Netstat

From Wsms

Jump to: navigation, search

Use netstat to see what network connections are active on your machine.

[edit]

common usage

root@harrison:~# netstat -pant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
tcp        0      0 127.0.0.1:2208          0.0.0.0:*               LISTEN     4753/hpiod          
tcp        0      0 0.0.0.0:548             0.0.0.0:*               LISTEN     5230/afpd           
tcp        0      0 0.0.0.0:901             0.0.0.0:*               LISTEN     4972/xinetd         
tcp        0      0 0.0.0.0:902             0.0.0.0:*               LISTEN     4972/xinetd         
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN     4886/smbd           
tcp        0      0 0.0.0.0:5900            0.0.0.0:*               LISTEN     5117/vino-server    
tcp        0      0 0.0.0.0:2317            0.0.0.0:*               LISTEN     4819/gwd            
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN     5390/apache2        
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     4914/sshd           
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     6094/cupsd          
tcp        0      0 0.0.0.0:11000           0.0.0.0:*               LISTEN     8132/nxssh          
tcp        0      0 0.0.0.0:11036           0.0.0.0:*               LISTEN     8030/nxssh          
tcp        0      0 127.0.0.1:4700          0.0.0.0:*               LISTEN     5224/cnid_metad     
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN     4886/smbd           
tcp        0      0 127.0.0.1:2207          0.0.0.0:*               LISTEN     4756/python         
tcp        0      0 192.168.2.13:54389      192.168.2.14:22         ESTABLISHED8030/nxssh          
tcp        0      0 192.168.2.13:37708      192.168.2.12:22         ESTABLISHED8132/nxssh          
tcp        0      0 192.168.2.13:52340      212.227.94.110:6667     ESTABLISHED9640/xchat-gnome    
tcp        0      0 192.168.2.13:56952      207.158.1.150:6667      ESTABLISHED9640/xchat-gnome

The meaning of the columns are as follows:

Proto -- Protocol, usually tcp or udp
Recv-Q -- Bytes that were not received by us. 0 is good. A big number is bad.
Send-Q -- Bytes that were sent but not acknowledged by the remote hosts received by them. 0 is good. A big number is bad.

The other columns should be obvious enough from the labels.

[edit]

tips

The -p option is more useful for root than for users. It shows which process is using a each network connection. Root can see the name of every process. A user can only see the name of his own processes.

The watch command repeatedly runs a command every two seconds. You can keep a window open with watch running a command over and over to see what your machine is doing as you and other users do your work or experiment.

The -p option tells netstat to try to identify the process that is using the connection. If you are a normal user, you can only the identity of your own processes. Here is a handy shell script you can use with the watch command. 

#!/bin/bash
# George Geller
# np.sh
# November 20, 2006
netstat -pant 2>/dev/null > tmp
cat tmp

$ watch ./np.sh
[edit]

see also

man netstat
20061102
20061120
Linux commands
Retrieved from "http://wsms.wikiplanet.com/mediawiki/index.php/Netstat"
Personal tools