You want to examine network use occurring on your local machine.
Solution
To print a summary of network use:
$ netstat --inet Connected sockets
$ netstat --inet --listening Server sockets
$ netstat --inet --all Both
# netstat --inet ... -p Identify processes
To print dynamically assigned ports for RPC services:
$ rpcinfo -p [host]
To list network connections for all processes:
# lsof -i[TCP|UDP][@host][:port]
To list all open files for specific processes:
# lsof -p pid
# lsof -c command
# lsof -u username
source:- Robert g byrnes
netstat -s --- this will display network statistics report
Displaying all active Internet connections in Linux.
Answer:
It may be necessary to display what Internet connections are active on your Linux box. For example, seeing if the Apache service is actively running and if running what network ports it's listening to. To do this run the below netstat command in the command line.
netstat -natp
Using the netstat Command
To track what ports are open and what ports have processes listening to them, we use the netstat command. For example:
[root@serverA ~]# netstat -natu
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:5335 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 :::22 :::* LISTEN
tcp 0 132 192.168.1.4:22 192.168.1.33:2129 ESTABLISHED
udp 0 0 0.0.0.0:32768 0.0.0.0:*
tcp 0 0 ::ffff:192.168.1.4:22 ::ffff:192.168.1.90:40587 ESTABLISHED
udp 0 0 0.0.0.0:631 0.0.0.0:*
By default (with no parameters), netstat will provide all established connections for both network and domain sockets. That means we’ll see not only the connections that are actually working over the network, but also the interprocess communications (which, from a security monitoring standpoint, are not useful). So in the command just illustrated, we have asked netstat to show us all ports (-a)—whether they are listening or actually connected—for TCP (-t) and UDP (-u). We have told netstat not to spend any time resolving IP addresses to hostnames (-n).
In the netstat output, each line represents either a TCP or UDP network port, as indicated by the first column of the output. The Recv-Q (receive queue) column lists the number of bytes received by the kernel but not read by the process. Next, the Send-Q (send queue) column tells us the number of bytes sent to the other side of the connection but not acknowledged.
The fourth, fifth, and sixth columns are the most interesting in terms of system security. The Local Address column tells you your server’s IP address and port number.Remember that your server recognizes itself as 127.0.0.1 and 0.0.0.0, as well as its normal IP address. In the case of multiple interfaces, each port being listened to will show up on all interfaces and, thus, as separate IP addresses. The port number is separated from the IP address by a colon. In the output from the netstat example just shown, the Ethernet device has the IP address 192.168.1.4.
The fifth column, Foreign Address, identifies the other side of the connection. In the case of a port that is being listened to for new connections, the default value will be 0.0.0.0:*. This IP address means nothing, since we’re still waiting for a remote host to connect to us!
The sixth column tells us the state of the connection. The man page for netstat lists all of the states, but the two you’ll see most often are LISTEN and ESTABLISHED. The LISTEN state means there is a process on your server listening to the port and ready to accept new connections. The ESTABLISHED state means just that—a connection is established between a client and server.
No comments:
Post a Comment