The COTD for today is the netstat command.
The netstat command prints network connections, routing tables, interface statistics, and a bunch of other goodies that are helpful in managing any UNIX box.
One of the common uses of netstat is to show the systems routing table. This is done by the “netstat -r” command.
$ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.123.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.123.1 0.0.0.0 UG 0 0 0 eth0
I add the -n on to the command as well. This tells it to not try to reverse-lookup the hostnames that go with each address. When I’m looking at a routing table, it makes more sense to see numbers anyways.
The output of this command shows that, in a general sense, there are two routes configured. One, a route for the network that this host is connected to, which says that all traffic for this network can just go out on the ethernet interface that it is connected to, and a default route. The default route is where this host should send traffic for any destination that is NOT on the network that this host is connected to. This is generally traffic going our to the Internet, but could also be another one of your networks which is behind a router.
Another use of the netstat command is the “netstat -a” command. The netstat -a command shows all listening, and non-listening sockets. This will show you TCP/IP ports that are listening on your server for incoming connections, and will also show connections that are already established.
For example:
$ netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 192.168.123.30:22 192.168.123.56:1558 ESTABLISHED
tcp 0 2304 192.168.123.30:22 192.168.123.51:58528 ESTABLISHED
..
.
Ative UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 5568 /tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 43084661 /tmp/mysql.sock
unix 2 [ ACC ] STREAM LISTENING 31759372 /var/run/cups/cups.sock
In the first part of this output, we see that we have the following TCP/IP ports listening; 8080, 21, 22, 23, and 25. Also, there are two connections established from two other hosts on the network, to port 22. Port 22, as you know, is SSH. If you noticed that I also included the -n option here as well. If I you omit the -n, it will reverse-lookup the DNS hostname for the IP address as well as show you what the port is defined as being used for in the /etc/services file. For example:
$ netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:webcache *:* LISTEN
tcp 0 0 *:ftp *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:telnet *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
tcp 0 0 host.domain.com:ssh host.domain.com:1558 ESTABLISHED
tcp 0 832 host.domain.com:ssh host.domain.com:58528 ESTABLISHED
Keep in mind, that in the case of the ports, what name that shows up here, may not be important. Like hostnames, they reference to the /etc/services file is done for <!– @page { size: 8.5in 11in; margin: 0.79in } P { margin-bottom: 0.08in } –>convenience. This is why I generally always include the -n option with netstat.
The bottom part of this output shows Active UNIX domain sockets which we will cover in more detail later.
One other feature of netstat I use, is the “netstat -i” option. netstat -i shows you the interface statistics for all of your networking ports such as Ethernet, PPP, etc.
For example, take a look at the output from one of my firewalls:
# netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 045951474 0 0 083559997 0 0 0 BMRU
eth1 1500 081641759 0 0 048132087 0 0 0 BMRU
eth2 1500 021402459 0 0 016603968 0 0 0 BMRU
eth2: 1500 0 - no statistics available - BMRU
eth2: 1500 0 - no statistics available - BMRU
eth2: 1500 0 - no statistics available - BMRU
eth3 1500 0 0 0 0 0 64497 0 0 0 BMU
lo 16436 0 0 0 0 0 0 0 0 0 LRU
ppp0 1450 0 9 0 0 0 24 0 0 0 MOPRU
This output shows, for each interface, statistics about the packets sent, and received. This is useful for locating collisions, and other errors that could lead to troubleshooting many things — like duplex/speed settings, etc.
Netstat has many options. I’d recommend reading the man page for your particular version of netstat. Questions? Feel free to ask via the comments page.
![[del.icio.us]](http://www.theunixzone.com/wp-content/plugins/bookmarkify/delicious.png)
![[Digg]](http://www.theunixzone.com/wp-content/plugins/bookmarkify/digg.png)
![[Facebook]](http://www.theunixzone.com/wp-content/plugins/bookmarkify/facebook.png)
![[Twitter]](http://www.theunixzone.com/wp-content/plugins/bookmarkify/twitter.png)