LabVIEW基于Netstat列出活动的网络连接2

简介: LabVIEW基于Netstat列出活动的网络连接

LabVIEW基于Netstat列出活动的网络连接1:https://developer.aliyun.com/article/1505741

Eachline represents a either the sending or receiving half of a connection. In theabove output on morgan it appears that there are noconnections other than TCP connections. If you are very familiar with TCP portsand the service associated with that port, then the first format will sufficein most cases. A possibly misleading aspect of the latter output is visible inthe connections to and from localhost and the final line. netstat abbreviates the IPendpoint in order to reproduce the entire string retrieved from the port lookup(in /etc/services).Also interestingly, this line conveys to us (in the first output) that thekernel is waiting for the remote endpoint to acknowledge the 192 bytes whichare still in the Send-Q buffer.


Thefirst line describes a TCP connection to the IP locally hosted on morgan'sEthernet interface. The connection was initiated from an ephemeral port (40991)on tristan toa service running on port 22. The service normally running on this well-knownport is sshd, so we can conclude that somebody on tristan hasconnected to the morgan's ssh server. The second linedescribes a TCP session open to port 993 on isolde, which probably means that the useron morgan hasan open connection to an IMAP over SSL server.


Thethird through the sixth lines can be understood in pairs. By examining thesource and destination IP and port pairs, we can see that two different TCPsessions have been established with the source and destination address of127.0.0.1. For an administrator to publish services on localhost is not at alluncommon. This makes the service harder to abuse from the network. In thiscase, when we allow the service lookup, the port in question (6010) appears tobe used to tunnel forwarded X applications over ssh.


Thenext line is the first TCP session in our output which is not in a state ofESTABLISHED. Refer to Table G.1, “Possible Session States in netstat output” for a full list ofthe possible values of the State field in the netstat output. The stateSYN_SENT means that an application has made arequest for a TCP session, but hasnot yet received the return SYN+ACK packet.


Thefinal line of our netstatoutputshows a connection in the TIME_WAIT state, which means that the TCP sessions havebeen terminated, but the kernel is waiting for any packets which may still beleft on the network for this session. It is not at all abnormal for sockets tobe in a TIME_WAIT state for a short period of time after a TCP session hasended.


Ifwe needed to know exactly which application owned a particular networkconnection, we would use the -p |--program switchwhich gives us the PID and process name of the owner process. If we want to seethe unix user and the PID and process we'll add the -e | --extend switch.


Example G.12. DisplayingIP socket status details with netstat

[root@masq-gw]# netstat -p -e --inet --numeric-hosts
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode      PID/Program name   
tcp        0      0 192.168.100.254:ssh     192.168.100.17:49796    ESTABLISHED root       25453      6326/sshd
tcp        0    240 192.168.99.254:ssh      192.168.99.35:42948     ESTABLISHED root       171748     31535/sshd

Theredoesn't appear to be a large number of connections to and from the masq-gw host.The two sessions are initiated to the sshd running on port 22, and the processwhich owns each socket is a root process.


Table G.1. PossibleSession States in netstat output

image.png

G.4.2. Displaying the main routing table with netstat

One of the most common uses of netstat, especially incross-platform environments is the reporting of the main routing table. On manyplatforms, netstat -rn isthe preferred method of displaying routing information, although linux providesat least two alternatives to this: route and ip route show.


Example G.13. Displayingthe main routing table with netstat

[root@morgan]# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.98.0    0.0.0.0         255.255.255.0   U        40 0          0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U        40 0          0 lo
0.0.0.0         192.168.98.254  0.0.0.0         UG       40 0          0 eth0

Thisoutput should look familiar. The routing cache itself may not be as familiar tomost, but can also be displayed with netstat. The ouput below is exactly the same as theouput from route -enC.Refer also to Example D.3, “Viewing the routing cache with route”.


Example G.14. Displayingthe routing cache with netstat

[root@tristan]# netstat -rnC
Kernel IP routing cache
Source          Destination     Gateway         Flags   MSS Window  irtt Iface
194.52.197.133  192.168.99.35   192.168.99.35     l      40 0          0 lo
192.168.99.35   194.52.197.133  192.168.99.254         1500 0         29 eth0
192.168.99.35   192.168.99.254  192.168.99.254         1500 0          0 eth0
192.168.99.254  192.168.99.35   192.168.99.35     il     40 0          0 lo
192.168.99.35   192.168.99.35   192.168.99.35     l   16436 0          0 lo
192.168.99.35   194.52.197.133  192.168.99.254         1500 0          0 eth0
192.168.99.35   192.168.99.254  192.168.99.254         1500 0          0 eth0

Consult Section D.1.1,“Displaying the routing table with route” formore detail on reading and interpreting the data in this output. Because thisis simply another way of reporting the routing table information, we'll skipover any detailed description.


G.4.3. Displaying network interface statisticswith netstat command

netstat -i summarizes interface statistics in a terse format. Thisformat

OK!This is strange. netstat -ie looksexactly like ifconfig output.That's weird!

G.4.4. Displaying network stack statistics with netstat

G.4.5. Displayingthe masquerading table with netstat

For machines which performmasquerading, typically dual-homed packet-filtering firewalls like masq-gw atool to list the current state of the masquerading table is convenient.


Eachmasqueraded connection can be described by a tuple of six pieces of data: thesource IP and source port, the destination IP and destination port, and the(usually implicit) locally hosted IP and a local port.


Example G.15. Displayingthe masquerading table with netstat

[root@masq-gw]# netstat -Mn

FIXME;this command seems to fail on all of the iptables boxen, even if I'm usingthe -j MASQUERADE target. I can use it successfully on ipchainsboxen. Anybody have any ideas or explanation here?


[60] Additionally, netstat can display multicastinformation with the --group switch. I have zero experience here.Anybody with experience want to write about this?


需要说明的是,上述的例程和文档,都是可以下载的,双击即可打开,其中压缩文件是可以采用粘贴复制的方式,拷贝到硬盘上。这不是图片,各位小伙伴看到后尝试一下,这个问题就不用加微信咨询了。有关LabVIEW编程、LabVIEW开发等相关项目,可联系们。附件中的资料这里无法上传,可去公司网站搜索下载。

相关文章
|
2月前
|
运维 监控 网络协议
|
6月前
|
监控 网络协议 Ubuntu
netstat,Linux 下的网络状态监控工具
Netstat 是 Linux 系统中的强大网络分析工具,用于查看网络配置和活动,如端口监听、网络连接和路由信息。通过基本命令 `netstat [options]` 可实现多种操作,例如 `-a` 显示所有端口,`-l` 显示监听端口,`-s` 展示协议统计信息。结合 `-p` 选项可查看占用端口的进程,而监控网络连接状态则可用 `-nt` 加 `grep ESTABLISHED` 查看已建立的连接。要深入了解和使用更多功能,可查阅 `man netstat`。
185 0
|
5月前
|
运维 算法 Java
开发与运维命令问题之ss命令和netstat命令区别如何解决
开发与运维命令问题之ss命令和netstat命令区别如何解决
43 4
|
7月前
|
网络协议
LabVIEW中如何在网络上使用远程VI服务器
LabVIEW中如何在网络上使用远程VI服务器
90 2
|
7月前
|
网络协议 测试技术
LabVIEW开发TCP网络通讯程序2
LabVIEW开发TCP网络通讯程序2
42 2
|
7月前
|
XML JSON 网络协议
LabVIEW开发TCP网络通讯程序3
LabVIEW开发TCP网络通讯程序3
46 1
|
7月前
|
网络协议
LabVIEW开发TCP网络通讯程序1
LabVIEW开发TCP网络通讯程序1
70 1
|
7月前
|
网络协议 Unix
LabVIEW基于Netstat列出活动的网络连接1
LabVIEW基于Netstat列出活动的网络连接
45 1
|
7月前
|
机器学习/深度学习 传感器 芯片
LabVIEW利用人工神经网络辅助进行结冰检测
LabVIEW利用人工神经网络辅助进行结冰检测
47 0
|
7月前
|
监控 网络安全
LabVIEW开发干扰对无线网络基础设施进行隐蔽影响测试
LabVIEW开发干扰对无线网络基础设施进行隐蔽影响测试
53 0