Linux offers us a series of commands with which we will have the opportunity to manage and supervise everything related to the network, which plays an essential role in the general behavior of our team (server or not) since network failures simply cause that many processes and tasks will not be executed correctly, there is a set of commands dedicated to this and TechnoWikis will explain what they are..
What is netstat tools
Netstat tools is a set of tools to monitor the status of the network in Linux, netstat (network statistics) offers us complete information on all aspects of the network and is available for various operating systems both UNIX and Windows.
We will learn to use these commands to keep control of the network and rule out possible failures.
1. Install netstat on Linux
Step 1
In Ubuntu or Debian distributions we will execute:
sudo apt install net-tools
Step 2
In CentOS or Red Hat we execute:
yum install net-tools
Step 3
In Arch we execute:
pacman -S net-tools
2. View processes on Linux with netstat
In Linux we can visualize the active processes with the following command:
sudo netstat -tulpen
Netstat Detailer
As a result of this we find complete details such as:
- Packages sent and received
- Remote connection address
Tulpen meaning
Tulpen means the following:
- T: display TCP connections
- U: generate UDP connections
- L: allows us to see only the listening sockets
- Q: display the program to which the connection belongs
- E: gives a report with extended details
- N - Refers to addresses, users, and ports in numeric format
To take into account the following, in the case of tcp4 / udp4 connections (tcp and udp), we can see that the local address is established with the syntax 0.0.0.0, there the process can listen for connections from any machine that is capable to establish a connection to this from the network, but if we see the syntax 127.0 .0.1 this indicates that connections are only heard on the local host, therefore it does not allow connections from remote computers to it..
3. View all Linux network connections with netstat
To list all the connections we must use the -a parameter as follows:
sudo netstat -atupen
4. View all established Linux connections with netstat
Step 1
We can only list the established connections, for this we execute the following:
sudo netstat -atupen | grep ESTABLISHED
Connections details
There we find details such as:
- Local IP address next to the port used
Step 2
We can filter this result by IP, to know where the connection is, for this we execute:
whois IP | less
5. Use the ss command on Linux
The ss command is a tool with which we can dump socket statistics and displays information identical to netstat, it allows to see more complete details of the state and TCP information of the destination and local.
The ss commands can display statistics for PACKET, TCP, UDP, DCCP, RAW and Unix domain sockets.
To list the ports and basic protocols we will execute:
sudo ss -tlunp
Result ss
As a result of this we observe:
- Packages sent and received
- Local address next to the port
Ss command parameters
The parameter used that:
- T: display TCP connections
- L: shows us only the listening sockets
- U: display UDP connections
- N: refers to addresses, users and numeric ports
- Q: display the program to which the connection belongs
6. View all Linux network connections with ss
If we want to view all network connections we execute the following:
sudo ss -taunp
7. View all established Linux connections with ss
For this case we must execute the following:
sudo ss -tunp
8. Use and view all Linux network connections with Isof
The lsof command (LiSt Open Files) is a command with which we can know which files are opened by which process in Linux, this is key to accurately identify the status of a process.
To do this we will use the following command:
sudo lsof -nP -i
Isof result
As a result of this we get:
- User associated with that command
- The n refers to the numeric address and the p indicates the port in numeric format.
9. View established connections Linux with Isof
For this we will execute the following:
sudo lsof -nP -iTCP -sTCP: ESTABLISHED
10. View Linux processes with Isof
Step 1
We can list all the listeners with lsof like this:
sudo lsof -nP -iTCP -sTCP: LISTEN
Step 2
As an extra point it is possible to execute lsof without any argument and we will see the following:
lsof
section FD
There we find the FD (File descriptor) section where we can see variables such as:
- cwd current working directory
- rtd root directory (root directory)
- mem memory-mapped file mapped memory file
[panelplain = 'Type section'] In the Type section we can find results like:
- CHR Character: special files
We see how this series of utilities focused on networking are essential in Linux to control numerous aspects of both the ports and the protocols, taking into account that the information displayed is key for a general control over them..
