NETSTAT

• (Network Statistic) - displays connection info, routing table information

# netstat -r

• shows routing table information

Netstat (Network Statistic) command display connection info, routing table information etc. To displays routing table information use option as -r.

# netstat -r

Kernel IP routing table

Destination Gateway Genmask Flags MSS Window irtt Iface

192.168.50.0 * 255.255.255.0 U 0 0 0 eth0

link-local * 255.255.0.0 U 0 0 0 eth0

default 192.168.50.1 0.0.0.0 UG 0 0 0 eth0

To see a table of all network interfaces and its summary, enter:

# netstat -i

Sample outputs:

Kernel Interface table

Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg

eth0 1500 0 941022 0 0 0 688165 0 0 0 BMRU

lo 16436 0 9304 0 0 0 9304 0 0 0 LRU

ppp0 1496 0 3784 0 0 0 4177 0 0 0 MOPRU

To see summary statistics for each protocol, enter:

# netstat -s

Sample outputs:

Ip:

1092065 total packets received

0 forwarded

0 incoming packets discarded

1091681 incoming packets delivered

798913 requests sent out

895 dropped because of missing route

759 reassemblies required

375 packets reassembled ok

Icmp:

17 ICMP messages received

0 input ICMP message failed.

ICMP input histogram:

timeout in transit: 8

echo replies: 9

1747 ICMP messages sent

0 ICMP messages failed

ICMP output histogram:

destination unreachable: 1730

echo request: 17

IcmpMsg:

InType0: 9

InType11: 8

OutType3: 1730

OutType8: 17

Tcp:

4822 active connections openings

1129 passive connection openings

457 failed connection attempts

165 connection resets received

7 connections established

1062519 segments received

771394 segments send out

7158 segments retransmited

6 bad segments received.

2578 resets sent

Udp:

20846 packets received

1730 packets to unknown port received.

0 packet receive errors

19242 packets sent

UdpLite:

TcpExt:

71 invalid SYN cookies received

8 resets received for embryonic SYN_RECV sockets

142 packets pruned from receive queue because of socket buffer overrun

2109 TCP sockets finished time wait in fast timer

84 packets rejects in established connections because of timestamp

19454 delayed acks sent

6 delayed acks further delayed because of locked socket

Quick ack mode was activated 7306 times

1 packets directly queued to recvmsg prequeue.

1 bytes directly received in process context from prequeue

823921 packet headers predicted

24412 acknowledgments not containing data payload received

10150 predicted acknowledgments

242 times recovered from packet loss by selective acknowledgements

33 congestion windows recovered without slow start by DSACK

335 congestion windows recovered without slow start after partial ack

336 TCP data loss events

TCPLostRetransmit: 35

1 timeouts after reno fast retransmit

156 timeouts after SACK recovery

116 timeouts in loss state

461 fast retransmits

5 forward retransmits

608 retransmits in slow start

2073 other TCP timeouts

62 SACK retransmits failed

43074 packets collapsed in receive queue due to low socket buffer

8499 DSACKs sent for old packets

101 DSACKs sent for out of order packets

308 DSACKs received

9 DSACKs for out of order packets received

427 connections reset due to unexpected data

122 connections reset due to early user close

28 connections aborted due to timeout

TCPDSACKIgnoredOld: 3

TCPDSACKIgnoredNoUndo: 60

TCPSpuriousRTOs: 4

TCPSackShifted: 282

TCPSackMerged: 740

TCPSackShiftFallback: 1017

IpExt:

InMcastPkts: 47

OutMcastPkts: 51

InBcastPkts: 1

InOctets: 1341508973

OutOctets: 72525352

InMcastOctets: 8649

OutMcastOctets: 7519

InBcastOctets: 328

To display current open connections in your machines and you can see exactly who is connected to your system thorough an incoming and outgoing connections. List all listening services / ports and established connections, if you have more users you will get lengthy output.

netstat -a

To display only active tcp(-t) connections and the ports which are listening for TCP connection

netstat -at

netstat -at command output

To display only active udp(-u) connections and the ports which are listening for UDP connection

netstat -au

netstat -au output

To dispaly active tcp (-t) and udp(-u) connections, with all listening and established connections.

netstat -aut

You dont want to see hostnames or domain names,just display only IP address

netstat -autn

Linux netstat command – Listening ports List out only Listening sockets information which does not other socket information which are inactive state

netstat -l

List out only current listening TCP ports / Sockets

netstat -lnt

List out only which are listening UDP ports

netstat -lun

List out only listening UNIX ports

netstat -lx

To display summary statistics for all protocols

netstat -s

To display statistics for only TCP and UDP ports

netstat -stu

You want to check particular service is running,you can see the process “master” listening on both IPV4 and IPV6 for incoming “ssh” connection.

netstat -ntplu |grep ssh

To get the kernel IP routing table

netstat -rn

netstat -r to find kernel routing table

To display the multicast group information for IPv4 and IPv6 protocols.

netstat -g -4

netstat -g -6

netstat -g -4 -6 command output

Get usage information about the network connections

netstat -i

netstat -i command output

To get extended usage information on the interfaces

netstat -ie

continuously see the connections information until you press an CTRL+c combination key

nestat -c

If you want to see an timers information along with the Linux netstat command output then use option -o

[root@Techtutorials ~]# netstat -to Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State Timer tcp 0 0 192.168.4.129:ssh 192.168.4.1:59310 ESTABLISHED keepalive (6151.34/0/0) tcp 0 64 192.168.4.129:ssh 192.168.4.1:55916 ESTABLISHED on (0.37/0/0)

Masqueraded IP: IP address which will act like a Gateway where external users can see it. Internal devices can be hide behind Masqueraded IP address but external users will receive an traffic from Masqueraded IP.

To display list of masqueraded connections, use below command

netstat -M

State of the Socket ESTABLISHED : The socket has an established connection.

SYN_SENT : The socket is actively attempting to establish a connection.

SYN_RECV : A connection request has been received from the network.

FIN_WAIT1 : The socket is closed, and the connection is shutting down.

FIN_WAIT2 : Connection is closed, and the socket is waiting for a shutdown from the remote end. TIME_WAIT : The socket is waiting after close to handle packets still in the network.

CLOSE : The socket is not being used.

CLOSE_WAIT :The remote end has shut down, waiting for the socket to close.

LAST_ACK : The remote end has shut down, and the socket is closed. Waiting for acknowledgement.

LISTEN : The socket is listening for incoming connections. Such sockets are not included in the output unless you specify.

CLOSING : Both sockets are shut down but we still don’t have all our data sent.

UNKNOWN : The state of the socket is unknown.