Shulou(Shulou.com)05/31 Report--

This article is about how to use netstat to check network status and port status under Linux. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

The netstat command is a very useful tool for monitoring TCP/IP networks. It can display the routing table, the actual network connections, and the

The function of the netstat command is to display network connections, routing tables, and network interface information, so that users can know which network connections are currently in operation.

The general format of the command is:

Netstat [options]

The options in the command have the following meanings:

-a displays all socket, including those that are being monitored.

-c is redisplayed every 1 second until the user interrupts it.

-I displays information about all network interfaces in the same format as "ifconfig-e".

-n replaces the name with the network IP address, showing the network connection.

-r displays the core routing table in the same format as "route-e".

-t displays the connection of the TCP protocol.

-u shows the connection of the UDP protocol.

-v shows the work in progress.

1. Netstat-an | grep LISTEN

0.0.0.0 is the service that every IP has, indicating which IP is the service that binds that IP.

2. Netstat-tln

Used to view the port usage of linux

3. / etc/init.d/vsftp start

Is used to start the ftp port ~!

4. Netstat

View the connected service port (ESTABLISHED)

5. Netstat-a

View all service ports (LISTEN,ESTABLISHED)

6. Sudo netstat-ap

View all service ports and display the corresponding service program names

7. Nmap < scan Type > < scan parameters >

For example:

Nmap localhost

Nmap-p 1024-65535 localhost

Nmap-PT 192.168.1.127-245

When we use netstat-apn to look at network connections, we will find a lot of things like the following:

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

Tcp 0 52 218.104.81.152:7710 211.100.39.250:29488 ESTABLISHED 6111/1

ESTABLISHED The socket has an established connection. SYN_SENT The socket is actively attempting to establish a connection. SYN_RECV A connection request has been received from the network. FIN_WAIT1 The socket is closed, and the connection is shutting down. FIN_WAIT2 Connection is closed, and the socket is waiting for a shutdown from the remote end. TIME_WAIT The socket is waiting after close to handle packets still in the network. CLOSE The socket is not being used. CLOSE_WAIT The remote end has shut down, waiting for the socket to close. LAST_ACK The remote end has shut down, and the socket is closed. Waiting for acknowledgement. LISTEN The socket is listening for incoming connections. Such sockets are not included in the output unless you specify the-- listening (- l) or-- all (- a) option. CLOSING Both sockets are shut down but we still don't have all our data sent. UNKNOWN The state of the socket is unknown.

Consider two programs attempting a socket connection (call them an and b). Both set up sockets and transition to the LISTEN state. Then one program (say a) tries to connect to the other (b). Asends a request and enters the SYN_SENT state, and b receives the request and enters the SYN_RECV state. When b acknowledges the request, they enter the ESTABLISHED state, and do their business. Now a couple of things can happen:

A wishes to close the connection, and enters FIN_WAIT1. B receives the FIN request, sends an ACK (then an enters FIN_WAIT2), enters CLOSE_WAIT, tells an it is closing down and the enters LAST_ACK. Once an acknowledges this (and enters TIME_WAIT), b enters CLOSE. A waits a bit to see if anythings is left, then enters CLOSE.

An and b have finished their business and decide to close the connection (simultaneous closing). When an is in FIN_WAIT, and instead of receiving an ACK from b, it receives a FIN (as b wishes to close it as well), an enters CLOSING. But there are still some messages to send (the ACK that an is supposed to get for its original FIN), and once this ACK arrives, aenters TIME_WAIT as usual.

It shows that this server has opened port 7710, so which program does this port belong to? We can use the lsof-I: 7710 command to query:

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME

Sshd 1990 root 3U IPv4 4836 TCP *: 7710 (LISTEN) 54com.cn

In this way, we know that port 7710 belongs to the sshd program.

Thank you for reading! This is the end of this article on "how to check network status and port status with netstat under Linux". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it out for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.