Verify Running Services with netstat

by Mike on November 18, 2008 · 2 comments

in Server Security

netstat -na will list all connections to the server. Notice in the example that there are tcp and udp ports listed and the ones that are active have the LISTEN at the end of the line. The open port is listed. If a connection was current it would be listed in the Foreign Address column with an IP Address.

netstat -na
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 127.0.0.1:2208          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:36146         0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN
udp        0      0 0.0.0.0:68              0.0.0.0:*

Other uses for netstat
netstat -r

This will display the routing table for your computer including: Destination, Gateway, Mask, Flags, and Interface.
Options -r display routing table -i display interfaces -s display statistics
The first example shows the routing table for a networked computer.

netstat -r
Kernel IP routing table
Destination    Gateway    Genmask       Flags     MSS    Window     irtt    Iface
192.168.2.0    *       255.255.255.0      U        0       0        0       eth0
default    192.168.2.222  0.0.0.0         UG       0       0        0       eth0
The next example shows the interfaces.

netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0  1500 0  20034  0 0 0 19150 0 0 0 BMRU
lo   16436 0  320359 0 0 0 320359 0 0 0 LRU

The last example shows statistics that can be handy for troubleshooting.
netstat -s Ip:
340684 total packets received
0 forwarded
0 incoming packets discarded
339514 incoming packets delivered
339665 requests sent out
Icmp:
0 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
20 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 20
Tcp:
1121 active connections openings
5 passive connection openings
0 failed connection attempts
228 connection resets received
2 connections established
338456 segments received
338439 segments send out
43 segments retransmited
0 bad segments received.
191 resets sent
Udp:
1038 packets received
20 packets to unknown port received.
0 packet receive errors
1215 packets sent
TcpExt:
100 TCP sockets finished time wait in fast timer
22904 delayed acks sent
2 delayed acks further delayed because of locked socket
Quick ack mode was activated 21 times
134948 packets directly queued to recvmsg prequeue.
9313 of bytes directly received from backlog
4577720 of bytes directly received from prequeue
29032 packet headers predicted
118005 packets header predicted and directly queued to user
1955 acknowledgments not containing data received
146656 predicted acknowledgments
0 TCP data loss events
3 timeouts after reno fast retransmit
3 retransmits in slow start
23 other TCP timeouts
38 times receiver scheduled too late for direct processing
19 connections reset due to unexpected data
103 connections reset due to early user close
2 connections aborted due to timeout

Netstat Options
Description
-t            TCP connections
-u           UDP connections
-a           listening and connected sockets
-p           PID and program name
-e           additional info
-s           statistics
-r            kernel routing table

{ 2 comments }

www.engel-bedeutung.de November 30, 2008 at 5:49 am

Hello webmaster I like your post “Running Services with netstat | BeginLinux” so well that I like to ask you whether I should translate into German and linking back. Greetings Engel

mike December 1, 2008 at 5:19 am

Sure…no problem.

Previous post:

Next post: