Networking / Beginners

---

The netstat command

The netstat command lets you monitor just about every aspect of a Linux server's network functions. This command can generate page after page of interesting information - if you know what it all means.

The two most common reasons to use netstat are to display the routing table and to display open TCP/IP connections. The syntax for displaying the routing table is

netstat -r

This results in a display similar to this:

Kernel IP routing table
Destination 	Gateway Genmask 	Flags MSS Window irtt Iface
192.168.1.0 	* 	255.255.255.0 	U 	0 	0 0 	eth1
192.168.1.0 	* 	255.255.255.0 	U 	0 	0 0 	eth0
127.0.0.0 	* 	255.0.0.0 	U 	0 	0 0	lo

To display TCP/IP connections, use this syntax:

netstat -l

This results in a display similar to the following:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address 		Foreign Address State
tcp 	0 	0 	*:1024 			*:* 		LISTEN
tcp 	0 	0 	LSERVER:1025 		*:* 		LISTEN
tcp 	0 	0 	*:netbios-ssn 		*:* 		LISTEN
tcp 	0 	0 	*:sunrpc 		*:* 		LISTEN
tcp 	0 	0 	*:http 			*:* 		LISTEN
tcp 	0 	0 	*:x11 			*:* 		LISTEN
tcp 	0 	0 	*:ssh 			*:* 		LISTEN
tcp 	0 	0 	LSERVER:ipp 		*:* 		LISTEN
tcp 	0 	0 	LSERVER:smtp 		*:* 		LISTEN
tcp 	0 	0 	*:https 		*:* 		LISTEN
udp 	0 	0 	*:1024 			*:*
udp 	0 	0 	LSERVER:1026 		*:*
udp 	0 	0  	192.168.1.20:netbios-ns *:*
udp 	0 	0 	192.168.1.20:netbios-ns *:*
udp 	0 	0 	*:netbios-ns 		*:*
udp 	0 	0 	192.168.1.2:netbios-dgm *:*
udp 	0 	0 	192.168.1.2:netbios-dgm *:*
udp 	0 	0 	*:netbios-dgm 		*:*
udp 	0 	0 	*:940 			*:*
udp 	0 	0 	*:sunrpc 		*:*
udp 	0 	0 	*:631 			*:*
.
.
.

From this display, you can tell which Linux services are actively listening on TCP/IP ports.