+3 votes
363 views
Command to monitor Linux network | Network management activity

in VPNandRouting by (550k points)
reopened | 363 views

1 Answer

+4 votes
Best answer

1. Install netstat on Linux
2. View processes on Linux with netstat
3. View all Linux network connections with netstat
4. View all established Linux connections with netstat
5. Use the ss command on Linux
6. View all Linux network connections with ss
7. View all established Linux connections with ss
8. Use and view all Linux network connections with Isof
9. View established connections Linux with Isof
10. View Linux processes with Isof

Linux offers us a series of commands with which we will have the opportunity to manage and supervise everything related to the network, which plays an essential role in the general behavior of our team (server or not) since network failures simply cause that many processes and tasks will not be executed correctly, there is a set of commands dedicated to this and TechnoWikis will explain what they are..

 

What is netstat tools
Netstat tools is a set of tools to monitor the status of the network in Linux, netstat (network statistics) offers us complete information on all aspects of the network and is available for various operating systems both UNIX and Windows.

 

 

We will learn to use these commands to keep control of the network and rule out possible failures.

 


1. Install netstat on Linux

 

Step 1

In Ubuntu or Debian distributions we will execute:
 sudo apt  install  net-tools 
Step 2

In CentOS or Red Hat we execute:
 yum  install  net-tools 
Step 3

In Arch we execute:
 pacman -S net-tools 
image

 

 


2. View processes on Linux with netstat

 

In Linux we can visualize the active processes with the following command:

 sudo netstat -tulpen 
image

 

Netstat Detailer
As a result of this we find complete details such as:

 

  • Protocol used
  • Packages sent and received
  • Local IP address
  • Remote connection address
  • Port or protocol status
  • User using the protocol
  • PID

 

Tulpen meaning
Tulpen means the following:

 

  • T: display TCP connections
  • U: generate UDP connections
  • L: allows us to see only the listening sockets
  • Q: display the program to which the connection belongs
  • E: gives a report with extended details
  • N - Refers to addresses, users, and ports in numeric format

 

 

To take into account the following, in the case of tcp4 / udp4 connections (tcp and udp), we can see that the local address is established with the syntax 0.0.0.0, there the process can listen for connections from any machine that is capable to establish a connection to this from the network, but if we see the syntax 127.0 .0.1 this indicates that connections are only heard on the local host, therefore it does not allow connections from remote computers to it..

 


3. View all Linux network connections with netstat


To list all the connections we must use the -a parameter as follows:
 sudo netstat -atupen 
image

 

 


4. View all established Linux connections with netstat

 

Step 1

We can only list the established connections, for this we execute the following:
 sudo netstat -atupen | grep ESTABLISHED 
image

 

Connections details
There we find details such as:
  • Protocol used
  • Local IP address next to the port used
  • Remote IP
  • PID
  • Program used

 

 

Step 2

We can filter this result by IP, to know where the connection is, for this we execute:
 whois IP | less 
image

 

 


5. Use the ss command on Linux

 

The ss command is a tool with which we can dump socket statistics and displays information identical to netstat, it allows to see more complete details of the state and TCP information of the destination and local.
The ss commands can display statistics for PACKET, TCP, UDP, DCCP, RAW and Unix domain sockets.

 

To list the ports and basic protocols we will execute:

 sudo ss -tlunp 
image

 

 

Result ss
As a result of this we observe:

 

  • Local NetID
  • Status of that NetID
  • Packages sent and received
  • Local address next to the port
  • Remote port

 

 

Ss command parameters
The parameter used that:
  • T: display TCP connections
  • L: shows us only the listening sockets
  • U: display UDP connections
  • N: refers to addresses, users and numeric ports
  • Q: display the program to which the connection belongs

 

 


6. View all Linux network connections with ss


If we want to view all network connections we execute the following:
 sudo ss -taunp 
image

 

 


7. View all established Linux connections with ss


For this case we must execute the following:
 sudo ss -tunp 
image

 

 


8. Use and view all Linux network connections with Isof


The lsof command (LiSt Open Files) is a command with which we can know which files are opened by which process in Linux, this is key to accurately identify the status of a process.

 

To do this we will use the following command:

 sudo lsof -nP -i 
image

 

Isof result
As a result of this we get:

 

  • Command used
  • Command PID
  • User associated with that command
  • Type of addressing used
  • Device
  • Size
  • Used mode
  • name of process
  • The n refers to the numeric address and the p indicates the port in numeric format.

 

 

 


9. View established connections Linux with Isof


For this we will execute the following:
 sudo lsof -nP -iTCP -sTCP: ESTABLISHED 
image

 

 


10. View Linux processes with Isof

 

Step 1

We can list all the listeners with lsof like this:
 sudo lsof -nP -iTCP -sTCP: LISTEN 
image

 

 

Step 2

As an extra point it is possible to execute lsof without any argument and we will see the following:
 lsof 
image

 

 

section FD
There we find the FD (File descriptor) section where we can see variables such as:
  • cwd current working directory
  • rtd root directory (root directory)
  • txt program text
  • mem memory-mapped file mapped memory file

 

[panelplain = 'Type section'] In the Type section we can find results like:

  • DIR: Directory
  • REG: log files
  • CHR Character: special files
  • FIFO First In First Out

 

 

We see how this series of utilities focused on networking are essential in Linux to control numerous aspects of both the ports and the protocols, taking into account that the information displayed is key for a general control over them..

 


by (3.5m points)

Related questions

+4 votes
1 answer
asked Nov 1, 2019 in Linux / Unix by backtothefuture (550k points) | 292 views
+4 votes
1 answer
asked Oct 9, 2019 in Linux / Unix by backtothefuture (550k points) | 440 views
+3 votes
1 answer
asked Sep 29, 2019 in Linux / Unix by backtothefuture (550k points) | 730 views
+5 votes
1 answer
asked Jun 22, 2020 in Mac by backtothefuture (550k points) | 300 views
+5 votes
1 answer
Sponsored articles cost $40 per post. You can contact us via Feedback
10,619 questions
10,748 answers
510 comments
3 users