我如何解释“netstat -a” 输出
有些事情对我来说看起来很奇怪:
- 0.0.0.0、127.0.0.1 和 [::] 之间有什么区别?
- 国外地址的各部分应该如何解读(part1:part2)?
- Time_Wait、Close_Wait 状态是什么意思?
- ?
有人可以快速概述一下如何解释这些结果吗
Some things look strange to me:
- What is the distinction between 0.0.0.0, 127.0.0.1, and [::]?
- How should each part of the foreign address be read (part1:part2)?
- What does a state Time_Wait, Close_Wait mean?
- etc.
Could someone give a quick overview of how to interpret these results?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(7)
我知道答案已被接受,但这里有一些附加信息:
0.0.0.0,则意味着该端口正在侦听所有“网络接口”(即您的计算机,您的调制解调器和网卡)。127.0.0.1,则表示该端口仅侦听来自您的 PC 本身的连接,而不是来自 Internet 或网络的连接。 那里没有危险。在线 IP,则表示该端口仅侦听来自 Internet 的连接。本地网络 IP,则表示该端口仅侦听来自本地网络的连接。I understand the answer has been accepted but here is some additional information:
0.0.0.0on the Local Address column, it means that port is listening on all 'network interfaces' (i.e. your computer, your modem(s) and your network card(s)).127.0.0.1on the Local Address column, it means that port is ONLY listening for connections from your PC itself, not from the Internet or network. No danger there.online IPon the Local Address column, it means that port is ONLY listening for connections from the Internet.local network IPon the Local Address column, it means that port is ONLY listening for connections from the local network.0.0.0.0通常指的是在所有接口上监听的东西。
127.0.0.1 = localhost(仅您的本地接口)
我不确定 [::]
TIME_WAIT 意味着双方都同意关闭并且 TCP
现在必须等待规定的时间才能进行连接
向下。
CLOSE_WAIT表示远程系统已完成发送
而你的系统还没有说它已经完成。
0.0.0.0 usually refers to stuff listening on all interfaces.
127.0.0.1 = localhost (only your local interface)
I'm not sure about [::]
TIME_WAIT means both sides have agreed to close and TCP
must now wait a prescribed time before taking the connection
down.
CLOSE_WAIT means the remote system has finished sending
and your system has yet to say it's finished.
0.0.0.0、127.0.0.1 和 [::] 之间有什么区别?
国外地址的各部分应该如何解读(part1:part2)?
What is the distinction between 0.0.0.0, 127.0.0.1, and [::]?
How should each part of the foreign address be read (part1:part2)?
127.0.0.1 是您的环回地址,如果在 HOSTS 文件中设置,也称为“localhost”。 请参阅此处了解更多信息:http://en.wikipedia.org/wiki/Localhost
0.0。 0.0.0 表示应用程序已使用特定端口绑定到所有 IP 地址。 MS 信息位于:http://support.microsoft.com/default .aspx?scid=kb;en-us;175952
'::' 是 ipv4 0.0.0.0 的 ipv6 简写。
127.0.0.1 is your loopback address also known as 'localhost' if set in your HOSTS file. See here for more info: http://en.wikipedia.org/wiki/Localhost
0.0.0.0 means that an app has bound to all ip addresses using a specific port. MS info here: http://support.microsoft.com/default.aspx?scid=kb;en-us;175952
'::' is ipv6 shorthand for ipv4 0.0.0.0.
Send-Q 是应用程序发送但尚未被套接字另一端确认的数据量。
Recv-Q 是从 NIC 接收但尚未被应用程序消耗的数据量。
这两个队列都驻留在内核内存中。
如果您愿意,可以使用指南来帮助您调整这些内核缓冲区。 尽管如此,您可能会发现默认参数效果很好。
Send-Q is the amount of data sent by the application, but not yet acknowledged by the other side of the socket.
Recv-Q is the amount of data received from the NIC, but not yet consumed by the application.
Both of these queues reside in kernel memory.
There are guides to help you tweak these kernel buffers, if you are so inclined. Although, you may find the default params do quite well.
此链接帮助我解释 netstat -a
那里的副本 -
TCP 连接状态以下是对这次握手的简要解释。 在这种情况下,“客户端”是请求连接的对等体,“服务器”是接受连接的对等体。 请注意,此表示法并不将客户端/服务器关系反映为体系结构主体。
连接建立
客户端向服务器发送包含服务器端口和客户端初始序列号 (ISN) 的 SYN 消息(主动打开)。
服务器发回自己的 SYN 和 ACK(由客户端的 ISN + 1 组成)。
客户端发送 ACK(由服务器的 ISN + 1 组成)。
连接拆除(修改的三向握手)。
客户端发送 FIN(主动关闭)。 现在这是一个半关闭的连接。 客户端不再发送数据,但仍然能够从服务器接收数据。 收到此 FIN 后,服务器进入被动关闭状态。
服务器发送 ACK(这是客户端 FIN 序列 + 1)
服务器发送自己的 FIN。
客户端发送 ACK(服务器的 FIN 序列 + 1)。 收到此 ACK 后,服务器将关闭连接。
半关闭连接可用于在继续接收数据的同时终止发送数据。 套接字应用程序可以调用 shutdown 并将第二个参数设置为 1 来进入此状态。
说明如 Netstat 中所示:
状态说明
SYN_SEND表示主动打开。SYN_RECEIVED服务器刚刚从客户端收到 SYN。ESTABLISHED客户端收到服务器的 SYN,会话建立。LISTEN服务器已准备好接受连接。注意:请参阅有关listen()套接字调用的文档。 处于侦听状态的 TCP 套接字不会显示 - 这是 NETSTAT 的限制。 有关其他信息,请参阅 Microsoft 知识库中的以下文章:
134404 NETSTAT.EXE 不显示 TCP 侦听套接字
FIN_WAIT_1 表示主动关闭。
TIMED_WAIT客户端在主动关闭后进入此状态。CLOSE_WAIT表示被动关闭。 服务器刚刚收到来自客户端的第一个 FIN。FIN_WAIT_2客户端刚刚从服务器收到第一个 FIN 的确认。LAST_ACK服务器在发送自己的 FIN 时就处于此状态。CLOSED服务器收到客户端的 ACK,连接关闭。This link has helped me a lot to interpret netstat -a
A copy from there -
TCP Connection StatesFollowing is a brief explanation of this handshake. In this context the "client" is the peer requesting a connection and the "server" is the peer accepting a connection. Note that this notation does not reflect Client/Server relationships as an architectural principal.
Connection Establishment
The client sends a SYN message which contains the server's port and the client's Initial Sequence Number (ISN) to the server (active open).
The server sends back its own SYN and ACK (which consists of the client's ISN + 1).
The Client sends an ACK (which consists of the server's ISN + 1).
Connection Tear-down (modified three way handshake).
The client sends a FIN (active close). This is a now a half-closed connection. The client no longer sends data, but is still able to receive data from the server. Upon receiving this FIN, the server enters a passive close state.
The server sends an ACK (which is the clients FIN sequence + 1)
The server sends its own FIN.
The client sends an ACK (which is server's FIN sequence + 1). Upon receiving this ACK, the server closes the connection.
A half-closed connection can be used to terminate sending data while sill receiving data. Socket applications can call shutdown with the second argument set to 1 to enter this state.
State explanations as shown in Netstat:
State Explanation
SYN_SENDIndicates active open.SYN_RECEIVEDServer just received SYN from the client.ESTABLISHEDClient received server's SYN and session is established.LISTENServer is ready to accept connection.NOTE: See documentation for listen() socket call. TCP sockets in listening state are not shown - this is a limitation of NETSTAT. For additional information, please see the following article in the Microsoft Knowledge Base:
134404 NETSTAT.EXE Does Not Show TCP Listen Sockets
FIN_WAIT_1 Indicates active close.
TIMED_WAITClient enters this state after active close.CLOSE_WAITIndicates passive close. Server just received first FIN from a client.FIN_WAIT_2Client just received acknowledgment of its first FIN from the server.LAST_ACKServer is in this state when it sends its own FIN.CLOSEDServer received ACK from client and connection is closed.对于那些在 netstat 输出中看到 [::] 的人,我敢打赌您的计算机正在运行 IPv6; 这相当于 0.0.0.0,即监听任何 IPv6 地址。
For those seeing [::] in their netstat output, I'm betting your machine is running IPv6; that would be equivalent to 0.0.0.0, i.e. listen on any IPv6 address.