Pages

Sunday, September 2, 2012

Resource Management : Netstat


Netstat command displays various network related information such as network connections, routing tables, interface statistics, masquerade connections, multicast memberships etc.When we run the ‘netstat’ command , it shows all the details all the ports that are in any state either open , closed, listening , established e.t.c like, 
List all the ports ( all closed,Established..)
[root@vx111a local]# netstat -a | head -n 6
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address                 Foreign Address           State     
tcp       0          0 localhost.localdomain:2208  *:*                               LISTEN              
tcp       0          0 *:rsync                                 *:*                               LISTEN              
tcp       0          0 *:sunrpc                               *:*                               LISTEN              
tcp       0          0 *:ssh                                    *:*                               LISTEN              

List all the TCP Ports
[root@vx111a local]# netstat -at | head -n 5
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address                 Foreign Address           State     
tcp       0          0 localhost.localdomain:2208  *:*                               LISTEN              
tcp       0          0 *:rsync                                 *:*                               LISTEN              
tcp       0          0 *:sunrpc                               *:*                               LISTEN              

List all the UDP Ports
[root@vx111a local]# netstat -au | head -n 5
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address                 Foreign Address           State     
udp      0          0 *:bootpc                                           *:*                                            
udp      0          0 *:10962                                            *:*                                            
udp      0          0 *:867                                                *:*                                            

List all the Listening Ports
[root@vx111a local]# netstat -l | head -n 5
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address                 Foreign Address           State     
tcp       0          0 localhost.localdomain:2208  *:*                                  LISTEN              
tcp       0          0 *:rsync                                 *:*                                  LISTEN              
tcp       0          0 *:sunrpc                               *:*                                  LISTEN              

List all the Listening TCP Ports
[root@vx111a local]# netstat -lt | head -n 5

List all the Listening UDP Ports
[root@vx111a local]# netstat -lu | head -n 5



Show the Stastics of a Protocol using netstat
[root@vx111a local]# netstat -s
Ip:
            45331 total packets received
            1173 with invalid addresses
            0 forwarded
            0 incoming packets discarded
            44158 incoming packets delivered
            34772 requests sent out
Icmp:
            0 ICMP messages received
            0 input ICMP message failed.
            ICMP input histogram:
            8 ICMP messages sent
            0 ICMP messages failed
            ICMP output histogram:
            destination unreachable: 8
IcmpMsg:
            OutType3: 8
Tcp:
            966 active connections openings
            1 passive connection openings
            56 connection resets received
            13 connections established
            36413 segments received
            33850 segments send out
            333 segments retransmited
            0 bad segments received.
            266 resets sent
Udp:
            833 packets received
If we need to find stastics of a specific port we can use
netstat-ts (tcp) or netstat -ut (udp)

Netstat with Process ID
we can also use netstat to not only display port information but also the process id using that like,
[root@vx111a local]# netstat -lpn | head -n 3
Proto Recv-Q Send-Q Local Address                 Foreign Address           State   PID/Program name  
tcp       0          0          127.0.0.1:2208            0.0.0.0:*                      LISTEN             2598/hpiod      

Find out on which port a program is running

[root@vx111a local]# netstat -ap| grep hpiod
tcp       0          0 localhost.localdomain:2208  *:*                               LISTEN             2598/hpiod      
unix  2              [ ]         DGRAM                         7892   2598/hpiod        

Or

Find Which process is Running on a Specific Port
[root@vx111a local]# netstat -pln | grep ':22'
tcp       0          0 127.0.0.1:2208                     0.0.0.0:*                      LISTEN             2598/hpiod      
tcp       0          0 0.0.0.0:22                 0.0.0.0:*                      LISTEN             2618/sshd       
tcp       0          0 127.0.0.1:2207                     0.0.0.0:*                      LISTEN             2603/python  

Show all the Network Interface

[root@vx111a local]# netstat -ie
Kernel Interface table
eth0     Link encap:Ethernet  HWaddr 00:25:64:B3:19:FD 
            inet addr:xxxxxxxxx  Bcast:xxxxxxxxxx  Mask:xxxxxxx
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
            RX packets:57230 errors:0 dropped:0 overruns:0 frame:0
            TX packets:36861 errors:0 dropped:0 overruns:0 carrier:0
            collisions:0 txqueuelen:1000
            RX bytes:25588354 (24.4 MiB)  TX bytes:13268991 (12.6 MiB)
            Interrupt:169 Memory:dfbf0000-dfc00000

lo         Link encap:Local Loopback 
            inet addr:127.0.0.1  Mask:255.0.0.0
            UP LOOPBACK RUNNING  MTU:16436  Metric:1
            RX packets:1092 errors:0 dropped:0 overruns:0 frame:0
            TX packets:1092 errors:0 dropped:0 overruns:0 carrier:0
            collisions:0 txqueuelen:0
            RX bytes:1859960 (1.7 MiB)  TX bytes:1859960 (1.7 MiB)


More netstat Commands,

netstat –vatnp            : check the state of Sockets (Hung state if in CLOSE_WAIT state)
netstat –r                    : Display Routing Table
netstat –g                   : Display multicast group membership information
netstat –ic                   : Monitor continuously
netystat –o                  : Display network timer related information
netstat –p                   :  Display the PID of the program using socket
netstat –C                   :  Show routing information from route cache
netstat –n –p TCP 10   Show TCP Connections for every 10 seconds
More To Come, Happy learning