Blog
Linux Commands: Netstat
May 19, 2018
Netstat exists as one of the best, yet simplest tools for the checking what is happening on the network. It is extends from viewing basic operations, like monitoring TCP(transmission control protocol) traffic and does complex operations such as showing the statistics of ports or protocols.
TCP is used for when information MUST be in a particular order. However, because they must be in a particular order, when packets (or little bits of information) are received out of order, it just calls for another packet. This makes the protocol quite slow.So, that's why UDP was invented!
UDP is much faster than TCP; this is because it does not keep track of the order of the packets that are coming in. Even though this leaves room for issues with some packets not reaching the destination, there are situations where speed is more important thanhaving the packets in perfect order. A perfect example of this is streaming videos; the basis of the Netflix streaming is over a protocol based on UDP.
Ports are where the information is being sent to. This helps keeps information going into the same exact area, on a network, all the time. At this point, the ports are only symbolic and have 'conventions' as opposed to rules. The most common port, that people use everyday, is the https port(443). Even though it uses 443, this is only by convention. In theory, it can run on any port.
Networking is much, much more complicated than what is explained above. But, this should cover you for the tutorial on Netstat.
At the base of it, is the -s flag. However, this can be supplemented with more! Using -su and -st will display statistics for the UDP and TCP protocols. Viewing general listening programs, by port.
Note: Run this with sudo...
Printing the information continuously, as in real time.
Viewing the routing information and tables can be useful when trying to discover why information isn't getting sent correctly across a network.
Background:
As a pre-req for this tutorial, it's important to understand some networking basics. This is quite obvious because this is a networking tool in itself.TCP/UDP/ports:
There are two main protocols that we will be looking at; TCP and UDP(User datagram protocol). These are the underlying protocols for the sending of most information on the internet.TCP is used for when information MUST be in a particular order. However, because they must be in a particular order, when packets (or little bits of information) are received out of order, it just calls for another packet. This makes the protocol quite slow.So, that's why UDP was invented!
UDP is much faster than TCP; this is because it does not keep track of the order of the packets that are coming in. Even though this leaves room for issues with some packets not reaching the destination, there are situations where speed is more important thanhaving the packets in perfect order. A perfect example of this is streaming videos; the basis of the Netflix streaming is over a protocol based on UDP.
Ports are where the information is being sent to. This helps keeps information going into the same exact area, on a network, all the time. At this point, the ports are only symbolic and have 'conventions' as opposed to rules. The most common port, that people use everyday, is the https port(443). Even though it uses 443, this is only by convention. In theory, it can run on any port.
Networking is much, much more complicated than what is explained above. But, this should cover you for the tutorial on Netstat.
Basic Commands:
Below is how to display all TCP connections currently running.netstat -atChecking all UDP connections:
netstat -auListening to all active listening ports connections. This can be very useful when trying to view all the possible ways to connect to your server.
netstat -lHave you ever wanted to see statistics on the different types of connections? Well, this is your lucky day! Because, netstat gives you an incredible amount of ways to analysis the connections and requests!
At the base of it, is the -s flag. However, this can be supplemented with more! Using -su and -st will display statistics for the UDP and TCP protocols. Viewing general listening programs, by port.
Note: Run this with sudo...
netstat -ap
Advanced Commands:
Alright friends, it's time to put your big boy pants on! I will not cover the below commands background. However, google does wonders!Printing the information continuously, as in real time.
netstat -cSometimes, it's useful to only see the established and in time connections. So, running this command works this way. Just ignore the '|' for the time being.
netstat | grep "ESTABLISHED"The same command can be used with LISTEN, CLOSE_WAIT and TIME_WAIT to understand what's going on with the life of the connections.
Viewing the routing information and tables can be useful when trying to discover why information isn't getting sent correctly across a network.
netstat -r
