Network Monitoring Command netstat | Routing Table | Statistics | No of Connection

By using netstat command we can find out the
Network Connection,
Routing Tables,
Interface Statistics,
Masquerade Connection,
Masquerade( unknown user access the system frequently.)

Netstat command is used to find out the network configuration and activity.
-r it will display the routing table
[root@rhel5 ~]#netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
74.86.173.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
default 74.86.173.65-st 0.0.0.0 UG 0 0 0 eth0
Also we can use the #netstat –route command to display the routing table

[root@rhel5 ~]#netstat -an | grep 80 | wc –l
9

How to find what are the program running. Under the particular port Number
Http port Number is 80. So it will list out the list of program running under the port number 80
-a All
-p name of the program or Process ID Name for the socket
[root@rhel5 ~]#netstat -ap | grep 80
unix 2 [ ACC ] STREAM LISTENING 3480 1166/avahi-daemon: /var/run/avahi-daemon/socket
unix 3 [ ] STREAM CONNECTED 2858 1080/hald-runner
unix 2 [ ] DGRAM 2800 1061/klogd
What is Relationship between /etc/services and netstat command.
netstat /etc/services
/etc/services files it contain the list of port and there services
netstat command show the running service and port application from the /etc/service file

How to find what are the program running under the Particular service
[root@rhel5 ~]#netstat -ap | grep http
tcp 0 0 *:http *:* LISTEN 1157/httpd
tcp 0 0 rhel5.999servers.com:http static75-40.dsl-chn:pxc-pin TIME_WAIT -
tcp 0 0 rhel5.999servers.com:http static75-40.dsl-ch:pxc-roid TIME_WAIT -
tcp 0 0 rhel5.999servers.com:http static75-40.dsl-chn.:newoak TIME_WAIT -
These command it will list out list of process running under the service http.

List Network Statistics
-s Refers to the statistics
[root@rhel5 ~]#netstat -s
Ip:
2049 total packets received
0 forwarded
0 incoming packets discarded
2046 incoming packets delivered
1797 requests sent out
Icmp:
130 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
echo requests: 40
echo replies: 90
132 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 2
echo request: 90
echo replies: 40
IcmpMsg:
InType0: 90
InType8: 40
OutType0: 40
OutType3: 2
OutType8: 90
Tcp:
19 active connections openings
98 passive connection openings
5 failed connection attempts
4 connection resets received
1 connections established
1802 segments received
1558 segments send out
14 segments retransmited
0 bad segments received.
43 resets sent
Udp:
109 packets received
2 packets to unknown port received.
0 packet receive errors
91 packets sent
TcpExt:
91 TCP sockets finished time wait in fast timer
19 delayed acks sent
Quick ack mode was activated 4 times
18 packets directly queued to recvmsg prequeue.
1219 packets directly received from prequeue
372 packets header predicted
581 acknowledgments not containing data received
74 predicted acknowledgments
0 TCP data loss events
1 timeouts after SACK recovery
1 timeouts in loss state
7 retransmits in slow start
4 other TCP timeouts
4 DSACKs sent for old packets
8 connections reset due to unexpected data
IpExt:
InMcastPkts: 34
OutMcastPkts: 17
InBcastPkts: 2

Netstat command it is also use same Command in windows system. it is used like
c:\users>netstat –an 1 | findstr 110 in Linux we are using grep here we are using findstr
[root@nagm ~]#netstat -a | grep ESTABLISHED
tcp        0     52 nagm.999servers.com:ssh     ::ffff:117.193.227.25:52122 ESTABLISHED
"ESTABLISHED" Refers port is configured properly and it is receiving data.
"TIME-WAIT" Refer the port is configured properly but it is not receiving data.

Related post