Linux 流量分析的命令

唔,直接做成一个 alias 吧

适用于 RHEL:
列出所有 ESTABLISHED 状态的连接
netstat -nta | fgrep "ESTABLISHED" | cut -b 49-75 | cut -d ':' -f1 | sort | uniq -c | sort -n -r --key=1,7 | head -25

列出所有连接状态的统计
netstat -nta | fgrep ":" | cut -b 77-90 | sort | uniq -c

适用于 Debian:
列出所有 ESTABLISHED 状态的连接
netstat -nta | fgrep "ESTABLISHED" | cut -b 45-75 | cut -d ':' -f1 | sort | uniq -c | sort -n -r --key=1,7 | head -25

列出所有连接状态的统计
netstat -nta | fgrep ":" | cut -b 69-90 | sort | uniq -c

列出所有 ESTABLISHED 状态的连接对 IPv6 不友好

=======

2010-10-27 更新

郑童鞋说,可以用 awk 来代替,这样以来,对于列出已经 ESTABLISHED 的连接,可以用命令


netstat -nta | fgrep "ESTABLISHED" | awk '$6=="ESTABLISHED"{print $4}' | sort | uniq -c | sort -n -r --key=1,7 | head -25

9 Comments

  1. lidaof

    $ netstat -nta | fgrep “:” | cut -b 77-90 | sort | uniq -c
    sort: sort.c:701:inittables_mb: 断言“mblength != (size_t)-1 && mblength != (size_t)-2”失败。
    $ netstat -nta | fgrep “ESTABLISHED” | cut -b 49-75 | cut -d ‘:’ -f1 | sort | uniq -c | sort -n -r –key=1,7 | head -25
    sort: sort.c:701:inittables_mb: 断言“mblength != (size_t)-1 && mblength != (size_t)-2”失败。
    sort: sort.c:701:inittables_mb: 断言“mblength != (size_t)-1 && mblength != (size_t)-2”失败。

    5555

Leave a Reply

Your email address will not be published. Required fields are marked *