Netstat command is helpful for display information related to network connections, both incoming and outgoing , routing tables, interface statistics security issues connections and so on . Netstat command supporting in Linux, Unix as well as the windows Operating system.
--tcp (or) -t Shows TCP connections
--udp (or) -u Shows UDP connections
--all (or) -a Display both listening and non-listening sockets
--program (or) -p Display process id (PID) and program name
--listening (or) -l Display only listening sockets.
-I Display a table of all network interfaces
-c print the selected information every second continuously.
-s Display summary statistics for each protocol.
--udp (or) -u Shows UDP connections
--all (or) -a Display both listening and non-listening sockets
--program (or) -p Display process id (PID) and program name
--listening (or) -l Display only listening sockets.
-I Display a table of all network interfaces
-c print the selected information every second continuously.
-s Display summary statistics for each protocol.
1. To check active TCP ports :
# netstat –tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:20000 0.0.0.0:* LISTEN 1414/perl
tcp 0 0 0.0.0.0:5666 0.0.0.0:* LISTEN 1245/xinetd
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1332/mysqld
2.To check active UDP ports
# netstat -unlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 0.0.0.0:10000 0.0.0.0:* 1420/perl
udp 0 0 0.0.0.0:20000 0.0.0.0:* 1414/perl
udp 0 0 184.107.29.18:53 0.0.0.0:* 1033/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 1033/named
udp 0 0 0.0.0.0:11211 0.0.0.0:* 1217/memcached
udp 0 0 :::11211 :::* 1217/memcached
3.Do you like to check kernel’s routing table
# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.0.240 * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 0 0 0 eth0
default 192.168.0.200 0.0.0.0 UG 0 0 0 eth0
4. To display active interfaces
# netstat –i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 28026209 0 0 0 21718940 0 0 0 BMRU
lo 16436 0 470612 0 0 0 470612 0 0 0 LRU
5. Do you want to know whether the port 80 listen and pointing to where
# netstat -antup | grep 80 | grep LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 12799/httpd
tcp 0 0 :::80 :::* LISTEN 12799/httpd
The port : 80 pointing to apache server (httpd)
6. To view interface information can be monitored continuously
# netstat -ic
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 28294763 0 0 0 21914126 0 0 0 BMRU
lo 16436 0 497460 0 0 0 497460 0 0 0 LRU
eth0 1500 0 28294918 0 0 0 21914221 0 0 0 BMRU
lo 16436 0 497460 0 0 0 497460 0 0 0 LRU
7. Print active connections for specific application
# netstat -anp | grep named
tcp 0 0 192.168.0.240:53 0.0.0.0:* LISTEN 907182/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 907182/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 907182/named
udp 0 0 192.168.0.240:53 0.0.0.0:* 907182/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 907182/named
unix 2 [ ] DGRAM 15226481 907182/named
8. shows listen socket
# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:imaps *:* LISTEN
tcp 0 0 *:infowave *:* LISTEN
tcp 0 0 *:radsec *:* LISTEN
tcp 0 0 *:pop3s *:* LISTEN
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 2103789 /usr/local/cpanel/var/cpwrapd.sock
unix 2 [ ACC ] STREAM LISTENING 90346 /var/run/dbus/system_bus_socket
9. Display summary statistics for each protocol.
# netstat –s
Ip:
28778389 total packets received
3099 with invalid addresses
0 forwarded
…
10. Displaying IPv4 and IPv6 Information
# netstat -g
IPv6/IPv4 Group Memberships
Interface RefCnt Group
--------------- ------ ---------------------
lo 1 my-system.net
eth0 1 my-systems.net
lo 1 ff02::1
eth0 1 ff02::1:ffef:85ea
eth0 1 ff02::1
11. Find number of connections by IP Address
# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
1 106.215.226.229
1 106.78.48.221
1 116.203.248.18
1 117.201.180.231
1 117.207.166.64
1 122.178.179.254
1 127.0.0.1
1 176.224.94.91
Comments (0)