用 netstat 查看 TCP 網絡狀態詳解

1、Linux服務器上11種網絡鏈接狀態:
4036295646_eb2b2b957d
                                          圖:TCP的狀態機 java

一般狀況下:一個正常的TCP鏈接,都會有三個階段:一、TCP三次握手;二、數據傳送;三、TCP四次揮手 vim

注:如下說明最好能結合」圖:TCP的狀態機」來理解。 瀏覽器

SYN: (同步序列編號,Synchronize Sequence Numbers)該標誌僅在三次握手創建TCP鏈接時有效。表示一個新的TCP鏈接請求。 服務器

ACK: (確認編號,Acknowledgement Number)是對TCP請求的確認標誌,同時提示對端系統已經成功接收全部數據。 網絡

FIN: (結束標誌,FINish)用來結束一個TCP回話.但對應端口仍處於開放狀態,準備接收後續數據。 負載均衡

1)、LISTEN:首先服務端須要打開一個socket進行監聽,狀態爲LISTEN. /* The socket is listening for incoming connections. 偵聽來自遠方TCP端口的鏈接請求 */
2)、SYN_SENT:客戶端經過應用程序調用connect進行active open.因而客戶端tcp發送一個SYN以請求創建一個鏈接.以後狀態置爲SYN_SENT. /*The socket is actively attempting to establish a connection. 在發送鏈接請求後等待匹配的鏈接請求 */ socket

3)、SYN_RECV:服務端應發出ACK確認客戶端的SYN,同時本身向客戶端發送一個SYN. 以後狀態置爲SYN_RECV /* A connection request has been received from the network. 在收到和發送一個鏈接請求後等待對鏈接請求的確認 */ tcp

4)、ESTABLISHED: 表明一個打開的鏈接,雙方能夠進行或已經在數據交互了。/* The socket has an established connection. 表明一個打開的鏈接,數據能夠傳送給用戶 */ ide

5)、FIN_WAIT1:主動關閉(active close)端應用程序調用close,因而其TCP發出FIN請求主動關閉鏈接,以後進入FIN_WAIT1狀態./* The socket is closed, and the connection is shutting down. 等待遠程TCP的鏈接中斷請求,或先前的鏈接中斷請求的確認 */ this

6)、CLOSE_WAIT:被動關閉(passive close)端TCP接到FIN後,就發出ACK以迴應FIN請求(它的接收也做爲文件結束符傳遞給上層應用程序),並進入CLOSE_WAIT. /* The remote end has shut down, waiting for the socket to close. 等待從本地用戶發來的鏈接中斷請求 */

7)、FIN_WAIT2:主動關閉端接到ACK後,就進入了FIN-WAIT-2 ./* Connection is closed, and the socket is waiting for a shutdown from the remote end. 從遠程TCP等待鏈接中斷請求 */

8)、LAST_ACK:被動關閉端一段時間後,接收到文件結束符的應用程序將調用CLOSE關閉鏈接。這致使它的TCP也發送一個 FIN,等待對方的ACK.就進入了LAST-ACK . /* The remote end has shut down, and the socket is closed. Waiting for acknowledgement. 等待原來發向遠程TCP的鏈接中斷請求的確認 */

9)、TIME_WAIT:在主動關閉端接收到FIN後,TCP就發送ACK包,並進入TIME-WAIT狀態。/* The socket is waiting after close to handle packets still in the network.等待足夠的時間以確保遠程TCP接收到鏈接中斷請求的確認 */

10)、CLOSING: 比較少見./* Both sockets are shut down but we still don’t have all our data sent. 等待遠程TCP對鏈接中斷的確認 */

11)、CLOSED: 被動關閉端在接受到ACK包後,就進入了closed的狀態。鏈接結束./* The socket is not being used. 沒有任何鏈接狀態 */
TIME_WAIT狀態的造成只發生在主動關閉鏈接的一方。
主動關閉方在接收到被動關閉方的FIN請求後,發送成功給對方一個ACK後,將本身的狀態由FIN_WAIT2修改成TIME_WAIT,而必須再等2倍 的MSL(Maximum Segment Lifetime,MSL是一個數據報在internetwork中能存在的時間)時間以後雙方纔能把狀態 都改成CLOSED以關閉鏈接。目前RHEL裏保持TIME_WAIT狀態的時間爲60秒。

固然上述不少TCP狀態在系統裏都有對應的解釋或設置,可見man tcp

2、關於長鏈接和短鏈接:
通俗點講:短鏈接就是一次TCP請求獲得結果後,鏈接立刻結束.而長鏈接並不立刻斷開,而一直保持着,直到長鏈接TIMEOUT(具體程序都有相關參數說明).長鏈接能夠避免不斷的進行TCP三次握手和四次揮手.
長鏈接(keepalive)是須要靠雙方不斷的發送探測包來維持的,keepalive期間服務端和客戶端的TCP鏈接狀態是ESTABLISHED.目前http 1.1版本里默認都是keepalive(1.0版本默認是不keepalive的),ie6/7/8和firefox都默認用的是http 1.1版本了(如何查看當前瀏覽器用的是哪一個版本,這裏再也不贅述)。Apache,java

一個應用至於究竟是該使用短鏈接仍是長鏈接,應該視具體狀況而定。通常的應用應該使用長鏈接。

一、Linux的相關keepalive參數

a、 tcp_keepalive_time - INTEGER
How often TCP sends out keepalive messages when keepalive is enabled.
Default: 2hours.
b、 tcp_keepalive_probes - INTEGER
How many keepalive probes TCP sends out, until it decides that the
connection is broken. Default value: 9.
c、 tcp_keepalive_intvl - INTEGER
How frequently the probes are send out. Multiplied by
tcp_keepalive_probes it is time to kill not responding connection,
after probes started. Default value: 75sec i.e. connection
will be aborted after ~11 minutes of retries.

二、F5負載均衡上的相關參數說明

a、Keep Alive Interval
Specifies, when enabled, how frequently the system sends data over an idle TCP connection, to determine whether the connection is still valid.
Specify: Specifies the interval at which the system sends data over an idle connection, to determine whether the connection is still valid. The default is 1800 milliseconds.
b、Time Wait
Specifies the length of time that a TCP connection remains in the TIME-WAIT state before entering the CLOSED state.
Specify: Specifies the number of milliseconds that a TCP connection can remain in the TIME-WAIT state. The default is 2000.

c、Idle Timeout
Specifies the length of time that a connection is idle (has no traffic) before the connection is eligible for deletion.
Specify: Specifies a number of seconds that the TCP connection can remain idle before the system deletes it. The default is 300 seconds.

三、Apache的相關參數說明
如下是Apache/2.0.61版本的默認參數和說明

a、KeepAlive:
default On.Whether or not to allow persistent connections (more than
one request per connection). Set to 「Off」 to deactivate.
b、MaxKeepAliveRequests:
default 100.The maximum number of requests to allow
during a persistent connection. Set to 0 to allow an unlimited amount.
We recommend you leave this number high, for maximum performance.
c、KeepAliveTimeout:
default 15. Number of seconds to wait for the next request from the
same client on the same connection.

推薦閱讀:

TCP洪水攻擊(SYN Flood)的診斷和處理

http://tech.uc.cn/?p=1790

附:ISO 七層模型圖

相關文章
相關標籤/搜索