unix (-x), --ipx, --ax25,
--netrom, 以及--ddp.
其中inet协议族对应raw, udp, tcp协议类型的套接字(nt: raw 其实不是一种协议,
但,此类型的套接字可用来发送和接收IP 层以上的原始数据包, 如TCP, UDP数据包, 此时,报文的IP头、TCP头、UDP头等需要手动赋值).
-c, --continuous
此选项将使netstat每秒中更新一下所显示的信息.
-e, --extend
显示附加的信息. 如果重复使用此选项两次会得到更详细的信息.(nt: 重复的方式可以是'-e -e' 也可以是 '-ee')
-o, --timers
打印有关网络时钟(nt: 可理解为, 套接字上开启的一些定时器)的信息.
-p, --program
显示每个套接字所属的进程PID和此进程对应的程序名字(nt: '套接字所属进程', 可理解为创建此套接字的进程)
-l, --listening
只显示处于侦听状态的套接字.(而这些套接字通常都不会显示)
-a, --all
显示处于侦听状态与非侦听状态的套接字. 如果是用于'--interfaces' 选项, 其作用为显示系统中的所有网络接口,
包括那些没有启用的网络接口.
-F
从FIB表中获取路由信息, 并进行显示.(nt: FIB, Forwarding Information Base, 转发信息库, 可理解为内核中保存路由相关
信息的一张表. 具体含义, 另需补充)
-C
从路由缓冲中获取路由信息, 并进行显示.(nt: route cache, 路由缓冲, 未知, 另需要补充)
输出
活跃的网络连接(包括协议类型为TCP, UDP, raw这三种套接字).
Proto
该字段显示了此套接字使用的协议, 包括tcp, udp, raw.
Recv-Q
该字段显示此套接字上已接受但尚未被用户程序拷贝走的字节数(该用户程序已连接到套接字上).
Send-Q
该字段显示此套接字上已发送但尚未被对方确认字节数.
Local Address
该字段显示了此套接字的本地端的地址和端口号. 如果没有指定--numeric(-n) 选项, 套接字的
地址会被转换成权威主机名(nt: FQDN, Fully Qualified Domain Name, 完全限定域名, 可理解为
我们所说的完整主机名), 而端口号会被转换成相应服务的名字, 否则地址和端口号都会直接以
数字形式打印出来.
Foreign Address
该字段显示了此套接字的远端(即,对等端)的地址和端口号. 显示格式与"Local Address"一致.
State
此字段显示了套接字的状态. 对于原模式(raw mode)和 UDP 模式(nt: 原模式和UPD模式分别指netstat启动的时候是否有
--raw 或 --udp 选项), 没有状态的定义, 此字段为空.
一般此字段可取如下值之一:
ESTABLISHED
表明此套接字有一个已建立的连接
SYN_SENT
表明此套接字正主动建立一个连接
SYN_RECV
表明此套接字已接收到连接请求
FIN_WAIT1
表明此套接字被关闭, 其上已建立的连接的本地端也已被停止. (此时连接的另一方还不知道这边已经被停止)
FIN_WAIT2
表明此套接字被关闭, 其上已建立的连接的本地端也已被停止, (并且对方已知道这边被停止), 本地端
正等待对方停止
TIME_WAIT
表明此套接字处于关闭后的等待阶段(等待那些属于此套接字, 但仍在网络上传输的数据包消失 )
CLOSE
表明此套接字没有被使用
CLOSE_WAIT
The remote end has shut down, waiting for the socket to close.
表明此套接字的另一端已经关闭, 等待本端关闭.
LAST_ACK
表明此套接字的另一端已经关闭, 本端也已关闭, 并已经通知了对方, 但需要等待对方的应答
LISTEN
表明此套接字正在侦听进入的连接请求. 如果启动的时候没有指定--listening 或 --all 选项,
处于侦听状态的套接字将不会被显示.
CLOSING
套接字的双方都被关闭, 但套接字中还有数据没有传送完
UNKNOWN
未知的套接字状态
User
套接字所有者的用户名或者用户id号(UID).
PID/Program name
斜杠分隔的'进程PID/进程名'对, 该进程对此套接字拥有所有权. 启动时的--program 选项会产生此字段的输出.
对于不属于netstat进程所有者的套接字的查看, 需要超级用户的权限. 对于IPX数据包, 暂无该字段信息.
Timer
(nt: this needs to be written, 初步可理解为, 该字段需要继续编写完成)
活跃的UNIX 域套接字
Proto
表示套接字上使用的协议(通常是unix 协议).
RefCnt
引用计数(比如, 关联此套接字的进程).
Flags
此标志字段的取值有: SO_ACCEPTON(显示为ACC), SO_WAITDATA(显示为W) 或 SO_NOSPACE(显示为N).
SO_ACCECPTON 被用于未连接的套接字(正在等待外来的连接请求). 其他两个通常用的较少(nt: 具体含义未知, 需补充).
Type
此标志字段标识套接字的类型(nt: socket access, 套接字的存取类型, 可理解为通常所说的'套接字类型' ), 目前有如下类型:
SOCK_DGRAM
此套接字为数据报类型(无连接的类型)
SOCK_STREAM
此套接字为流类型(有连接的类型)
SOCK_RAW
此套接字为原类型(nt: 可理解为, 此类型可用来发送和接收IP 层以上的原始数据包, 如TCP, UDP数据包,
此时,报文的IP头、TCP头、UDP头等需要手动赋值)
SOCK_RDM
此套接字类型对应可靠无链接消息
SOCK_SEQPACKET
此套接字类型对应可靠面向链接消息(nt: 可理解为, 与SOCK_STREAM 类似,
区别为前者不提供信息边界,但是SOCK_SEQPACKET提供(即, 每一个数据会按着他原始写入的单元尺寸和顺序进行接收,
如发送端的上应用分两次分别发送了20,30字节的两段数据, 接收端虽然接收缓冲大于50个字节, 但其上应用还是要分
两次读取此套接字才可以把数据收到, 且第一次收到20, 第二次收到30, 不会读一次就把50个字节全部收到).
SOCK_PACKET
此套接字为数据包类型, 可用于对原始数据包的访问.
UNKNOWN
谁也不知道未来是什么样子, 所以, 未知的类型就归类于此. :-)
State
此字段表示套接字的状态, 其有取值:
FREE 此套接字未分别配(nt:not allocated, '未分配', 其真实含义未知, 需补充.
此处可理解为UNIX 域套接字的特殊状态)
LISTENING
此套接字处于侦听并等待外部进入的连接请求的状态. 只有启动时指定 --listening, 或 -all 选项
才会显示此类套接字.
CONNECTING
在此套接字上, 正准备建立一个连接.
CONNECTED
此套接字上连接已建立.
DISCONNECTING
此套接字上连接已断开.
(empty)
The socket is not connected to another one.
此套接字上从未建立过连接.
UNKNOWN
This state should never happen.
此状态不应该出现.(nt: 可理解为, 如果出现此状态, 一定是哪里出错了)
PID/Program name
打开此套接字进程的ID号. 更多的信息会在位置靠上边的'活跃网络连接‘字段(nt: Active Internet connections section)
中显示.
Path
这是打开此套接字进程的相应可执行程序路径名.
Active IPX sockets
(nt: 未知, 需继续补充, 原文作者可能也没遇到过该字段的打印)
Active NET/ROM sockets
(nt: 未知, 需继续补充, 原文作者可能也没遇到过该字段的打印)
Active AX.25 sockets
(nt: 未知, 需继续补充, 原文作者可能也没遇到过该字段的打印)
注意
从Linux 版本2.2开始, netstat的 -i 选项并不显示'别名网络接口'(nt: 可通过ifconfig 来为一个网络
接口指定另一个名字和ip等相应参数, '别名网络接口' 可理解为此时新命名的接口).
如果要使netstat 显示别名网络接口, 需要手动使用ipchains 命令来设置显式规则.
相关文件
/etc/services -- 系统服务映射表
/proc -- proc 文件系统在整个文件系统中的挂载位置. proc 文件系统通过以下列出的文件提供了内核的一些信息.
/proc/net/dev -- 设备信息
/proc/net/raw -- 原始套接字信息
/proc/net/tcp -- TCP 套接字信息
/proc/net/udp -- UDP 套接字信息
/proc/net/igmp -- (IGMP, Internet Group Membership Protocol, 互联网组管理协议)
IGMP对应的多播信息
/proc/net/unix -- UNIX域套接字信息
/proc/net/ipx -- IPX套接字信息(nt: IPX, Internetwork Packet Exchange, Novell 网络中使用的网络层协议 )
/proc/net/ax25 -- AX25套接字信息(nt: AX25, X.25协议栈中‘数据链路层协议’,
此协议先于OSI-ISO模型的出现, 这里的'数据链路层'定义比较广,
甚至可以覆盖到通常OSI-ISO模型中的1, 2, 3层. )
/proc/net/appletalk -- DDP套接字信息(nt: DDP, The AppleTalk Data Delivery Protocol, 相当于支
持KIP AppleTalk协议栈的网络层协议)
/proc/net/nr -- NET/ROM 套接字信息(nt: NET/ROM 未知, 需补充)
/proc/net/route -- IP 路由信息
/proc/net/ax25_route -- AX25 路由信息
/proc/net/ipx_route -- IPX 路由信息
/proc/net/nr_nodes -- NET/ROM 节点列表(nt: NET/ROM 未知, 需补充)
/proc/net/nr_neigh -- NET/ROM 相邻节点列表(nt: NET/ROM 未知, 需补充)
/proc/net/ip_masquerade -- 虚拟连接的信息(nt: '虚拟连接' 的具体定义未知, 需补充)
/proc/net/snmp -- SNMP(nt: snmp, Simple Network Management Protocola,
简单网络管理协议)对应的一些统计信息
参考
route(8), ifconfig(8), ipchains(8), iptables(8), proc(5)
已知缺陷
如果一个网络接口在通过netstat查看的同时有所变化, 则netstat会偶发的打印出一些杂乱信息. 不过这种情况
发生的可能性不大.
作者
netstat 的用户接口部分由Fred Baumgarten <dc6iq@insu1.etec.uni-karlsruhe.de> 编写, 而man 手册页主要由
Matt Welsh <mdw@tc.cornell.edu>编写. 之后, Alan Cox <Alan.Cox@linux.org> 与 uan Hoang <tqhoang@bigfoot.com>
分别对netstat 进行了更新. 其手册页及net-tools软件包中与netstat相关的命令最后由
Bernd Eckenfels<ecki@linux.de>完全进行了重写.
net-tools 2007-12-02 NETSTAT(8)
英文版
========
NETSTAT(8) Linux Programmer's Manual NETSTAT(8)
NAME
netstat - Print network connections, routing tables, interface statistics, masquerade connec-
tions, and multicast memberships
SYNOPSIS
netstat [address_family_options] [--tcp|-t] [--udp|-u] [--raw|-w] [--listening|-l] [--all|-a]
[--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--symbolic|-N]
[--extend|-e[--extend|-e]] [--timers|-o] [--program|-p] [--verbose|-v] [--continuous|-c]
netstat {--route|-r} [address_family_options] [--extend|-e[--extend|-e]] [--verbose|-v]
[--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--continuous|-c]
netstat {--interfaces|-i} [--all|-a] [--extend|-e[--extend|-e]] [--verbose|-v] [--program|-p]
[--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users] [--continuous|-c]
netstat {--groups|-g} [--numeric|-n] [--numeric-hosts] [--numeric-ports] [--numeric-users]
[--continuous|-c]
netstat {--masquerade|-M} [--extend|-e] [--numeric|-n] [--numeric-hosts] [--numeric-ports]
[--numeric-users] [--continuous|-c]
netstat {--statistics|-s} [--tcp|-t] [--udp|-u] [--raw|-w]
netstat {--version|-V}
netstat {--help|-h}
address_family_options:
[-4] [-6] [--protocol={inet,unix,ipx,ax25,netrom,ddp}[,...]] [--unix|-x] [--inet|--ip] [--ax25]
[--ipx] [--netrom] [--ddp]
DESCRIPTION
Netstat prints information about the Linux networking subsystem. The type of information printed
is controlled by the first argument, as follows:
(none)
By default, netstat displays a list of open sockets. If you don't specify any address families,
then the active sockets of all configured address families will be printed.
--route , -r
Display the kernel routing tables. See the description in route(8) for details. netstat -r and
route -e produce the same output.
--groups , -g
Display multicast group membership information for IPv4 and IPv6.
--interfaces, -i
Display a table of all network interfaces.
--masquerade , -M
Display a list of masqueraded connections.
--statistics , -s
Display summary statistics for each protocol.
OPTIONS
--verbose , -v
Tell the user what is going on by being verbose. Especially print some useful information about
unconfigured address families.
--numeric , -n
Show numerical addresses instead of trying to determine symbolic host, port or user names.
--numeric-hosts
shows numerical host addresses but does not affect the resolution of port or user names.
--numeric-ports
shows numerical port numbers but does not affect the resolution of host or user names.
--numeric-users
shows numerical user IDs but does not affect the resolution of host or port names.
--protocol=family , -A
Specifies the address families (perhaps better described as low level protocols) for which con-
nections are to be shown. family is a comma (',') separated list of address family keywords like
inet, unix, ipx, ax25, netrom, and ddp. This has the same effect as using the --inet, --unix
(-x), --ipx, --ax25, --netrom, and --ddp options.
The address family inet includes raw, udp and tcp protocol sockets.
-c, --continuous
This will cause netstat to print the selected information every second continuously.
-e, --extend
Display additional information. Use this option twice for maximum detail.
-o, --timers
Include information related to networking timers.
-p, --program
Show the PID and name of the program to which each socket belongs.
-l, --listening
Show only listening sockets. (These are omitted by default.)
-a, --all
Show both listening and non-listening sockets. With the --interfaces option, show interfaces
that are not up
-F
Print routing information from the FIB. (This is the default.)
-C
Print routing information from the route cache.
OUTPUT
Active Internet connections (TCP, UDP, raw)
Proto
The protocol (tcp, udp, raw) used by the socket.
Recv-Q
The count of bytes not copied by the user program connected to this socket.
Send-Q
The count of bytes not acknowledged by the remote host.
Local Address
Address and port number of the local end of the socket. Unless the --numeric (-n) option is
specified, the socket address is resolved to its canonical host name (FQDN), and the port number
is translated into the corresponding service name.
Foreign Address
Address and port number of the remote end of the socket. Analogous to "Local Address."
State
The state of the socket. Since there are no states in raw mode and usually no states used in UDP,
this column may be left blank. Normally this can be one of several values:
ESTABLISHED
The socket has an established connection.
SYN_SENT
The socket is actively attempting to establish a connection.
SYN_RECV
A connection request has been received from the network.
FIN_WAIT1
The socket is closed, and the connection is shutting down.
FIN_WAIT2
Connection is closed, and the socket is waiting for a shutdown from the remote end.
TIME_WAIT
The socket is waiting after close to handle packets still in the network.
CLOSE The socket is not being used.
CLOSE_WAIT
The remote end has shut down, waiting for the socket to close.
LAST_ACK
The remote end has shut down, and the socket is closed. Waiting for acknowledgement.
LISTEN The socket is listening for incoming connections. Such sockets are not included in the
output unless you specify the --listening (-l) or --all (-a) option.
CLOSING
Both sockets are shut down but we still don't have all our data sent.
UNKNOWN
The state of the socket is unknown.
User
The username or the user id (UID) of the owner of the socket.
PID/Program name
Slash-separated pair of the process id (PID) and process name of the process that owns the
socket. --program causes this column to be included. You will also need superuser privileges to
see this information on sockets you don't own. This identification information is not yet avail-
able for IPX sockets.
Timer
(this needs to be written)
Active UNIX domain Sockets
Proto
The protocol (usually unix) used by the socket.
RefCnt
The reference count (i.e. attached processes via this socket).
Flags
The flags displayed is SO_ACCEPTON (displayed as ACC), SO_WAITDATA (W) or SO_NOSPACE (N).
SO_ACCECPTON is used on unconnected sockets if their corresponding processes are waiting for a
connect request. The other flags are not of normal interest.
Type
There are several types of socket access:
SOCK_DGRAM
The socket is used in Datagram (connectionless) mode.
SOCK_STREAM
This is a stream (connection) socket.
SOCK_RAW
The socket is used as a raw socket.
SOCK_RDM
This one serves reliably-delivered messages.
SOCK_SEQPACKET
This is a sequential packet socket.
SOCK_PACKET
Raw interface access socket.
UNKNOWN
Who ever knows what the future will bring us - just fill in here :-)
State
This field will contain one of the following Keywords:
FREE The socket is not allocated
LISTENING
The socket is listening for a connection request. Such sockets are only included in the
output if you specify the --listening (-l) or --all (-a) option.
CONNECTING
The socket is about to establish a connection.
CONNECTED
The socket is connected.
DISCONNECTING
The socket is disconnecting.
(empty)
The socket is not connected to another one.
UNKNOWN
This state should never happen.
PID/Program name
Process ID (PID) and process name of the process that has the socket open. More info available
in Active Internet connections section written above.
Path
This is the path name as which the corresponding processes attached to the socket.
Active IPX sockets
(this needs to be done by somebody who knows it)
Active NET/ROM sockets
(this needs to be done by somebody who knows it)
Active AX.25 sockets
(this needs to be done by somebody who knows it)
NOTES
Starting with Linux release 2.2 netstat -i does not show interface statistics for alias inter-
faces. To get per alias interface counters you need to setup explicit rules using the ipchains(8)
command.
FILES
/etc/services -- The services translation file
/proc -- Mount point for the proc filesystem, which gives access to kernel status information via
the following files.
/proc/net/dev -- device information
/proc/net/raw -- raw socket information
/proc/net/tcp -- TCP socket information
/proc/net/udp -- UDP socket information
/proc/net/igmp -- IGMP multicast information
/proc/net/unix -- Unix domain socket information
/proc/net/ipx -- IPX socket information
/proc/net/ax25 -- AX25 socket information
/proc/net/appletalk -- DDP (appletalk) socket information
/proc/net/nr -- NET/ROM socket information
/proc/net/route -- IP routing information
/proc/net/ax25_route -- AX25 routing information
/proc/net/ipx_route -- IPX routing information
/proc/net/nr_nodes -- NET/ROM nodelist
/proc/net/nr_neigh -- NET/ROM neighbours
/proc/net/ip_masquerade -- masqueraded connections
/proc/net/snmp -- statistics
SEE ALSO
route(8), ifconfig(8), ipchains(8), iptables(8), proc(5)
BUGS
Occasionally strange information may appear if a socket changes as it is viewed. This is unlikely
to occur.
AUTHORS
The netstat user interface was written by Fred Baumgarten <dc6iq@insu1.etec.uni-karlsruhe.de>,
the man page basically by Matt Welsh <mdw@tc.cornell.edu>. It was updated by Alan Cox
<Alan.Cox@linux.org> but could do with a bit more work. It was updated again by Tuan Hoang
<tqhoang@bigfoot.com>.
The man page and the command included in the net-tools package is totally rewritten by Bernd Eck-
enfels <ecki@linux.de>.
net-tools 2007-12-02 NETSTAT(8)
符号约定
========
越少越好:
nt: 即note的缩写, 表示翻译时的补充说明部分
评论 (0)
