목차원문 : Linux networking : 13uses for netstat 최초로 리눅스 시스템을 사용한 1998년부터 netstat을 사용하였다. 20년 이상 된 툴이지만 대부분의 리눅스 배포판에 기본적으로 설치되어 있고 어떤 환경에서도 실행이 가능하기 때문에 지금도 사용하고 있다.netstat은 network statistics의 줄임말이다. 용어대로 네트워크 상태를 모니터링 하기 위한 도구로 사용한다. 송수신 연결 정보, 라우팅 테이블, 송수신 포트, 패킷 통계 모니터링이 일반적인 용도이다. netstat의 기본적인 사용법과 유용한 사례를 살펴보자.1. 모든 listening Port Listening Port List 모든 TCP, UDP listing Port List를 출력한다.

netstat – a

netstat -aActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address Statetcp 0 0 0.0.0.0:nfs 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:43973 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:40723 0.0.0.0:* LISTENtcp 0 0 yundream:domain 0.0.0.0:* LISTENtcp 0 0 localhost:domain 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTENtcp 0 0 localhost:ipp 0.0.0.0:* LISTENtcp 0 0 localhost:postgresql 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:42399 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:55519 0.0.0.0:* LISTENudp 0 0 0.0.0.0:53116 0.0.0.0:udp 0 0 0.0.0.0:53627 0.0.0.0:udp 0 0 0.0.0.0:mdns 0.0.0.0:udp 0 0 localhost:58071 localhost:58071 ESTABLISHEDudp 0 0 localhost:domain 0.0.0.0:Active UNIX domain sockets (servers and established)Proto RefCnt Flags Type State I-Node Pathunix 2 [ ACC ] STREAM LISTENING 54333 @/tmp/.ICE-unix/1693unix 2 [ ACC ] SEQPACKET LISTENING 3257 /run/udev/controlunix 2 [ ] DGRAM 43770 /run/user/1000/systemd/notifyunix 2 [ ACC ] STREAM LISTENING 43773 /run/user/1000/systemd/privateunix 2 [ ACC ] STREAM LISTENING 43778 /run/user/1000/busunix 3 [ ] DGRAM 3213 /run/systemd/notifyunix 2 [ ACC ] STREAM LISTENING 43779 /run/user/1000/gnupg / S . dirmngrunix 2 [ ACC ] STREAM LISTENING 43780 / run / user / 1000 / gnupg / S . gpg – agent . browserunix 2 [ ACC ] STREAM LISTENING 43781 / run / user / 1000 / gnupg / S . gpg – agent . extra

출력내용이 너무 길어서 일부 편집했다. TCP, UDP는 물론 Unix Domain Socket까지 출력한다. 전체 상황을 보기는 좋으나 더 많은 정보를 출력하기 때문에 보통 다른 조건을 추가하여 사용한다.2. TCP 포트 연결만이 출력-a 옵션은 정보를 너무 많이 출력한다. t옵션을 이용하여 TCP접속만 출력된다.

netstat -atActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address Statetcp 0 0 0.0.0.0:nfs 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:43973 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:40723 0.0.0.0:* LISTENtcp 0 0 yundream:domain 0.0.0.0:* LISTENtcp 0 0 localhost:domain 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTENtcp 0 0 localhost:ipp 0.0.0.0:* LISTENtcp 0 0 localhost:postgresql 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:42399 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:55519 0.0.0.0:* LISTENtcp6 0 0 [::]:nfs [::]:* LISTENtcp6 0 0 [::]:59533 [::]:* LISTENtcp6 0 0 [::]:sunrpc [::]:* LISTENtcp6 0 0 [::]:http [::]:* LISTENtcp6 0 0 [::]:1716 [::]:* LISTENtcp6 0 0 [::]:ssh [::]:* LISTENtcp6 0 0 ip6-localhost:ipp [::]:* LISTENtcp6 0 0 [::]:42551 [::]:* LISTENtcp 6 0 0 [ :: ] : https [ :: ] : * LISTEN

3. UDP 포트 연결만 출력-a 옵션 다음에 -u 옵션을 사용하면 된다.

netstat -auActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address Stateudp 0 0 0.0.0.0:53116 0.0.0.0:udp 0 0 0.0.0.0:53627 0.0.0.0:udp 0 0 0.0.0.0:mdns 0.0.0.0:udp 0 0 localhost:58071 localhost:58071 ESTABLISHEDudp 0 0 yundream:domain 0.0.0.0:udp 0 0 localhost:domain 0.0.0.0:udp 0 0 0.0.0.0:bootps 0.0.0.0:udp 0 0 yundream:bootpc _gateway:bootps ESTABLISHEDudp 0 0 0 . 0 . 0 . 0 : sunrpc 0 . 0 . 0 . 0 : * udp 0 0 0 . 0 . 0 . 0 : 33121 0 . 0 . 0 . 0 : * udp 0 0 0 . 0 . 0 . 0 : 631 0 . 0 . 0 . 0 : * udp 0 0 0 . 0 . 0 . 0 : nfs 0 . 0 . 0 . 0 : * udp 0 0 0 . 0 . 0 . 0 : 35347 0 . 0 . 0 . 0 : * udp 0 0 0 . 0 . 0 . 0 : 36175 0 . 0 . 0 . 0 : * udp 6 0 0 [ :: ] : 37030 [ :: ] : * udp 6 0 0 [ :: ] : 37765 [ :: ] : * udp 6 0 0 [ :: ] : mdns [ :: ] : * udp 6 0 0 [ :: ] : 39771 [ :: ] : * udp 6 0 0 [ :: ] : 40839 [ :: ] : *

4. 모든 actively 리슨포트 출력

netstat -lActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address Statetcp 0 0 0.0.0.0:nfs 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:43973 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:40723 0.0.0.0:* LISTENtcp 0 0 yundream:domain 0.0.0.0:* LISTENtcp 0 0 localhost:domain 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTENtcp 0 0 localhost:ipp 0.0.0.0:* LISTENtcp 0 0 localhost:postgresql 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:42399 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:55519 0.0.0.0:* LISTENtcp6 0 0 [::]:nfs [::]:* LISTENtcp6 0 0 [::]:59533 [::]:* LISTENudp 0 0 0.0.0.0:53116 0.0.0.0:udp 0 0 0.0.0.0:53627 0.0.0.0:udp 0 0 0.0.0.0:mdns 0.0.0.0:udp 0 0 yundream:domain 0.0.0.0:udp 0 0 localhost:domain 0.0.0.0:udp 0 0 0.0.0.0:bootps 0.0.0.0:udp 0 0 0.0.0.0:sunrpc 0.0.0.0:*Active UNIX domain sockets (only servers)Proto RefCnt Flags Type State I-Node Pathunix 2 [ ACC ] STREAM LISTENING 54333 @/tmp/.ICE-unix/1693unix 2 [ ACC ] SEQPACKET LISTENING 3257 /run/udev/controlunix 2 [ ACC ] STREAM LISTENING 43773 /run/user/1000/systemd/privateunix 2 [ ACC ] STREAM LISTENING 43778 /run/user/1000/busunix 2 [ ACC ] STREAM LISTENING 43779 /run/user/1000/gnupg/S.dirmngrunix 2 [ ACC ] STREAM LISTENING 43780 / run / user / 1000 / gnupg / S . gpg – agent . browser

내용이 너무 길어서 일부 편집했어. t, -u 옵션을 이용하여 원하는 프로토콜만 출력할 수 있다.5. TCP 리슨 포트만 출력

netstat – ltActive Internet connections

netstat – a

netstat -aActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address Statetcp 0 0 0.0.0.0:nfs 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:43973 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:40723 0.0.0.0:* LISTENtcp 0 0 yundream:domain 0.0.0.0:* LISTENtcp 0 0 localhost:domain 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTENtcp 0 0 localhost:ipp 0.0.0.0:* LISTENtcp 0 0 localhost:postgresql 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:42399 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:55519 0.0.0.0:* LISTENudp 0 0 0.0.0.0:53116 0.0.0.0:udp 0 0 0.0.0.0:53627 0.0.0.0:udp 0 0 0.0.0.0:mdns 0.0.0.0:udp 0 0 localhost:58071 localhost:58071 ESTABLISHEDudp 0 0 localhost:domain 0.0.0.0:Active UNIX domain sockets (servers and established)Proto RefCnt Flags Type State I-Node Pathunix 2 [ ACC ] STREAM LISTENING 54333 @/tmp/.ICE-unix/1693unix 2 [ ACC ] SEQPACKET LISTENING 3257 /run/udev/controlunix 2 [ ] DGRAM 43770 /run/user/1000/systemd/notifyunix 2 [ ACC ] STREAM LISTENING 43773 /run/user/1000/systemd/privateunix 2 [ ACC ] STREAM LISTENING 43778 /run/user/1000/busunix 3 [ ] DGRAM 3213 /run/systemd/notifyunix 2 [ ACC ] STREAM LISTENING 43779 /run/user/1000/gnupg / S . dirmngrunix 2 [ ACC ] STREAM LISTENING 43780 / run / user / 1000 / gnupg / S . gpg – agent . browserunix 2 [ ACC ] STREAM LISTENING 43781 / run / user / 1000 / gnupg / S . gpg – agent . extra

netstat -atActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address Statetcp 0 0 0.0.0.0:nfs 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:43973 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:40723 0.0.0.0:* LISTENtcp 0 0 yundream:domain 0.0.0.0:* LISTENtcp 0 0 localhost:domain 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTENtcp 0 0 localhost:ipp 0.0.0.0:* LISTENtcp 0 0 localhost:postgresql 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:42399 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:55519 0.0.0.0:* LISTENtcp6 0 0 [::]:nfs [::]:* LISTENtcp6 0 0 [::]:59533 [::]:* LISTENtcp6 0 0 [::]:sunrpc [::]:* LISTENtcp6 0 0 [::]:http [::]:* LISTENtcp6 0 0 [::]:1716 [::]:* LISTENtcp6 0 0 [::]:ssh [::]:* LISTENtcp6 0 0 ip6-localhost:ipp [::]:* LISTENtcp6 0 0 [::]:42551 [::]:* LISTENtcp 6 0 0 [ :: ] : https [ :: ] : * LISTEN

3. UDP 포트 연결만 출력-a 옵션 다음에 -u 옵션을 사용하면 된다.

netstat -auActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address Stateudp 0 0 0.0.0.0:53116 0.0.0.0:udp 0 0 0.0.0.0:53627 0.0.0.0:udp 0 0 0.0.0.0:mdns 0.0.0.0:udp 0 0 localhost:58071 localhost:58071 ESTABLISHEDudp 0 0 yundream:domain 0.0.0.0:udp 0 0 localhost:domain 0.0.0.0:udp 0 0 0.0.0.0:bootps 0.0.0.0:udp 0 0 yundream:bootpc _gateway:bootps ESTABLISHEDudp 0 0 0 . 0 . 0 . 0 : sunrpc 0 . 0 . 0 . 0 : * udp 0 0 0 . 0 . 0 . 0 : 33121 0 . 0 . 0 . 0 : * udp 0 0 0 . 0 . 0 . 0 : 631 0 . 0 . 0 . 0 : * udp 0 0 0 . 0 . 0 . 0 : nfs 0 . 0 . 0 . 0 : * udp 0 0 0 . 0 . 0 . 0 : 35347 0 . 0 . 0 . 0 : * udp 0 0 0 . 0 . 0 . 0 : 36175 0 . 0 . 0 . 0 : * udp 6 0 0 [ :: ] : 37030 [ :: ] : * udp 6 0 0 [ :: ] : 37765 [ :: ] : * udp 6 0 0 [ :: ] : mdns [ :: ] : * udp 6 0 0 [ :: ] : 39771 [ :: ] : * udp 6 0 0 [ :: ] : 40839 [ :: ] : *

4. 모든 actively 리슨포트 출력

netstat -lActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address Statetcp 0 0 0.0.0.0:nfs 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:43973 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:40723 0.0.0.0:* LISTENtcp 0 0 yundream:domain 0.0.0.0:* LISTENtcp 0 0 localhost:domain 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTENtcp 0 0 localhost:ipp 0.0.0.0:* LISTENtcp 0 0 localhost:postgresql 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:42399 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:55519 0.0.0.0:* LISTENtcp6 0 0 [::]:nfs [::]:* LISTENtcp6 0 0 [::]:59533 [::]:* LISTENudp 0 0 0.0.0.0:53116 0.0.0.0:udp 0 0 0.0.0.0:53627 0.0.0.0:udp 0 0 0.0.0.0:mdns 0.0.0.0:udp 0 0 yundream:domain 0.0.0.0:udp 0 0 localhost:domain 0.0.0.0:udp 0 0 0.0.0.0:bootps 0.0.0.0:udp 0 0 0.0.0.0:sunrpc 0.0.0.0:*Active UNIX domain sockets (only servers)Proto RefCnt Flags Type State I-Node Pathunix 2 [ ACC ] STREAM LISTENING 54333 @/tmp/.ICE-unix/1693unix 2 [ ACC ] SEQPACKET LISTENING 3257 /run/udev/controlunix 2 [ ACC ] STREAM LISTENING 43773 /run/user/1000/systemd/privateunix 2 [ ACC ] STREAM LISTENING 43778 /run/user/1000/busunix 2 [ ACC ] STREAM LISTENING 43779 /run/user/1000/gnupg/S.dirmngrunix 2 [ ACC ] STREAM LISTENING 43780 / run / user / 1000 / gnupg / S . gpg – agent . browser

내용이 너무 길어서 일부 편집했어. t, -u 옵션을 이용하여 원하는 프로토콜만 출력할 수 있다.5. TCP 리슨 포트만 출력

netstat – ltActive Internet connections