[네트워크] netstat -l -s 에 대하여..
netstat 에 -l 옵션, -s 옵션이 있습니다.
——————————————————————-
-l, –listening display listening server sockets
-s, –statistics display networking statistics (like SNMP)
——————————————————————-
mri.tt.co.kr 에서 netstat -l 옵션을 써볼까요…(-n 은 numeric option
입니다.)
[root@mr1 /root]# netstat -ln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
udp 0 0 0.0.0.0:514 0.0.0.0:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 1229 /tmp/mysql.sock
udp 로 514번 port 가 열려(?) 있습니다. (사실 열려있는 건 아니고, udp
라서 비연결 접속… 잘 모르겠습니다.)
(udp 514번은 syslog, tcp 873번은 rsync 네요. 587번은 모르겠군요.)
www56번은 이렇게 나옵니다.
[root@www56 /root]# netstat -ln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:7005 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:7772 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:7020 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:7777 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:7500 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:4050 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:10101 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:4321 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:54321 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:12345 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:1234 0.0.0.0:* LISTEN
udp 0 0 0.0.0.0:161 0.0.0.0:*
udp 0 0 0.0.0.0:514 0.0.0.0:*
raw 0 0 0.0.0.0:1 0.0.0.0:* 7
raw 0 0 0.0.0.0:6 0.0.0.0:* 7
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 0 [ ACC ] STREAM LISTENING 1240177 /tmp/mysql.sock
udp 161번 syslog 가 있습니다. 역시 udp 라서 nmap 일반 옵션으로는 나타
나지 않고, -sU 옵션을 주면 가능한데 상당한 시간이 걸린답니다.
netstat -s 옵션은 그냥 이런저런 통계를 보여줍니다.
SYN 관련된 통계도 나타나네요. Syn flooding 을 많이 받은 www9 번은 이
렇게 나오는군요.
TcpExt:
122900 SYN cookies sent
115 SYN cookies received
191862 invalid SYN cookies received
36258 resets received for embryonic SYN_RECV sockets
7887 packets pruned from receive queue because of socket buffer
overrun
83476 packets dropped from out-of-order queue because of socket
buffer overrun
128 ICMP packets dropped because they were out-of-window
783 ICMP packets dropped because socket was locked
참고하세요.