Tuesday, September 28, 2010

Netstat 101

We all know netstat which can show you all the important network connections - if you remember how to use it. I always forget and it's hard to find it again. So I'll post the commands I found most useful in here.

This command displays all active TCP connections:
netstat --tcp --programs --numeric-ports
netstat -tp --numeric-ports (shorter)
Aktive Internetverbindungen (ohne Server)
Proto Recv-Q Send-Q Local Address   Foreign Address State      PID/Program name
tcp        0      0 localhost:3306  localhost:38525 VERBUNDEN  3024/mysqld
tcp        0      0 localhost:3306  localhost:38527 VERBUNDEN  3024/mysqld
tcp       38      0 picard:36800    ldap.****       CLOSE_WAIT 1146/dbus-daemon

Parameter --programs adds the program name info, --numeric-ports prevents netstat of hiding the port numbers. To display UDP connections use --udp.

netstat --tcp --listening --programs --numeric-ports
netstat -tlp --numeric-ports (shorter)
Aktive Internetverbindungen (Nur Server)
Proto Recv-Q Send-Q Local Address  Foreign Address  State   PID/Program name
tcp        0      0 *:3306         *:*              LISTEN  3024/mysqld
tcp        0      0 *:22           *:*              LISTEN  2630/sshd
tcp        0      0 *:8080         *:*              LISTEN  12439/java

If you want to have the output continuously refreshed use "watch -n1". And if you've got a netstat that displays the information partially in another language (german in my case) you can set the locale to have it all in english. That will make using grep so much easier...

LANG=en watch -n1 netstat -tlp --numeric-ports

Some of the examples in here were copied from http://www.linuxhowtos.org/Network/netstat.htm .

No comments: