CLOSE

Search For:




BY TAGS

linux HTTP golang flutter java fintech 개발환경 kubernetes network Docker devops database tutorial cli 분산시스템 www 블록체인 AWS system admin bigdata 보안 금융 msa mysql redis Linux command dns javascript CICD VPC FILESYSTEM S3 NGINX TCP/IP ZOOKEEPER NOSQL IAC CLOUD TERRAFORM logging IT용어 Kafka docker-compose Dart

netstat 13가지 사용팁

 Recommanded Free YOUTUBE Lecture: <% selectedImage[1] %>

Contents

원문 : Linux networking: 13 uses for netstat

처음 리눅스 시스템을 사용한 1998년부터 netstat를 사용했다. 20년이 훨씬 지난 툴이지만 대부분의 리눅스 배포판에 기본으로 설치되어 있고, 어떤 환경에서도 실행 할 수 있기 때문에 지금도 사용하고 있다.

netstat는 network statistics의 줄임말이다. 용어그대로 네트워크의 상태를 모니터링하기 위한 도구로 사용한다. 송/수신 연결 정보, 라우팅 테이블, 송/수신 포트, 패킷통계 모니터링이 일반적인 용도다. netstat의 기본 사용법과 유용한 사례를 살펴보려한다.

모든 listening 포트 목록

모든 TCP, UDP listening 포트 목록을 출력한다. 
netstat -a

# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:nfs             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:43973           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:sunrpc          0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:40723           0.0.0.0:*               LISTEN
tcp        0      0 yundream:domain         0.0.0.0:*               LISTEN
tcp        0      0 localhost:domain        0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN
tcp        0      0 localhost:ipp           0.0.0.0:*               LISTEN
tcp        0      0 localhost:postgresql    0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:42399           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:55519           0.0.0.0:*               LISTEN
udp        0      0 0.0.0.0:53116           0.0.0.0:*                          
udp        0      0 0.0.0.0:53627           0.0.0.0:*                          
udp        0      0 0.0.0.0:mdns            0.0.0.0:*                          
udp        0      0 localhost:58071         localhost:58071         ESTABLISHED
udp        0      0 localhost:domain        0.0.0.0:*                          

Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     54333    @/tmp/.ICE-unix/1693
unix  2      [ ACC ]     SEQPACKET  LISTENING     3257     /run/udev/control
unix  2      [ ]         DGRAM                    43770    /run/user/1000/systemd/notify
unix  2      [ ACC ]     STREAM     LISTENING     43773    /run/user/1000/systemd/private
unix  2      [ ACC ]     STREAM     LISTENING     43778    /run/user/1000/bus
unix  3      [ ]         DGRAM                    3213     /run/systemd/notify
unix  2      [ ACC ]     STREAM     LISTENING     43779    /run/user/1000/gnupg/S.dirmngr
unix  2      [ ACC ]     STREAM     LISTENING     43780    /run/user/1000/gnupg/S.gpg-agent.browser
unix  2      [ ACC ]     STREAM     LISTENING     43781    /run/user/1000/gnupg/S.gpg-agent.extra
unix  2      [ ACC ]     STREAM     LISTENING     43782    /run/user/1000/gnupg/S.gpg-agent.ssh
unix  2      [ ACC ]     STREAM     LISTENING     43783    /run/user/1000/gnupg/S.gpg-agent
출력 내용이 너무 길어서 일부 편집했다. TCP, UDP는 물론이고 Unix Domain Socket 까지 출력한다. 전체 상황을 보기에는 좋은데 더무 많은 정보를 출력하기 때문에 보통은 다른 조건을 덧붙여서 사용한다.

TCP 포트 연결만 출력

-a 옵션은 정보를 너무 많이 출력한다. -t 옵션을 이용해서 TCP 연결만 출력 할 수 있다. 
# netstat -at      
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:nfs             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:43973           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:sunrpc          0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:40723           0.0.0.0:*               LISTEN     
tcp        0      0 yundream:domain         0.0.0.0:*               LISTEN     
tcp        0      0 localhost:domain        0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN     
tcp        0      0 localhost:ipp           0.0.0.0:*               LISTEN     
tcp        0      0 localhost:postgresql    0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:42399           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:55519           0.0.0.0:*               LISTEN     
tcp6       0      0 [::]:nfs                [::]:*                  LISTEN     
tcp6       0      0 [::]:59533              [::]:*                  LISTEN     
tcp6       0      0 [::]:sunrpc             [::]:*                  LISTEN     
tcp6       0      0 [::]:http               [::]:*                  LISTEN     
tcp6       0      0 [::]:1716               [::]:*                  LISTEN     
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN     
tcp6       0      0 ip6-localhost:ipp       [::]:*                  LISTEN     
tcp6       0      0 [::]:42551              [::]:*                  LISTEN     
tcp6       0      0 [::]:https              [::]:*                  LISTEN

UDP 포트 연결만 출력

-a 옵션 다음에 -u 옵션을 함께 사용하면 된다. 
# netstat -au
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
udp        0      0 0.0.0.0:53116           0.0.0.0:*                          
udp        0      0 0.0.0.0:53627           0.0.0.0:*                          
udp        0      0 0.0.0.0:mdns            0.0.0.0:*                          
udp        0      0 localhost:58071         localhost:58071         ESTABLISHED
udp        0      0 yundream:domain         0.0.0.0:*                          
udp        0      0 localhost:domain        0.0.0.0:*                          
udp        0      0 0.0.0.0:bootps          0.0.0.0:*                          
udp        0      0 yundream:bootpc         _gateway:bootps         ESTABLISHED
udp        0      0 0.0.0.0:sunrpc          0.0.0.0:*                          
udp        0      0 0.0.0.0:33121           0.0.0.0:*                          
udp        0      0 0.0.0.0:631             0.0.0.0:*                          
udp        0      0 0.0.0.0:nfs             0.0.0.0:*                          
udp        0      0 0.0.0.0:35347           0.0.0.0:*                          
udp        0      0 0.0.0.0:36175           0.0.0.0:*                          
udp6       0      0 [::]:37030              [::]:*                             
udp6       0      0 [::]:37765              [::]:*                             
udp6       0      0 [::]:mdns               [::]:*                             
udp6       0      0 [::]:39771              [::]:*                             
udp6       0      0 [::]:40839              [::]:*

모든 actively 리슨 포트 출력 

# netstat -l 
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:nfs             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:43973           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:sunrpc          0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:40723           0.0.0.0:*               LISTEN     
tcp        0      0 yundream:domain         0.0.0.0:*               LISTEN     
tcp        0      0 localhost:domain        0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN     
tcp        0      0 localhost:ipp           0.0.0.0:*               LISTEN     
tcp        0      0 localhost:postgresql    0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:42399           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:55519           0.0.0.0:*               LISTEN     
tcp6       0      0 [::]:nfs                [::]:*                  LISTEN     
tcp6       0      0 [::]:59533              [::]:*                  LISTEN     
udp        0      0 0.0.0.0:53116           0.0.0.0:*                          
udp        0      0 0.0.0.0:53627           0.0.0.0:*                          
udp        0      0 0.0.0.0:mdns            0.0.0.0:*                          
udp        0      0 yundream:domain         0.0.0.0:*                          
udp        0      0 localhost:domain        0.0.0.0:*                          
udp        0      0 0.0.0.0:bootps          0.0.0.0:*                          
udp        0      0 0.0.0.0:sunrpc          0.0.0.0:*                          
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     54333    @/tmp/.ICE-unix/1693
unix  2      [ ACC ]     SEQPACKET  LISTENING     3257     /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     43773    /run/user/1000/systemd/private
unix  2      [ ACC ]     STREAM     LISTENING     43778    /run/user/1000/bus
unix  2      [ ACC ]     STREAM     LISTENING     43779    /run/user/1000/gnupg/S.dirmngr
unix  2      [ ACC ]     STREAM     LISTENING     43780    /run/user/1000/gnupg/S.gpg-agent.browser
unix  2      [ ACC ]     STREAM     LISTENING     43781    /run/user/1000/gnupg/S.gpg-agent.extra
unix  2      [ ACC ]     STREAM     LISTENING     43782    /run/user/1000/gnupg/S.gpg-agent.ssh
unix  2      [ ACC ]     STREAM     LISTENING     43783    /run/user/1000/gnupg/S.gpg-agent
unix  2      [ ACC ]     STREAM     LISTENING     31252    /var/run/nvidia-persistenced/socket
unix  2      [ ACC ]     STREAM     LISTENING     43784    /run/user/1000/pk-debconf-socket
unix  2      [ ACC ]     STREAM     LISTENING     43785    /run/user/1000/pulse/native
내용이 너무 길어서 일부 편집했다. -t, -u 옵션을 이용해서 원하는 프로토콜만 출력 할 수 있다.

TCP 리슨 포트만 출력 

# netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:nfs             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:43973           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:sunrpc          0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:40723           0.0.0.0:*               LISTEN     
tcp        0      0 yundream:domain         0.0.0.0:*               LISTEN     
tcp        0      0 localhost:domain        0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN     
tcp        0      0 localhost:ipp           0.0.0.0:*               LISTEN     
tcp        0      0 localhost:postgresql    0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:42399           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:55519           0.0.0.0:*               LISTEN     
tcp6       0      0 [::]:nfs                [::]:*                  LISTEN     
tcp6       0      0 [::]:59533              [::]:*                  LISTEN     
tcp6       0      0 [::]:sunrpc             [::]:*                  LISTEN     
tcp6       0      0 [::]:http               [::]:*                  LISTEN     
tcp6       0      0 [::]:1716               [::]:*                  LISTEN     
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN

UDP 리슨 포트만 출력 

# netstat -lu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
udp        0      0 0.0.0.0:53116           0.0.0.0:*                          
udp        0      0 0.0.0.0:53627           0.0.0.0:*                          
udp        0      0 0.0.0.0:mdns            0.0.0.0:*                          
udp        0      0 yundream:domain         0.0.0.0:*                          
udp        0      0 localhost:domain        0.0.0.0:*                          
udp        0      0 0.0.0.0:bootps          0.0.0.0:*                          
udp        0      0 0.0.0.0:sunrpc          0.0.0.0:*                          
udp        0      0 0.0.0.0:33121           0.0.0.0:*                          
udp        0      0 0.0.0.0:631             0.0.0.0:*                          
udp        0      0 0.0.0.0:nfs             0.0.0.0:*                          
udp        0      0 0.0.0.0:35347           0.0.0.0:*                          
udp        0      0 0.0.0.0:36175           0.0.0.0:*                          
udp6       0      0 [::]:37030              [::]:*

포트를 사용하는 프로세스 확인

-p 옵션을 이용해서 포트를 사용 중인 프로세스를 출력 할 수 있다. -a 옵션과 함께 사용하는데, 너무 내용이 많기 때문에 보통은 grep과 함께 사용한다. 예를 들어 http를 사용하는 프로세스를 확인하고 싶다면 아래와 같이 하면 된다. 
netstat -ap | grep http 
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp        0      0 yundream:58608          ec2-52-41-191-53.:https ESTABLISHED 2110/firefox        
tcp        0      0 yundream:42698          e7.cc.36a9.ip4.st:https ESTABLISHED 2110/firefox        
tcp        0      0 yundream:37720          nrt13s49-in-f14.1:https ESTABLISHED 2110/firefox        
tcp        0      0 yundream:38252          xx-fbcdn-shv-01-g:https ESTABLISHED 2110/firefox        
tcp        0      0 yundream:52118          edge-star-shv-01-:https ESTABLISHED 2110/firefox        
tcp        0      0 yundream:37214          nrt12s14-in-f238.:https ESTABLISHED 2110/firefox

프로토콜별 사용통계

-s 옵션으로 네트워크 통계를 모니터링 할 수 있다. 
netstat -s             
Ip:
    Forwarding: 1
    372357 total packets received
    1236 forwarded
    0 incoming packets discarded
    370420 incoming packets delivered
    219178 requests sent out
    20 outgoing packets dropped
    10 dropped because of missing route
    3 fragments received ok
    6 fragments created
Icmp:
    65 ICMP messages received
    0 input ICMP message failed
    ICMP input histogram:
        destination unreachable: 65
    68 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 68
IcmpMsg:
        InType3: 65
        OutType3: 68
Tcp:
    1040 active connection openings
    4 passive connection openings
    1 failed connection attempts
    9 connection resets received
    5 connections established
    360890 segments received
    208009 segments sent out
    830 segments retransmitted
    59 bad segments received
    659 resets sent
Udp:
    9326 packets received
    68 packets to unknown port received
    0 packet receive errors
    9423 packets sent
    0 receive buffer errors
    0 send buffer errors
    IgnoredMulti: 49

TCP 통계 

# netstat -st
IcmpMsg:
    InType3: 65
    OutType3: 68
Tcp:
    1042 active connection openings
    4 passive connection openings
    1 failed connection attempts
    9 connection resets received
    7 connections established
    360979 segments received
    208105 segments sent out
    838 segments retransmitted
    59 bad segments received
    659 resets sent
UdpLite:
TcpExt:
    430 TCP sockets finished time wait in fast timer
    814 delayed acks sent
    Quick ack mode was activated 966 times
    323469 packet headers predicted
    5903 acknowledgments not containing data payload received
    3951 predicted acknowledgments
    TCPSackRecovery: 137
    Detected reordering 8 times using SACK
    TCPDSACKUndo: 23

UDP 통계 

# netstat -su
IcmpMsg:
    InType3: 65
    OutType3: 68
Udp:
    9351 packets received
    68 packets to unknown port received
    0 packet receive errors
    9448 packets sent
    0 receive buffer errors
    0 send buffer errors
    IgnoredMulti: 49
UdpLite:
IpExt:
    InNoRoutes: 1
    InMcastPkts: 175
    OutMcastPkts: 157
    InBcastPkts: 52
    OutBcastPkts: 6
    InOctets: 502313918
    OutOctets: 17665159
    InMcastOctets: 17824
    OutMcastOctets: 14753
    InBcastOctets: 33694
    OutBcastOctets: 5778
    InNoECTPkts: 372525

Raw 네트워크 통계

어떠한 필터링을 거치지 않는 raw 통계를 그대로 출력한다. 
netstat --statistics --raw
Ip:
    Forwarding: 1
    372606 total packets received
    1236 forwarded
    0 incoming packets discarded
    370660 incoming packets delivered
    219443 requests sent out
    20 outgoing packets dropped
    10 dropped because of missing route
    3 fragments received ok
    6 fragments created
Icmp:
    65 ICMP messages received
    0 input ICMP message failed
    ICMP input histogram:
        destination unreachable: 65
    68 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 68
IcmpMsg:
        InType3: 65
        OutType3: 68
UdpLite:
IpExt:
    InNoRoutes: 1
    InMcastPkts: 175
    OutMcastPkts: 157
    InBcastPkts: 54
    OutBcastPkts: 6
    InOctets: 502327754
    OutOctets: 17675293
    InMcastOctets: 17824
    OutMcastOctets: 14753
    InBcastOctets: 34846
    OutBcastOctets: 5778
    InNoECTPkts: 372608

서비스 PID 출력

네트워크를 이용중인 프로세스의 PID를 출력한다. 
# netstat -tp
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 yundream:51280          nrt12s22-in-f14.1:https TIME_WAIT   -                   
tcp        0      0 yundream:56772          nrt20s08-in-f14.1:https TIME_WAIT   -                   
tcp        0      0 yundream:58608          ec2-52-41-191-53.:https ESTABLISHED 2110/firefox        
tcp        0      0 yundream:42698          e7.cc.36a9.ip4.st:https ESTABLISHED 2110/firefox        
tcp        0      0 yundream:38252          xx-fbcdn-shv-01-g:https ESTABLISHED 2110/firefox

네트워크 인터페이스 I/O

-i 옵션을 이용해서 인터페이스별 send/receive 통계를 모니터링 할 수 있다. 
netstat -i
Kernel Interface table
Iface      MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
br-057f2  1500        0      0      0 0             0      0      0      0 BMU
br-48417  1500        0      0      0 0             0      0      0      0 BMU
br-ed9b1  1500        0      0      0 0             0      0      0      0 BMU
docker0   1500      846      0      0 0           916      0      0      0 BMRU
eno1      1500        0      0      0 0             0      0      0      0 BMU
lo       65536     7548      0      0 0          7548      0      0      0 LRU
veth6bdc  1500      617      0      0 0           763      0      0      0 BMRU
veth6ef4  1500      229      0      0 0           230      0      0      0 BMRU
virbr0    1500        0      0      0 0             0      0      0      0 BMU
wlx00266  1500   364289      0      0 0        198378      0      0      0 BMRU

테스트

nc(netcat)을 이용해서 TCP 4444 포트에 바인드 한다. 
# nc -l 4444

netstat로 프로세스를 확인해보자. 
# netstat -ltp
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:nfs             0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:43973           0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:sunrpc          0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:40723           0.0.0.0:*               LISTEN      -                   
tcp        0      0 yundream:domain         0.0.0.0:*               LISTEN      -                   
tcp        0      0 localhost:domain        0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN      -                   
tcp        0      0 localhost:ipp           0.0.0.0:*               LISTEN      -                   
tcp        0      0 localhost:postgresql    0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:4444            0.0.0.0:*               LISTEN      20315/nc            
tcp        0      0 0.0.0.0:42399           0.0.0.0:*               LISTEN      -
20315 PID를 가지는 nc 프로세스가 4444에 바인드하고 있는 걸 확인 할 수 있다.

UDP 4444 포트에 바인드 한 후, 프로세스를 확인해 보자. 
# nc -ul 4444

# netstat -lup | grep 4444
udp        0      0 0.0.0.0:4444            0.0.0.0:*                           20610/nc

참고

Recent Posts

Archive Posts

Tags

About

Joinc proposes educational computer-engineering contents. Especially, the contents focus on recently popular and meaningful topics, technically helpful for those who already work or to-be developers in the computer industry and theoretical or typical topics covered in undergraduate courses.

Get in Touch

  • joinc.help@gmail.com

Categories

Copyrights © - Joinc, All Rights Reserved.
Inherited From - Yundream Rebranded By - Joonphil