查询套接字信息

# -l 只显示监听套接字
# -n 显示地址和端口
# -p 显示进程信息
$ netstat -nlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:8028            0.0.0.0:*               LISTEN      343570/java         
tcp        0      0 0.0.0.0:8030            0.0.0.0:*               LISTEN      443862/java         
tcp        0      0 0.0.0.0:8031            0.0.0.0:*               LISTEN      443864/java         
tcp        0      0 0.0.0.0:8032            0.0.0.0:*               LISTEN      443868/java         
tcp        0      0 0.0.0.0:10050           0.0.0.0:*               LISTEN      1440/zabbix_agentd  
tcp        0      0 127.0.0.1:8005          0.0.0.0:*               LISTEN      910064/java

# -l 显示监听套接字
# -t 显示TCP套接字
# -n 显示地址和端口
# -p 显示进程信息
$ ss -ltnp
State      Recv-Q Send-Q                                                          Local Address:Port                                                                         Peer Address:Port              
LISTEN     0      100                                                                         *:8028                                                                                    *:*                   users:(("java",pid=343570,fd=97))
LISTEN     0      100                                                                         *:8030                                                                                    *:*                   users:(("java",pid=443862,fd=202))
LISTEN     0      100                                                                         *:8031                                                                                    *:*                   users:(("java",pid=443864,fd=203))
LISTEN     0      100                                                                         *:8032                                                                                    *:*                   users:(("java",pid=443868,fd=35))

这些指标中，主要关注：

• State，套接字的状态；
• Recv-Q，接收队列；
• Send-Q，发送队列；
• Local Addredd:Port，本地地址端口；
• Peer Address:Port，远程地址端口；
• pid，进程pid；

查看网络统计信息

# 每隔5秒输出一组数据
$ sar -n DEV 5
02:35:40 PM     IFACE   rxpck/s   txpck/s    rxkB/s    txkB/s   rxcmp/s   txcmp/s  rxmcst/s
02:35:50 PM      eth0    635.90    753.80    131.98    272.04      0.00      0.00      0.00
02:35:50 PM        lo     28.80     28.80      9.09      9.09      0.00      0.00      0.00
02:35:50 PM   docker0      0.00      0.00      0.00      0.00      0.00      0.00      0.00

这些指标中，主要关注：

• rxpck/s 与 txpck/s 表示接收和发送的数据包数量；
• rxkB/s 与 txkB/s 表示接收和发送的数据大小；

查询远程主机的联通性

# -c5表示发送5次包后停止
$ ping -c5 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.053 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.037 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.068 ms
64 bytes from 127.0.0.1: icmp_seq=4 ttl=64 time=0.027 ms
64 bytes from 127.0.0.1: icmp_seq=5 ttl=64 time=0.022 ms

--- 127.0.0.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4000ms
rtt min/avg/max/mdev = 0.022/0.041/0.068/0.017 m

这些指标中，主要关注：

• packets transmitted，发送了多少个网络数据包；
• received，接收到了多少个网络数据包的响应；
• rtt，往返时延统计；

使用tcpdump抓包

# -nn 表示不解析抓包中的域名、协议以及端口
# port 表示只显示指定端口（源端口号和目标端口号）的包
# host 表示只显示指定ip地址（源地址和目标地址）的包
# -w file.pcap 将抓包数据保存到文件中，导入wireshark分析
$ tcpdump -nn port 80 or host 127.0.0.1

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
15:22:07.447545 IP 45.195.243.75.49791 > 11.104.162.234.80: Flags [S], seq 2927125310, win 8192, options [mss 1424,nop,nop,sackOK], length 0
15:22:07.447578 IP 11.104.162.234.80 > 45.195.243.75.49791: Flags [S.], seq 2514974421, ack 2927125311, win 29200, options [mss 1460,nop,nop,sackOK], length 0
15:22:07.463852 IP 106.53.16.202.58801 > 11.104.162.234.80: Flags [S], seq 3214221967, win 14600, options [mss 1424,nop,nop,sackOK,nop,wscale 7], length 0
15:22:07.463888 IP 11.104.162.234.80 > 106.53.16.202.58801: Flags [S.], seq 2489797702, ack 3214221968, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
15:22:07.464344 IP 106.53.16.202.58801 > 11.104.162.234.80: Flags [.], ack 1, win 115, length 0
15:22:07.464384 IP 106.53.16.202.58801 > 11.104.162.234.80: Flags [P.], seq 1:91, ack 1, win 115, length 90: HTTP: GET / HTTP/1.1
15:22:07.464396 IP 11.104.162.234.80 > 106.53.16.202.58801: Flags [.], ack 91, win 229, length 0
15:22:07.464507 IP 11.104.162.234.80 > 106.53.16.202.58801: Flags [.], seq 1:5697, ack 91, win 229, length 5696: HTTP: HTTP/1.1 200 OK
15:22:07.464556 IP 11.104.162.234.80 > 106.53.16.202.58801: Flags [FP.], seq 5697:5841, ack 91, win 229, length 144: HTTP
15:22:07.464967 IP 106.53.16.202.58801 > 11.104.162.234.80: Flags [.], ack 1425, win 137, length 0
15:22:07.464977 IP 106.53.16.202.58801 > 11.104.162.234.80: Flags [R.], seq 91, ack 1425, win 137, length 0
15:22:07.465016 IP 169.254.212.207.58801 > 11.104.162.234.80: Flags [R], seq 3214222058, win 0, length 0
15:22:07.465029 IP 169.254.212.207.58801 > 11.104.162.234.80: Flags [R], seq 3214222058, win 0, length 0
15:22:07.465032 IP 169.254.212.207.58801 > 11.104.162.234.80: Flags [R], seq 3214222058, win 0, length 0
15:22:07.465035 IP 169.254.212.207.58801 > 11.104.162.234.80: Flags [R], seq 3214222058, win 0, length 0

这些数据包的格式为：时间戳 协议 源地址.源端口号 > 目标地址.目标端口号 网络包信息

总结

以上便是查询Linux网络使用情况常用的命令，在此记录一下方便以后查看。