Netstat command displays various network related information
such as network connections, routing tables, interface statistics, masquerade
connections, multicast memberships etc.When we run the ‘netstat’ command , it
shows all the details all the ports that are in any state either open , closed,
listening , established e.t.c like,
List
all the ports ( all closed,Established..)
[root@vx111a
local]# netstat -a | head -n 6
Active
Internet connections (servers and established)
Proto
Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0
localhost.localdomain:2208 *:* LISTEN
tcp 0 0
*:rsync *:* LISTEN
tcp 0 0
*:sunrpc *:* LISTEN
tcp 0 0
*:ssh *:* LISTEN
List
all the TCP Ports
[root@vx111a
local]# netstat -at | head -n 5
Active
Internet connections (servers and established)
Proto
Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0
localhost.localdomain:2208 *:* LISTEN
tcp 0 0
*:rsync *:* LISTEN
tcp 0 0
*:sunrpc *:* LISTEN
List
all the UDP Ports
[root@vx111a
local]# netstat -au | head -n 5
Active
Internet connections (servers and established)
Proto
Recv-Q Send-Q Local Address Foreign Address State
udp 0 0
*:bootpc *:*
udp 0 0
*:10962 *:*
udp 0 0
*:867 *:*
List
all the Listening Ports
[root@vx111a
local]# netstat -l | head -n 5
Active
Internet connections (only servers)
Proto
Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0
localhost.localdomain:2208 *:* LISTEN
tcp 0 0
*:rsync *:* LISTEN
tcp 0 0
*:sunrpc *:* LISTEN
List
all the Listening TCP Ports
[root@vx111a
local]# netstat -lt | head -n 5
List
all the Listening UDP Ports
[root@vx111a
local]# netstat -lu | head -n 5
Show
the Stastics of a Protocol using netstat
[root@vx111a
local]# netstat -s
Ip:
45331 total packets received
1173 with invalid addresses
0 forwarded
0 incoming packets discarded
44158 incoming packets delivered
34772 requests sent out
Icmp:
0 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
8 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination
unreachable: 8
IcmpMsg:
OutType3: 8
Tcp:
966 active connections openings
1 passive connection openings
56 connection resets received
13 connections established
36413 segments received
33850 segments send out
333 segments retransmited
0 bad segments received.
266 resets sent
Udp:
833 packets received
If we
need to find stastics of a specific port we can use
netstat-ts
(tcp) or netstat -ut (udp)
Netstat
with Process ID
we can
also use netstat to not only display port information but also the process id
using that like,
[root@vx111a
local]# netstat -lpn | head -n 3
Proto
Recv-Q Send-Q Local Address Foreign Address State PID/Program
name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 2598/hpiod
Find out on which port a program is running
[root@vx111a local]#
netstat -ap| grep hpiod
tcp 0 0
localhost.localdomain:2208 *:* LISTEN 2598/hpiod
unix 2 [ ] DGRAM 7892 2598/hpiod
Or
Find
Which process is Running on a Specific Port
[root@vx111a local]#
netstat -pln | grep ':22'
tcp 0 0
127.0.0.1:2208 0.0.0.0:* LISTEN 2598/hpiod
tcp 0 0
0.0.0.0:22 0.0.0.0:* LISTEN 2618/sshd
tcp 0 0
127.0.0.1:2207 0.0.0.0:* LISTEN 2603/python
Show
all the Network Interface
[root@vx111a local]# netstat -ie
Kernel Interface table
eth0 Link encap:Ethernet HWaddr
00:25:64:B3:19:FD
inet
addr:xxxxxxxxx Bcast:xxxxxxxxxx Mask:xxxxxxx
UP BROADCAST RUNNING MULTICAST
MTU:1500 Metric:1
RX packets:57230 errors:0 dropped:0 overruns:0 frame:0
TX packets:36861 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:25588354 (24.4 MiB)
TX bytes:13268991 (12.6 MiB)
Interrupt:169 Memory:dfbf0000-dfc00000
lo Link encap:Local Loopback
inet addr:127.0.0.1
Mask:255.0.0.0
UP LOOPBACK RUNNING
MTU:16436 Metric:1
RX packets:1092 errors:0 dropped:0 overruns:0 frame:0
TX packets:1092 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1859960 (1.7 MiB)
TX bytes:1859960 (1.7 MiB)
More netstat Commands,
netstat –vatnp :
check the state of Sockets (Hung state if in CLOSE_WAIT state)
netstat –r :
Display Routing Table
netstat –g : Display
multicast group membership information
netstat
–ic : Monitor
continuously
netystat –o :
Display network timer related
information
netstat –p : Display the PID of the program using
socket
netstat
–C : Show
routing information from route cache
netstat –n
–p TCP 10 : Show TCP Connections for every 10 seconds
More To Come, Happy learning
