Generally, netstat command is used to check port is listening or not. But actually, there are lots of things we can check with the netstat command in Linux. Let’s understand the some examples of the netstat command to get desired result.
1.
List out all open ports of Linux server: netstat –a
root@hello:~#netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:mysql *:* LISTEN
tcp 0 0 *:www *:* LISTEN
tcp 0 0 *:webmin *:* LISTEN
tcp 0 0 ctier.local:domain *:* LISTEN
tcp 0 0 localhost:domain *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
|
2.
List only open TCP ports of server: netstat –at
root@hello:~#netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:mysql *:* LISTEN
tcp 0 0 *:www *:* LISTEN
|
3.
List only open UDP ports of server: netstat –au
root@ctier:~# netstat -au
Active Internet connections
(servers and established)
Proto Recv-Q Send-Q Local
Address Foreign Address State
udp 0 0 *:10000 *:*
udp 0 0 *:50715 *:*
udp 0 0 *:bootpc *:*
udp 0 0 *:snmp *:*
|
4.
Now, you can see the statistics of UDP and TCP
ports by commands as below : netstat –st
or netstat –su
[redhat@localhost ~]$ netstat -st
IcmpMsg:
InType3: 1
InType8: 1
OutType0: 1
OutType3: 11
Tcp:
681 active connections openings
1 passive connection openings
8 failed connection attempts
4 connection resets received
3 connections established
15811 segments received
13669 segments send out
8 segments retransmited
0 bad segments received.
147 resets sent
UdpLite:
TcpExt:
564 TCP sockets finished time wait in
fast timer
4 time wait sockets recycled by time
stamp
236 delayed acks sent
1 packets directly queued to recvmsg
prequeue.
8564 packets header predicted
818 acknowledgments
not containing data received
|
5.
Now, if
you want to see the all ports which are in LISTENING mode only type command as
netstat
-l and only for TCP listening ports netstat –lt and for UDP : netstat
–lu
[redhat@localhost ~]$ netstat -l | head
Active Internet connections
(only servers)
Proto Recv-Q Send-Q Local
Address Foreign
Address State
tcp 0 0 *:ssh *:*
LISTEN
tcp 0 0 localhost.localdomain:smtp *:*
LISTEN
tcp 0 0 *:44626 *:*
LISTEN
tcp 0 0 *:ssh *:*
LISTEN
……
|
[redhat@localhost ~]$ netstat -lu
Active Internet connections
(only servers)
Proto Recv-Q Send-Q Local
Address Foreign
Address State
udp 0 0 *:mdns *:*
udp 0 0 *:bootpc *:*
udp 0 0 *:58959 *:*
[redhat@localhost ~]$
|
[redhat@localhost ~]$ netstat -lt
Active Internet connections
(only servers)
Proto Recv-Q Send-Q Local
Address Foreign
Address State
tcp 0 0 *:ssh *:*
LISTEN
tcp 0 0 localhost.localdomain:smtp
*:*
LISTEN
tcp 0 0 *:44626 *:*
LISTEN
tcp 0 0 *:ssh *:*
LISTEN
[redhat@localhost ~]$
|
6.
List the ports which are listening unix ports
using netstat –lx
[redhat@localhost ~]$ netstat -lx | head
Active UNIX domain sockets
(only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2
[ ACC ] STREAM LISTENING 11846
/var/run/acpid.socket
unix 2
[ ACC ] STREAM LISTENING 12271
/var/run/sdp
unix 2
[ ACC ] STREAM LISTENING 12564
public/cleanup
unix 2
[ ACC ] STREAM LISTENING 12572
private/tlsmgr
unix 2
[ ACC ] STREAM LISTENING 12576
private/rewrite
unix 2
[ ACC ] STREAM LISTENING 11573
/var/run/dbus/system_bus_socket
unix 2
[ ACC ] STREAM LISTENING 12580
private/bounce
unix 2
[ ACC ] STREAM LISTENING 12584
private/defer
|
7.
If you want to know the program which using
specific port then use : netstat -p
[redhat@localhost ~]$ netstat -p | head -20
(Not all processes could be
identified, non-owned process info
will not be shown, you would have to be root
to see it all.)
Active Internet connections
(w/o servers)
Proto Recv-Q Send-Q Local
Address Foreign
Address State PID/Program name
tcp 1
0 192.168.136.128:57484
201-215-187-203.static:http CLOSE_WAIT
1978/clock-applet
tcp 0
0 192.168.136.128:ssh
192.168.136.1:51507
ESTABLISHED -
tcp 0
0 192.168.136.128:58239
bom03s02-in-f21.1e100:https ESTABLISHED 2047/firefox
tcp 0
0 192.168.136.128:42256
bom03s02-in-f21.1e100:https ESTABLISHED 2047/firefox
Active UNIX domain sockets
(w/o servers)
Proto RefCnt Flags Type
State I-Node PID/Program name Path
unix 2
[ ] DGRAM 8569 - @/org/kernel/udev/udevd
unix 2
[ ] DGRAM 11911 -
@/org/freedesktop/hal/udev_event
unix 22
[ ] DGRAM 11408 - /dev/log
|
8.
If you want to list all network interfaces use
this command: netstat –i
[redhat@localhost ~]$ netstat
-i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500
0 18773 0
0 0 15719
0 0 0 BMRU
lo 16436 0
18 0 0
0 18 0
0 0 LRU
|
9.
If you know the ifconfig command then ifconfig
–a and netstat –ie command’s output will be same. Both commands are providing
extended network interface information
Above mentioned state’s details as follows:
State
The state of
the socket. Since there are no states in raw mode and usually no states used in
UDP, this column may be left blank.
Normally this can be one of
several values:
ESTABLISHED: The socket has an established connection.
SYN_SENT: The socket is actively attempting to establish a
connection.
SYN_RECV: A connection request has been received from the
network.
FIN_WAIT1: The socket is closed, and the connection is
shutting down.
FIN_WAIT2: Connection is closed, and the socket is waiting
for a shutdown from the remote end.
TIME_WAIT: The socket is waiting after close to handle
packets still in the network.
CLOSED: The socket is
not being used.
CLOSE_WAIT: The remote end has shut down, waiting for the
socket to close.
LAST_ACK: The remote end has shut down, and the socket is
closed. Waiting for acknowledgement.
LISTEN: The socket is listening for incoming connections.
CLOSING: Both sockets are shut down but we still donât have
all our data sent.
UNKNOWN: The state of the socket is unknown.
0 comments:
Post a Comment