Check all connections linux

Linux: Check Network Connection Command

H ow do I check network connections under Linux using command line options?

You need to use any one of the following tool or command under Linux to check network connections including their state, source/destination, and addresses and bandwidth usage etc:

1. ss command: It dump socket (network connection) statistics such as all TCP / UDP connections, established connection per protocol (e.g., display all established ssh connections), display all the tcp sockets in various state such as ESTABLISHED or FIN-WAIT-1 and so on.
2. netstat command: It can display network connections, routing tables, interfaces and much more.
3. tcptrack and iftop commands: Displays information about TCP connections it sees on a network interface and display bandwidth usage on an interface by host respectively.

Display Currently Established, Closed, Orphaned and Waiting TCP sockets, enter:

# ss -s
Sample outputs:

Or you can use the netstat command as follows:
# netstat -s
Sample outputs:

Display All Open Network Ports

Use the ss command as follows:
# ss -l
Sample outputs:

OR Use the netstat command as follows:
# netstat -tulpn
Sample outputs:

Display All TCP Sockets

Type the ss command as follows:
# ss -t -a
Or use the netstat command as follows:
# netstat -nat

• No ads and tracking
• In-depth guides for developers and sysadmins at Opensourceflare✨
• Join my Patreon to support independent content creators and start reading latest guides:
  • How to set up Redis sentinel cluster on Ubuntu or Debian Linux
  • How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
  • How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
  • A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
  • How to protect Linux against rogue USB devices using USBGuard

Join Patreon ➔

Display All UDP Sockets

Type the ss command as follows:
# ss -u -a
Or use the netstat command as follows:
# netstat -nau

lsof Command

You can use the lsof command follows to list more information about open ports:
# lsof -i :portNumber
# lsof -i tcp:portNumber
# lsof -i udp:portNumber
# lsof -i :80 | grep LISTEN

View Established Connections Only

Use the netstat command as follows:
# netstat -natu | grep ‘ESTABLISHED’

Say Hello To tcptrack

The tcptrack command displays the status of TCP connections that it sees on a given network interface. tcptrack monitors their state and displays information such as state, source/destination addresses and bandwidth usage in a sorted, updated list very much like the top command.
# tcptrack -i eth0
Sample outputs:

Fig.01: tcptrack in Action

iftop command

The iftop command listens to network traffic on a given network interface such as eth0, and displays a table of current bandwidth usage by pairs of hosts:
# iftop -i eth1
It can display or analyses packet flowing in and out of the 192.168.1.0/24 network:
# iftop -F 192.168.1.0/24
Sample outputs:

Fig.02: iftop command in action

Recommended readings:

Please go through the following articles for more information:

🐧 Get the latest tutorials on Linux, Open Source & DevOps via

Источник

6 commands to check and list active SSH connections in Linux

Table of Contents

How to check active SSH connections in Linux. Show SSH connection history. How to show active ssh sessions in Linux. List all the active SSH connections in Unix. Find out all the currently active ssh connections on any Linux node. Which all tools can be used to list all the active ssh connections in Linux. Show active SSH sessions. Check ssh connection history using log files in Linux.

Some more more articles you may be interested on similar topics:

Check active SSH connections

There are various commands and tools available in Linux which can be used to check active SSH connections or sessions on your Linux node. In this article I will share a list of tools which can be used to get the list of active SSH connections. If you are aware of any more commands to show active ssh sessions then please let me know via comment section.

1. Using ss command

ss is used to dump socket statistics. It allows showing information similar to netstat . It can display more TCP and state information than other tools. We will use grep function to only get the list of active SSH sessions on our local host

From the above example we know that there are three hosts which are currently connected to our node3. We have active SSH connections from 10.0.2.31, 10.0.2.30 and 10.0.2.2

2. Using last command

last searches back through the file /var/log/wtmp (or the file designated by the -f flag) and displays a list of all users logged in (and out) since that file was created. Names of users and tty’s can be given, in which case last will show only those entries matching the arguments.

Using this command you can also get the information about the user using which the SSH connection was created between server and client. So below we know the connection from 10.0.2.31 is done using ‘deepak‘ user, while for other two hosts, ‘root‘ user was used for connecting to node3.

Here I am grepping for a string «still» to get all the patterns with » still logged in «. So now we know we have three active SSH connections from 10.0.2.31, 10.0.2.30 and 10.0.2.2

3. Using who command

who is used to show who is logged on on your Linux host. This tool can also give this information

Using this command we also get similar information as from last command. Now you get the user details used for connecting to node3 from source host, also we have terminal information on which the session is still active.

4. Using w command

w displays information about the users currently on the machine, and their processes. This gives more information than who and last command and also serves our purpose to get the list of active SSH connections. Additionally it also gives us the information of the running process on those sessions.

Using w command you will also get the idle time details, i.e. for how long the session is idle. If the SSH session is idle for long period then it is a security breach and it is recommended that such idle SSH session must be killed, you can configure your Linux host to automatically kill such idle SSH session.

5. Using netstat command

Similar to ss we have netstat command to show active ssh sessions. Actually we can also say that ss is the new version of netstat. Here we can see all the ESTABLISHED SSH sessions from remote hosts to our localhost node3. it is also possible that one or some of these active ssh connections are in hung state so you can configure your host to automatically disconnect or kill these hung or unresponsive ssh sessions in Linux.

Источник

9 commands to check if connected to internet with shell script examples

Table of Contents

In this article I will share multiple commands and examples to check if connected to internet for your Linux machine. At the end of the article I will also share some example to test internet connection from the Linux to external network using shell script.

But before we do that there are certain things you must take care of, such as

• You have IP Address assigned to your network interface (static or dhcp)
• Your gateway is reachable from the Linux system
• If you are on virtual machine then make sure your VM is configured to be able to connect external network
• Your DNS is properly configured

Now there are multiple commands which are available in Linux which can be used to check if connected to internet, we will try to discuss some of them here in brief.

1. Ping Test

The very first tool I use to check if connected to internet is via ping utility . But do you know how to check ping or perform ping check to check if connected to internet? Ping is part of iputils rpm so make sure iputils is installed on your setup

To perform ping check, try to ping any page on internet such as google.com

Here we use -c 1 with ping tool to send only one packet . Now check the statistics section, we see 1 packet was transmitted and received and there was 0% packet loss so it means we are connected to internet.

If you plan to check if connected to internet via shell script then you can use below, anything in the output other than «0» means not connected to internet.

2. Check port availability using cat, echo..

There are various tools which can be used to check port availability which I will share in this article. But many of them are not installed by default so you may have to install them manually. Alternatively you can use below command to check if connected to internet without installing any additional rpm

If the output is 0 then it means you are connected to internet, but if the output is something like below

Then your linux node is not connected to internet.

Alternatively you can also use

3. DNS lookup using nslookup, host etc..

You can perform a DNS lookup any web page address to check if connected to internet. With a successful DNS lookup you should get a response something like below.

For a failed DNS lookup you should get something like

There are many more commands to perform DNS lookup such as host, dig etc

4. Curl

curl is a tool to transfer data from or to a server, using one of the many supported protocols such as HTTP, FTP etc. We can also use this tool to query a webpage and test internet connection in Linux.

Here if you receive anything other than 200 OK then it means the server failed to connect to the provided page. So unless you provide an invalid webpage, your node is connected to internet

5. Telnet

Telnet is another tool to check port connectivity so you can check port availability of any webpage from the Linux node to check if connected to internet. We can try connecting port 53 of Google DNS to check internet connection.

As you see the session was » connected «. If you get an output like below

then it means there is a problem with internet connectivity.

6. Nmap

nmap is normally a port scanner to check the list of open ports on a system. We will use this to connect to external network to scan the port. If it is able to connect to the external network for port scanning then we can check if connected to internet.

Here I am scanning google.com on port 443. As you see highlighted section, nmap was able to establish connection with google.com

7. netcat or nc

In some variant of Linux you will find netcat while in others nc , you can use either of these tools for port scanning. nc or ncat is part of nmap-ncat rpm. Here we use nc command to check connection to google.com on port 443

8. wget

GNU Wget is a free utility for non-interactive download of files from the Web. But we can also use this to check if connected to internet.

Here with —spider Wget will behave as a Web spider, which means that it will not download the pages, just check that they are there
With echo $? we check the exit status, anything other than 0 in the output means your system is not connected to internet

9. Traceroute

The traceroute command shows every step taken on the route from your machine to a specified host. Assuming you are having problems connecting to www.google.com so you can use traceroute to check all the hubs taken to reach the destination server. This will also test internet connection.

Here we were able to trace the route to google.com upto a certain point.

What do those * * * mean?

Each one indicates a five-second timeout at that hop. Sometimes that could indicate that the machine simply doesn’t understand how to cope with that traceroute packet due to a bug, but a consistent set of * indicates that there’s a problem somewhere with the router to which 216.239.43.239 hands off packets.

On a Linux system with no internet connection, you would face problem with DNS resolution itself

How To check if connected to internet using shell script?

You can easily use any or all the above commands/methods to check if connected to internet using bash/shell script.

For example by using wget you can test internet connection in the below shell script:

Here this script will print the status of the internet, similarly for other scripts you can check the exit status and perform tasks accordingly.

Lastly I hope the steps from the article to check if connected to internet (test internet connection) on Linux was helpful. So, let me know your suggestions and feedback using the comment section.

Related Posts

Didn’t find what you were looking for? Perform a quick search across GoLinuxCloud

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

For any other feedbacks or questions you can either use the comments section or contact me form.

Thank You for your support!!

Источник

14 Useful Linux Networking Commands

Geekflare is supported by our audience. We may earn affiliate commissions from buying links on this site.

Configuring, monitoring, and securing networks form an essential part of a Sysadmin’s job. When it comes to managing Linux networks, there are many commands and utilities available.

At times networked systems fail. You as an administrator are required to diagnose and resolve issues. Monitoring helps in detecting problems and fixing them before things get out of hand. Monitoring for security and performance also forms an essential part of an admin’s activities.

Here we discuss some commonly used commands to manage Linux networks.

The iproute2 package includes the IP command which is used for network and routing configuration. This replaces the traditional ifconfig and route commands.

ip takes a second argument that specifies the object on which you wish to execute a command and an action like add, delete, or show.

ip link

ip link is for configuring, adding, and deleting network interfaces. Use ip link show command to display all network interfaces on the system :

You can see the man page for ip link with:

ip address

Use ip address command to display addresses, bind new address or delete old ones. The man page ip address command is named as ip-address.

For example, the following command shows the IP address assigned to the network interface enp0s8:

ip route

Use the IP route to print or display the routing table. The following command displays the contents of the routing table:

While Nmap had been used in many movies, The Matrix Reloaded ( Wikipedia , IMDB , Amazon ) turned Nmap into a movie star!.

Nmap (“Network Mapper”) is a powerful utility used for network discovery, security auditing, and administration. Many system admins use it to determine which of their systems are online, and also for OS detection and service detection.

The default Nmap scan shows the ports, their state (open/closed), and protocols. It sends a packet to 1000 most common ports and checks for the response.

To check which hosts on your network are up:

Use -O flag to identify which operating system a host is running.

A word of caution: Nobody appreciates their systems being scanned over the internet. So before you do so, seek permission.

You can also use Nmap on Windows, check out this installation guide.

Use ping to see if a host is alive. This super simple command helps you check the status of a host or a network segment. Ping command sends an ICMP ECHO_REQUEST packet to the target host and waits to see if it replies.

However, some hosts block ICMP echo requests with a firewall. Some sites on the internet may also do the same.

By default, ping runs in an infinite loop. To send a defined number of packets, use -c flag.

With -o flag ping exits successfully after receiving one reply packet.

You can use -n flag to avoid reverse DNS lookups. The ICMP sequence number is particularly important. A Break in sequence numbers indicates lost packets.

A failed ping could be due to

• network failure
• host being not alive
• firewall blocking ICMP ECHO requests

You can also perform an online ping test to check the connectivity from different parts of the world.

iPerf

While ping verifies the availability of a host, iPerf helps analyze and measure network performance between two hosts. With iPerf, you open a connection between two hosts and send some data. iPerf then shows the bandwidth available between the two hosts.

You can install an iPerf using your distribution package manager. For example on Ubuntu-based distributions you can install like this:

Once you have installed iPerf on both the machines, start the iPerf server on one of them. The following example starts the iPerf server on a host with IP address 10.0.0.51.

On the second machine start iPerf with the -c flag. This connects with the server and sends some data.

iPerf returns with the bandwidth results in a few seconds.

traceroute

If ping shows missing packets, you should use traceroute to see what route the packets are taking. Traceroute shows the sequence of gateways through which the packets travel to reach their destination. For example, traceroute from my machine to google.com shows the following:

Line 4 in this output shows a * in the round trip times. This indicates no response was received. This can be due to many reasons – as the traceroute ICMP packets are low-priority, these may be dropped by a router. Or there could be simply congestion. If you see a * in all the time fields for a given gateway, then possibly the gateway is down.

Many web-based route tracing tools allow you to do a reverse traceroute, that is, from a website to your host. You can check these at traceroute.org or Geekflare Traceroute.

tcpdump

tcpdump is a packet sniffing tool and can be of great help when resolving network issues. It listens to the network traffic and prints packet information based on the criteria you define.

For example, you can examine all packets sent to or from a particular host, Ubuntu18 in this example:

By default, tcpdump resolves IP addresses to hostnames. Use -n flag, if you do not want tcpdump to perform name lookups.

tcpdump output prints one line for each packet. Use -c flag to limit output, 5 in the example above.

tcpdump is useful for solving network problems and also identifying potential problems. It is a good idea to run a tcpdump on your network occasionally to verify everything is in order.

netstat

Netstat command is used to examine network connections, routing tables, and various network settings and statistics.

Use -i flag to list the network interfaces on your system.

Here is an example:

Using -r flag will display the routing table. This shows the path configured for sending network packets.

An asterisk in the last two lines indicates that no gateway is required to send packets to any host on these networks. This host is directly connected to the networks 10.0.0.0 and 10.0.2.0.

In the first line, the destination is the default, which means any packet destined for a network not listed in this table is handled by the router 10.0.2,2.

netstat command without any options displays a list of open sockets. Use -l flag to show only listening sockets, which by default, are not shown. You can use -a flag to show listening and non-listening sockets. Here is an example:

More Netstat command example here

Linux installations have a lot of services running by default. These should be disabled or preferably removed, as this helps in reducing the attack surface. You can see what services are running with the netstat command. While netstat is still available, most Linux distributions are transitioning to ss command.

use ss command with -t and -a flags to list all TCP sockets. This displays both listening and non-listening sockets.

To display only TCP connections with state established:

ssh enables you to connect securely with remote hosts over the internet. Earlier rlogin and telnet were used to connect to and administer remote hosts. However, both suffer from a fundamental flaw, that is, they send all information including login names and passwords in cleartext.

ssh enables secure communication over the internet with the following two features :

• It confirms that the remote host is, who it says it is.
• It encrypts all communication between the hosts.

To connect to a remote host you need to have an OpenSSH server running on the remote host. You can install it using your distribution package manager. For example on Ubuntu you can install it like this:

Here is an example showing how you can connect to the remote host 10.0.0.50 using the ssh command:

You get a message saying that the authenticity of the host 10.0.0.50 cannot be established, this is because it’s the first time a connection is being made with 10.0.0.50 (server) and the ssh client has never seen this remote host before. Enter yes to continue connecting. Once the connection has been established, you are prompted for a password:

After you enter the correct password, you are logged into the remote host.

You can exit this remote shell with the exit command.

Also, you can easily execute a single command on the remote host using ssh. For example, to run df -h on the remote host:

scp and sftp

scp (secure copy) is very similar to cp command for copying files, with an addition – you can include remote hostnames in the source or destination pathnames. The hostname and the directory path are separated by a colon. This enables you to copy files securely over the network in an encrypted form. The following command copies a.txt from the local machine to 10.0.0.50 :

sftp (secure ftp) is also a file copy program similar to ftp . However, it uses an SSH encrypted tunnel to copy files, instead of sending everything in cleartext. Also, you do not need an FTP server running on the remote host. You only need an ssh server. Here is an example session:

Ifconfig

Mostly we use ifconfig command to check the IP address assigned to the system.

dig (Domain Information Groper) is a flexible tool for interrogating DNS name servers.

It performs DNS lookups and displays the answers that are returned from the name servers.

telnet

telnet connect destination’s host and port via a telnet protocol if a connection establishes means connectivity between two hosts is working fine.

nslookup

nslookup is a program to query domain name servers and resolving IP.

Summary

Networking in Linux is a vast subject, with a large number of commands and utilities. In this article, we have discussed some commonly used commands which hopefully, will help you in managing and securing your network.

Источник