Linux list all connections

10 basic examples of Linux Netstat command

Netstat

Netstat is a command line utility that can be used to list out all the network (socket) connections on a system. It lists out all the tcp, udp socket connections and the unix socket connections.

Apart from connected sockets it can also list listening sockets that are waiting for incoming connections. So by verifying an open port 80 you can confirm if a web server is running on the system or not.

This makes it a very useful tool for network and system administrators.

In this tutorial we shall be checking out few examples of how to use netstat to find information about network connections and open ports on a system.

Here is a quick intro to netstat from the man pages

1. List all connections

The first and most simple command is to list out all the current connections. Simply run the netstat command with the a option.

The above command shows all connections from different protocols like tcp, udp and unix sockets. However this is not quite useful. Administrators often want to pick out specific connections based on protocols or port numbers for example.

2. List only TCP or UDP connections

To list out only tcp connections use the t options.

Similarly to list out only udp connections use the u option.

The above output shows both ipv4 and ipv6 connections.

3. Disable reverse dns lookup for faster output

By default, the netstat command tries to find out the hostname of each ip address in the connection by doing a reverse dns lookup. This slows down the output. If you do not need to know the host name and just the ip address is sufficient then suppress the hostname lookup with the n option.

The above command shows ALL TCP connections with NO dns resolution. Got it ? Good.

4. Check listening connections — Open Ports

Any network daemon/service keeps an open port to listen for incoming connections. These too are like socket connections and are listed out by netstat. To view only listening ports use the «-l» option.

Now we can see only listening tcp ports/connections. If you want to see all listening ports, remove the t option. If you want to see only listening udp ports use the «-u» option instead of «-t».

Make sure to remove the «-a» option, otherwise all connections would get listed and not just the listening connections.

If you are running a service like http or smtp on your linux server, then you can use the above command to check whether the service is listening for incoming connections or not.

5. Get process name/pid and user id

When viewing the open/listening ports and connections, its often useful to know the process name/pid which has opened that port or connection.

For example the Apache httpd server opens port 80. So if you want to check whether any http server is running or not, or which http server is running, apache or nginx, then track down the process name.

The process details are made available by the ‘p’ option.

When using the p option, netstat must be run with root privileges, otherwise it cannot detect the pids of processes running with root privileges and most services like http and ftp often run with root privileges.

Along with process name/pid its even more useful to get the username/uid owning that particular process. Use the e option along with the p option to get the username too.

The above example lists out Listening connections of Tcp type with Process information and Extended information.
The extended information contains the username and inode of the process. This is a useful command for network administrators.

Note — If you use the n option with the e option, the uid would be listed and not the username.

6. Print statistics

The netstat command can also print out network statistics like total number of packets received and transmitted by protocol type and so on.

To list out statistics of all packet types

To print out statistics of only select protocols like TCP or UDP use the corresponding options like t and u along with the s option. Simple!

7. Display kernel routing information

The kernel routing information can be printed with the r option. It is the same output as given by the route command. We also use the n option to disable the hostname lookup.

8. Print network interfaces

The netstat command can also print out the information about the network interfaces. The «-i» option does the task.

The above output contains information in a very raw format. To get a more human friendly version of the output use the e option along with i.

The above output is similar to the output shown by the ifconfig command.

9. Get netstat output continuously

Netstat can output connection information continuously with the c option.

The above command will output tcp connections continuously.

10. Display multicast group information

The g option will display the multicast group information for IPv4 and IPv6 protocols.

More examples of netstat command

Okay, we covered the basic examples of netstat command above. Now its time to do some geek stuff with style.

Print active connections

Active socket connections are in «ESTABLISHED» state. So to get all current active connections use netstat with grep as follows

To watch a continous list of active connections, use the watch command along with netstat and grep

Check if a service is running

If you want to check if a server like http,smtp or ntp is running or not, use grep again.

So we found that ntp server is running. Grep for http or smtp or whatever you are looking for.

Conclusion

Well, that was most of what netstat is used for. If you are looking for more advanced information or want to dig deeper, read up the netstat manual (man netstat).

And do leave your feedback and suggestions in the comments box below.

Resources

Check out the linux manual page for netstat to learn more.

A Tech Enthusiast, Blogger, Linux Fan and a Software Developer. Writes about Computer hardware, Linux and Open Source software and coding in Python, Php and Javascript. He can be reached at [email protected] .

18 thoughts on “ 10 basic examples of Linux Netstat command ”

Awesome… Thank you so much….

Great, very well explained
Excellent examples

The best one i have found till now.
Well done. Thanks, helped me a lot

Very beautifully presented

Lot of information and nice way of representation

Thanks for the concise tutorial…really saved me.

That was a great tutorial and i thank you so much for your valuable information

That was a great tutorial and i thank you so much for your valuable information.

Hey Silver Moon, Thanks for sharing the basics about Netsat commands. Your post was very easy to understand and I’m sure many will find it useful. Your readers can also take a look at our website (http://www.fireboxtraining.com/linux) for more advanced linux tutorials.

Ok this is nice, but I would like to know few thing about netstat command. What are the connections taht netsat will show with Linux. I know that for Windows it will show some connections but not’ all of th hem. ww have al been wtnes of that spy software from …. i have seen some nice interviev with Stelman on RT about software security. how you seen that

That was very informative, thanks.

Thanks a lot for this information. I too am a LAMP guy and found your stuff inspiring. Good goin!

In terms of ss, I still prefer nestat due to its ability to show me routing table as well as network interfaces. Instead of typing route or ifconfig, I simply use netstat. Personal preference I guess.

ifconfig and route are both also obsolete. The replacement for both is the ip command. ip link and ip addr do what ifconfig did and ip route does what route did.

The legacy net-tools are not capable of providing modern functions like having multiple IP addresses on an interface (yes, I know you can make alias interfaces with ifconfig but with ip addr add you don’t need to make an extra interface).

Netstat (and the other legacy net-tools programs) were replaced in Linux more than 10 years ago. The correct command is now ss. The options are mostly the same but the outputs are different (and more complete).

I prefer netstat because of its simplicity

The correct command is the one that solves your problem, netstat or ss.

Источник

12 ss Command Examples to Monitor Network Connections

ss command is a tool that is used for displaying network socket related information on a Linux system. The tool displays more detailed information that the netstat command which is used for displaying active socket connections.

In this guide, we delve in and see how the ss command can be used to display varied socket connection information in Linux.

1. Listing all Connections

The basic ss command without any options simply lists all the connections regardless of the state they are in.

List All Connections in Linux

2. Listing Listening and Non-listening Ports

You can retrieve a list of both listening and non-listening ports using the -a option as shown below.

List All Ports in Linux

3. Listing Listening Sockets

To display listening sockets only, use the -l flag as shown.

List Listening Sockets in Linux

4. List all TCP Connections

To display all TCP connection, use the -t option as shown.

List TCP Connections in Linux

5. List all Listening TCP Connections

To have a view of all the listening TCP socket connection use the -lt combination as shown.

List Listening TCP Connections in Linux

6. List all UDP Connections

To view all the UDP socket connections use the -ua option as shown.

List UDP Socket Connections in Linux

7. List all Listening UDP Connections

To list listening UDP connections use the -lu option.

List Listening UDP Connections in Linux

8. Display PID (Process IDs) of Sockets

To display the Process IDs related to socket connections, use the -p flag as shown.

Find Process ID of Sockets in Linux

9. Display Summary Statistics

To list the summary statistics, use the -s option.

Find Summary Statistics

10. Display IPv4 and IPv6 Socket Connections

If you are curious about the IPv4 socket connections use the -4 option.

Find IPv4 Socket Connections in Linux

To display IPv6 connections, use the -6 option.

Find IPv6 Socket Connections in Linux

11. Filter Connections by Port Number

ss command also lets you filter socket port number or address number. For example, to display all socket connections with a destination or source port of ssh run the command.

Filter Connections by Port Number

Alternatively, you can run the command.

Filter Connections by Service

12. Check Man Pages for ss Command

To get more insights into the ss command usage, check the man pages using the command.

Find ss Command Usage and Options

Those are some of the commonly used options that are used with ss command. The command is considered more superior to netstat command and provide detailed information about network connections.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

We are thankful for your never ending support.

Источник

6 commands to check and list active SSH connections in Linux

Table of Contents

How to check active SSH connections in Linux. Show SSH connection history. How to show active ssh sessions in Linux. List all the active SSH connections in Unix. Find out all the currently active ssh connections on any Linux node. Which all tools can be used to list all the active ssh connections in Linux. Show active SSH sessions. Check ssh connection history using log files in Linux.

Some more more articles you may be interested on similar topics:

Check active SSH connections

There are various commands and tools available in Linux which can be used to check active SSH connections or sessions on your Linux node. In this article I will share a list of tools which can be used to get the list of active SSH connections. If you are aware of any more commands to show active ssh sessions then please let me know via comment section.

1. Using ss command

ss is used to dump socket statistics. It allows showing information similar to netstat . It can display more TCP and state information than other tools. We will use grep function to only get the list of active SSH sessions on our local host

From the above example we know that there are three hosts which are currently connected to our node3. We have active SSH connections from 10.0.2.31, 10.0.2.30 and 10.0.2.2

2. Using last command

last searches back through the file /var/log/wtmp (or the file designated by the -f flag) and displays a list of all users logged in (and out) since that file was created. Names of users and tty’s can be given, in which case last will show only those entries matching the arguments.

Using this command you can also get the information about the user using which the SSH connection was created between server and client. So below we know the connection from 10.0.2.31 is done using ‘deepak‘ user, while for other two hosts, ‘root‘ user was used for connecting to node3.

Here I am grepping for a string «still» to get all the patterns with » still logged in «. So now we know we have three active SSH connections from 10.0.2.31, 10.0.2.30 and 10.0.2.2

3. Using who command

who is used to show who is logged on on your Linux host. This tool can also give this information

Using this command we also get similar information as from last command. Now you get the user details used for connecting to node3 from source host, also we have terminal information on which the session is still active.

4. Using w command

w displays information about the users currently on the machine, and their processes. This gives more information than who and last command and also serves our purpose to get the list of active SSH connections. Additionally it also gives us the information of the running process on those sessions.

Using w command you will also get the idle time details, i.e. for how long the session is idle. If the SSH session is idle for long period then it is a security breach and it is recommended that such idle SSH session must be killed, you can configure your Linux host to automatically kill such idle SSH session.

5. Using netstat command

Similar to ss we have netstat command to show active ssh sessions. Actually we can also say that ss is the new version of netstat. Here we can see all the ESTABLISHED SSH sessions from remote hosts to our localhost node3. it is also possible that one or some of these active ssh connections are in hung state so you can configure your host to automatically disconnect or kill these hung or unresponsive ssh sessions in Linux.

Источник