1) 라우팅 테이블 확인하기 : -r 옵션 - netstat 명령에 -r 옵션을 사용하면 라우팅 테이블을 확인할 수 있음 - '-n' 옵션을 함께 사용하면 이름 대신 IP 주소가 출력 - 'netstat -r' 로 출력되는 라우팅 테이블 정보는 'route' 명령의 출력과 같음 ==============================================================
sjw@sjw-HP-Mini-110-3500:~$ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0 192.168.0.0 * 255.255.255.0 U 9 0 0 wlan0 sjw@sjw-HP-Mini-110-3500:~$ netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface default 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0 192.168.0.0 * 255.255.255.0 U 0 0 0 wlan0 sjw@sjw-HP-Mini-110-3500:~$ netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0 sjw@sjw-HP-Mini-110-3500:~$
==============================================================
2) 현재 열려 있는 포트 확인 - 네트워크로 통신할 때는 현재 통신이 진행 중인 서비스는 해당 서비스 포트가 LISTEN 상태 - 이를 통해 어떤 포트가 열려 있고 서비스 중인지 확인 가능 ============================================================== sjw@sjw-HP-Mini-110-3500:~$ netstat -an | grep LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN tcp6 0 0 ::1:631 :::* LISTEN unix 2 [ ACC ] STREAM LISTENING 1817 /tmp/.X11-unix/X0 unix 2 [ ACC ] STREAM LISTENING 12977 /tmp/.ICE-unix/2096 unix 2 [ ACC ] STREAM LISTENING 12976 @/tmp/.ICE-unix/2096 unix 2 [ ACC ] STREAM LISTENING 14616 /run/user/1000/keyring-vT8uUL/pkcs11 unix 2 [ ACC ] STREAM LISTENING 14621 /run/user/1000/keyring-vT8uUL/ssh unix 2 [ ACC ] STREAM LISTENING 14623 /run/user/1000/keyring-vT8uUL/gpg unix 2 [ ACC ] STREAM LISTENING 1816 @/tmp/.X11-unix/X0 unix 2 [ ACC ] SEQPACKET LISTENING 7729 /run/udev/control unix 2 [ ACC ] STREAM LISTENING 13926 @/tmp/dbus-4ER9ick1fW unix 2 [ ACC ] STREAM LISTENING 13882 /run/user/1000/keyring-vT8uUL/control unix 2 [ ACC ] STREAM LISTENING 10570 /var/run/dbus/system_bus_socket unix 2 [ ACC ] STREAM LISTENING 1305 @/com/ubuntu/upstart unix 2 [ ACC ] STREAM LISTENING 10609 /var/run/sdp unix 2 [ ACC ] STREAM LISTENING 14686 @/tmp/dbus-vjXlPALt4Q unix 2 [ ACC ] STREAM LISTENING 86930 /var/run/cups/cups.sock unix 2 [ ACC ] STREAM LISTENING 14691 @/tmp/dbus-ChavgUD8 unix 2 [ ACC ] STREAM LISTENING 13902 @/com/ubuntu/upstart-session/1000/1923 unix 2 [ ACC ] STREAM LISTENING 1737 /var/run/acpid.socket unix 2 [ ACC ] STREAM LISTENING 15571 /run/user/1000/pulse/native sjw@sjw-HP-Mini-110-3500:~$
==============================================================
3) 현재 열려 있는 포트를 사용 중인 프로세스 확인하기 : -p 옵션 - '-p' 옵션으로 현재 열려 있는 포트를 사용하는 프로세스를 확인 - 유닉스 도메인 소켓으로 내부 포트를 사용 중인 프로세스만 있음을 알수 있음 - ' SSH'나 텔넷 등을 사용하면 tcp를 통해 연결되는 프로세스가 보임 ============================================================== sjw@sjw-HP-Mini-110-3500:~$ sudo netstat -p | more [sudo] password for sjw: Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 192.168.0.12:43851 182.163.204.37:http TIME_WAIT - tcp 0 0 192.168.0.12:42904 199.27.79.193:http TIME_WAIT - tcp 0 0 192.168.0.12:43856 182.163.204.37:http TIME_WAIT - tcp 0 0 192.168.0.12:37823 ec2-52-11-36-85.u:https ESTABLISHED 2517/firefox tcp 0 0 192.168.0.12:46004 211.233.37.15:9156 ESTABLISHED 2517/firefox tcp 0 0 192.168.0.12:43850 182.163.204.37:http TIME_WAIT - tcp 0 0 192.168.0.12:36968 117.53.117.25:http TIME_WAIT - tcp 0 0 192.168.0.12:43855 182.163.204.37:http TIME_WAIT - tcp 0 0 192.168.0.12:43857 182.163.204.37:http TIME_WAIT - tcp 0 0 192.168.0.12:33433 182.163.204.34:http TIME_WAIT - --More-- ==============================================================
4) 인터페이스별 네트워크 통계 정보 확인하기 : -i 옵션 - 현재 사용 중인 인터페이스별로 네트워크 통계 정보를 확인하려면 '-i' 옵션을 사용 - 'RX-OK', 'TX-OK' 는 정상적으로 주고 받은 패킷의 개수 - 'RX-ERR', 'RX-DPR', 'RX-OVR', 'TX-ERR', 'TX-DPR', 'TX-OVR' 은 송수신 중에
오류가 발생한 패킷의 갯수 ============================================================== sjw@sjw-HP-Mini-110-3500:~$ netstat -i Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 0 0 0 0 0 0 0 0 BMU lo 65536 0 32905 0 0 0 32905 0 0 0 LRU wlan0 1500 0 332422 0 0 0 289305 566 0 0 BMRU sjw@sjw-HP-Mini-110-3500:~$
==============================================================
5) 프로토콜별 네트워크 통계 정보 확인하기 : -s 옵션 - 프로토콜별로 네트워크 통계 정보를 확인하려면 '-s' 옵션을 사용 - IP 프로토콜, ICMP 프로토콜, TCP 프로토콜별로 통계 정보를 출력 ============================================================== sjw@sjw-HP-Mini-110-3500:~$ netstat -s Ip: 365154 total packets received 0 forwarded 0 incoming packets discarded 365131 incoming packets delivered 322901 requests sent out 24 outgoing packets dropped 1246 dropped because of missing route Icmp: 437 ICMP messages received 3 input ICMP message failed. ICMP input histogram: destination unreachable: 89 timeout in transit: 173 echo requests: 85 echo replies: 90 1014 ICMP messages sent 0 ICMP messages failed ICMP output histogram: destination unreachable: 812 echo request: 117 echo replies: 85 IcmpMsg: InType0: 90 InType3: 89 InType8: 85 InType11: 173 OutType0: 85 OutType3: 812 OutType8: 117 Tcp: 15844 active connections openings 2 passive connection openings 54 failed connection attempts 197 connection resets received 1 connections established 315063 segments received 271060 segments send out 473 segments retransmited 3472 bad segments received. 1262 resets sent Udp: 48473 packets received 812 packets to unknown port received. 0 packet receive errors 49873 packets sent UdpLite: TcpExt: 6688 TCP sockets finished time wait in fast timer 15 packets rejects in established connections because of timestamp 2416 delayed acks sent Quick ack mode was activated 2032 times 5 packets directly queued to recvmsg prequeue. 5342 bytes directly received in process context from prequeue 186196 packet headers predicted 2 packets header predicted and directly queued to user 29301 acknowledgments not containing data payload received 4970 predicted acknowledgments 1 times recovered from packet loss due to fast retransmit 2 times recovered from packet loss by selective acknowledgements 6 congestion windows recovered without slow start by DSACK 351 congestion windows recovered without slow start after partial ack 2 timeouts after SACK recovery 8 timeouts in loss state 3 fast retransmits 21 retransmits in slow start 500 other TCP timeouts TCPLossProbes: 603 TCPLossProbeRecovery: 133 1855 DSACKs sent for old packets 5 DSACKs sent for out of order packets 343 DSACKs received 565 connections reset due to unexpected data 10 connections reset due to early user close 9 connections aborted due to timeout 6 times unabled to send RST due to no memory TCPDSACKIgnoredNoUndo: 80 TCPSpuriousRTOs: 110 TCPSackShiftFallback: 8 IPReversePathFilter: 15 TCPRetransFail: 275 TCPRcvCoalesce: 83551 TCPOFOQueue: 16892 TCPOFOMerge: 5 TCPChallengeACK: 3484 TCPSYNChallenge: 3472 TCPSpuriousRtxHostQueues: 445 IpExt: InNoRoutes: 8 InMcastPkts: 47 OutMcastPkts: 67 InBcastPkts: 204 InOctets: 355514162 OutOctets: 35037307 InMcastOctets: 6972 OutMcastOctets: 7772 InBcastOctets: 32294 InNoECTPkts: 365154 sjw@sjw-HP-Mini-110-3500:~$ ==============================================================
|