LabVIEW基于Netstat列出活动的网络连接1:https://developer.aliyun.com/article/1505741
Eachline represents a either the sending or receiving half of a connection. In theabove output on morgan it appears that there are noconnections other than TCP connections. If you are very familiar with TCP portsand the service associated with that port, then the first format will sufficein most cases. A possibly misleading aspect of the latter output is visible inthe connections to and from localhost and the final line. netstat abbreviates the IPendpoint in order to reproduce the entire string retrieved from the port lookup(in /etc/services).Also interestingly, this line conveys to us (in the first output) that thekernel is waiting for the remote endpoint to acknowledge the 192 bytes whichare still in the Send-Q buffer.
Thefirst line describes a TCP connection to the IP locally hosted on morgan'sEthernet interface. The connection was initiated from an ephemeral port (40991)on tristan toa service running on port 22. The service normally running on this well-knownport is sshd, so we can conclude that somebody on tristan hasconnected to the morgan's ssh server. The second linedescribes a TCP session open to port 993 on isolde, which probably means that the useron morgan hasan open connection to an IMAP over SSL server.
Thethird through the sixth lines can be understood in pairs. By examining thesource and destination IP and port pairs, we can see that two different TCPsessions have been established with the source and destination address of127.0.0.1. For an administrator to publish services on localhost is not at alluncommon. This makes the service harder to abuse from the network. In thiscase, when we allow the service lookup, the port in question (6010) appears tobe used to tunnel forwarded X applications over ssh.
Thenext line is the first TCP session in our output which is not in a state ofESTABLISHED. Refer to Table G.1, “Possible Session States in netstat output” for a full list ofthe possible values of the State field in the netstat output. The stateSYN_SENT means that an application has made arequest for a TCP session, but hasnot yet received the return SYN+ACK packet.
Thefinal line of our netstatoutputshows a connection in the TIME_WAIT state, which means that the TCP sessions havebeen terminated, but the kernel is waiting for any packets which may still beleft on the network for this session. It is not at all abnormal for sockets tobe in a TIME_WAIT state for a short period of time after a TCP session hasended.
Ifwe needed to know exactly which application owned a particular networkconnection, we would use the -p |--program switchwhich gives us the PID and process name of the owner process. If we want to seethe unix user and the PID and process we'll add the -e | --extend switch.
Example G.12. DisplayingIP socket status details with netstat
[root@masq-gw]# netstat -p -e --inet --numeric-hosts
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 192.168.100.254:ssh 192.168.100.17:49796 ESTABLISHED root 25453 6326/sshd
tcp 0 240 192.168.99.254:ssh 192.168.99.35:42948 ESTABLISHED root 171748 31535/sshd
Theredoesn't appear to be a large number of connections to and from the masq-gw host.The two sessions are initiated to the sshd running on port 22, and the processwhich owns each socket is a root process.
Table G.1. PossibleSession States in netstat output
G.4.2. Displaying the main routing table with netstat
One of the most common uses of netstat, especially incross-platform environments is the reporting of the main routing table. On manyplatforms, netstat -rn isthe preferred method of displaying routing information, although linux providesat least two alternatives to this: route and ip route show.
Example G.13. Displayingthe main routing table with netstat
[root@morgan]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.98.0 0.0.0.0 255.255.255.0 U 40 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo
0.0.0.0 192.168.98.254 0.0.0.0 UG 40 0 0 eth0
Thisoutput should look familiar. The routing cache itself may not be as familiar tomost, but can also be displayed with netstat. The ouput below is exactly the same as theouput from route -enC.Refer also to Example D.3, “Viewing the routing cache with route”.
Example G.14. Displayingthe routing cache with netstat
[root@tristan]# netstat -rnC
Kernel IP routing cache
Source Destination Gateway Flags MSS Window irtt Iface
194.52.197.133 192.168.99.35 192.168.99.35 l 40 0 0 lo
192.168.99.35 194.52.197.133 192.168.99.254 1500 0 29 eth0
192.168.99.35 192.168.99.254 192.168.99.254 1500 0 0 eth0
192.168.99.254 192.168.99.35 192.168.99.35 il 40 0 0 lo
192.168.99.35 192.168.99.35 192.168.99.35 l 16436 0 0 lo
192.168.99.35 194.52.197.133 192.168.99.254 1500 0 0 eth0
192.168.99.35 192.168.99.254 192.168.99.254 1500 0 0 eth0
Consult Section D.1.1,“Displaying the routing table with route” formore detail on reading and interpreting the data in this output. Because thisis simply another way of reporting the routing table information, we'll skipover any detailed description.
G.4.3. Displaying network interface statisticswith netstat command
netstat -i summarizes interface statistics in a terse format. Thisformat
OK!This is strange. netstat -ie looksexactly like ifconfig output.That's weird!
G.4.4. Displaying network stack statistics with netstat
G.4.5. Displayingthe masquerading table with netstat
For machines which performmasquerading, typically dual-homed packet-filtering firewalls like masq-gw atool to list the current state of the masquerading table is convenient.
Eachmasqueraded connection can be described by a tuple of six pieces of data: thesource IP and source port, the destination IP and destination port, and the(usually implicit) locally hosted IP and a local port.
Example G.15. Displayingthe masquerading table with netstat
[root@masq-gw]# netstat -Mn
FIXME;this command seems to fail on all of the iptables boxen, even if I'm usingthe -j MASQUERADE target. I can use it successfully on ipchainsboxen. Anybody have any ideas or explanation here?
[60] Additionally, netstat can display multicastinformation with the --group switch. I have zero experience here.Anybody with experience want to write about this?
需要说明的是,上述的例程和文档,都是可以下载的,双击即可打开,其中压缩文件是可以采用粘贴复制的方式,拷贝到硬盘上。这不是图片,各位小伙伴看到后尝试一下,这个问题就不用加微信咨询了。有关LabVIEW编程、LabVIEW开发等相关项目,可联系们。附件中的资料这里无法上传,可去公司网站搜索下载。