Saturday, March 23, 2013


Generally, netstat command is used to check port is listening or not. But actually, there are lots of things we can check with the netstat command in Linux. Let’s understand the some examples of the netstat command to get desired result.
1.       List out all open ports of Linux server:   netstat –a
root@hello:~#netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0              0         localhost:mysql         *:*                     LISTEN
tcp        0              0           *:www                   *:*                     LISTEN
tcp        0              0           *:webmin                *:*                     LISTEN
tcp        0              0         ctier.local:domain      *:*                     LISTEN
tcp        0              0         localhost:domain        *:*                     LISTEN
tcp        0              0               *:ssh                   *:*                     LISTEN

2.       List only open TCP ports of server: netstat –at
root@hello:~#netstat -at  
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0              0            localhost:mysql         *:*                     LISTEN
tcp        0              0              *:www                   *:*                     LISTEN

3.       List only open UDP ports of server: netstat –au
root@ctier:~# netstat -au
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
udp        0             0            *:10000                 *:*
udp        0             0            *:50715                 *:*
udp        0             0            *:bootpc                *:*
udp        0             0             *:snmp                  *:*

4.       Now, you can see the statistics of UDP and TCP ports by commands as below : netstat –st  or netstat –su
[redhat@localhost ~]$ netstat -st
IcmpMsg:
    InType3: 1
    InType8: 1
    OutType0: 1
    OutType3: 11
Tcp:
    681 active connections openings
    1 passive connection openings
    8 failed connection attempts
    4 connection resets received
    3 connections established
    15811 segments received
    13669 segments send out
    8 segments retransmited
    0 bad segments received.
    147 resets sent
UdpLite:
TcpExt:
    564 TCP sockets finished time wait in fast timer
    4 time wait sockets recycled by time stamp
    236 delayed acks sent
    1 packets directly queued to recvmsg prequeue.
    8564 packets header predicted
                  818 acknowledgments not containing data received

5.       Now,  if you want to see the all ports which are in LISTENING mode only type command as
netstat  -l and only for TCP listening ports netstat –lt and for UDP : netstat –lu
[redhat@localhost ~]$ netstat -l | head
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0             0           *:ssh                                *:*                         LISTEN
tcp        0             0        localhost.localdomain:smtp  *:*                         LISTEN
tcp        0            0           *:44626                            *:*                         LISTEN
tcp        0            0           *:ssh                                 *:*                         LISTEN
               ……
[redhat@localhost ~]$ netstat -lu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
udp        0            0          *:mdns                           *:*
udp        0            0          *:bootpc                        *:*
udp        0            0          *:58959                         *:*
[redhat@localhost ~]$
[redhat@localhost ~]$ netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0            0              *:ssh                            *:*                         LISTEN
tcp        0            0       localhost.localdomain:smtp  *:*                         LISTEN
tcp        0            0             *:44626                        *:*                         LISTEN
tcp        0            0             *:ssh                             *:*                         LISTEN
[redhat@localhost ~]$

6.       List the ports which are listening unix ports using netstat –lx
[redhat@localhost ~]$ netstat -lx | head
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     11846  /var/run/acpid.socket
unix  2      [ ACC ]     STREAM     LISTENING     12271  /var/run/sdp
unix  2      [ ACC ]     STREAM     LISTENING     12564  public/cleanup
unix  2      [ ACC ]     STREAM     LISTENING     12572  private/tlsmgr
unix  2      [ ACC ]     STREAM     LISTENING     12576  private/rewrite
unix  2      [ ACC ]     STREAM     LISTENING     11573  /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     12580  private/bounce
               unix  2      [ ACC ]     STREAM     LISTENING     12584  private/defer

7.       If you want to know the program which using specific port then use : netstat -p
[redhat@localhost ~]$ netstat -p | head -20
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        1      0 192.168.136.128:57484       201-215-187-203.static:http CLOSE_WAIT  1978/clock-applet
tcp        0      0 192.168.136.128:ssh         192.168.136.1:51507         ESTABLISHED -
tcp        0      0 192.168.136.128:58239       bom03s02-in-f21.1e100:https ESTABLISHED 2047/firefox
tcp        0      0 192.168.136.128:42256       bom03s02-in-f21.1e100:https ESTABLISHED 2047/firefox
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node PID/Program name    Path
unix  2      [ ]         DGRAM                    8569   -                   @/org/kernel/udev/udevd
unix  2      [ ]         DGRAM                    11911  -                   @/org/freedesktop/hal/udev_event
               unix  22     [ ]         DGRAM                    11408  -                   /dev/log


8.       If you want to list all network interfaces use this command: netstat –i
[redhat@localhost ~]$ netstat -i
Kernel Interface table
Iface       MTU Met    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500   0    18773      0      0      0    15719      0      0      0 BMRU
               lo        16436   0       18      0      0      0       18      0      0      0 LRU

9.       If you know the ifconfig command then ifconfig –a and netstat –ie command’s output will be same. Both commands are providing extended network interface information
Above mentioned state’s details as follows:
State
       The state of the socket. Since there are no states in raw mode and usually no states used in UDP, this column may be left blank.  Normally  this can be one of several values:
ESTABLISHED: The socket has an established connection.
SYN_SENT: The socket is actively attempting to establish a connection.
SYN_RECV: A connection request has been received from the network.
FIN_WAIT1: The socket is closed, and the connection is shutting down.
FIN_WAIT2: Connection is closed, and the socket is waiting for a shutdown from the remote end.
TIME_WAIT: The socket is waiting after close to handle packets still in the network.
CLOSED:  The socket is not being used.
CLOSE_WAIT: The remote end has shut down, waiting for the socket to close.
LAST_ACK: The remote end has shut down, and the socket is closed. Waiting for acknowledgement.
LISTEN: The socket is listening for incoming connections.
CLOSING: Both sockets are shut down but we still donât have all our data sent.
UNKNOWN: The state of the socket is unknown.

Posted by Machindra Dharmadhikari On 3/23/2013 02:14:00 PM 1 comment

1 comments:

Post a Comment

  • RSS
  • Delicious
  • Digg
  • Facebook
  • Twitter
  • Linkedin
  • Youtube

    Chitika Ads 2

    Histat

    About

    Enter your email address:

    Delivered by FeedBurner