Netstat
You can use the netstat utility on Windows or Linux to see a list of network connections. The -l option (on Linux) will list only the listening ports for that system. On Windows, the same functionality is provided by using the -a option (-a works on Linux as well) to list all connections. From a troubleshooting perspective, there may be times when you want to verify that a service is listening on the proper port, or identify what service is listening on a given port. While older versions of netstat cannot show you this, modern Windows systems provide the -b option, which will list the process associated with a given listening port.
C:\>netstat -a -b Active Connections Proto Local Address Foreign Address State PID TCP server:4122 localhost:4123 ESTABLISHED 1988 [firefox.exe]
If you are running an older version of Windows, or running Linux, there are utilities to show this. For the command line on Windows NT, XP, or 2000, fport from www.foundstone.com/resources/proddesc/fport.htm is very handy.The abbreviated output is shown here.
I:\Internet\fport>fport FPort v2.0 - TCP/IP Process to Port Mapper Copyright 2000 by Foundstone, Inc. http://www.foundstone.com Pid Process Port Proto Path 1988 firefox -> 4123 TCP I:\Internet\Firefox\firefox.exe
For a Windows GUI, tcpview is very powerful and can be downloaded from Microsoft at www.microsoft.com/technet/sysinternals/utilities/TcpView.mspx.Tcpview also has a command-line version called tcpvcon. In the Linux world, you can see which processes are using which ports with the lsof (list open files) utility. Although the utility can be rather complex, a quick and simple way is:
lsof | grep LISTEN syslog-ng 1555 root 6u IPv4 4463 TCP *:7140 (LISTEN)
This will indicate that the syslog-ng process is listening for inbound connections on TCP port 7140.
In this tutorial:
- Network Reporting and Troubleshooting
- Reporting on Bandwidth Usage and Other Metrics
- Collecting Data for Analysis
- Understanding SNMP
- SNMP Security
- Configuring Multi Router Traffic Grapher
- Configuring MZL & Novatech TrafficStatistic
- Configuring PRTG Traffic Grapher
- Configuring ntop
- Enabling SNMP on Windows Hosts
- Enabling SNMP on Linux Hosts
- Troubleshooting Network Problems
- Using a GUI Sniffer
- Using a Command-Line Sniffer
- Windump
- ngSniff
- Tcpdump
- Additional Troubleshooting Tools
- Netcat
- Tracetcp
- Netstat