Install & Configure Squid in Ubuntu

A proxy server is a very useful tool for a network. It is commonly used in computer networks to protect the network from attack, to filter nefarious web content and pages requested by local users, and to speed up the delivery of web pages and web content by caching (storing) commonly requested web pages, documents, and media. Proxy servers are typically implemented on private, local area networks, to filter, protect and cache content requested by users on that network, this is called "proxy" or "transparent proxy." Proxy servers can also be implemented on the remote side "in-front-of" destination webservers in order to protect those servers by filtering requests, speeding up web page delivery, and caching frequently requested files, this is called "reverse proxy." 

Types of Proxy Servers

Proxy Server	The web browser on the client is configured to point to the proxy server's IP address. The client can bypass the proxy server by removing or altering the proxy address configuration. An administrator could prevent this by creating a GPO in Active Directory that blocks access to the web browser settings. A proxy server can also function as a caching server.
Transparent Proxy Server	The router sends all traffic on defined ports, to the transparent proxy server, this way clients cannot bypass the proxy server. A transparent proxy server can also function as a caching server.
Reverse Proxy Server (Cache)	The reverse proxy server or cache server is placed in-front-of or prior-to the web server in order to speed up delivery of frequently requested pages and to protect the web server by creating a layer of separation and redundancy.

Squid is one of the most popular and most used proxy servers in the world. It is free to download, easy to install and it can be implemented on any distribution of Linux. Here are the steps to install and configure Squid on an Ubuntu distribution of Linux.

Steps to install and configure Squid

Open a terminal, and type in the following commands to install Squid
 sudo apt-get update
 sudo apt-get install squid squid-common
Ways to start and stop Squid
 sudo service squid start (stop|restart|status)
 sudo /usr/sbin/squid (launch program directly)
 sudo pkill -9 squid
Navigate to the Squid folder to find the squid.conf configuration file
 cd /etc/squid
 ls (you should see the squid.conf file)
Create a backup of the squid.conf file
 sudo cp squid.conf squid.conf.bak
For testing purposes open Firefox and set it to send web requests to the Squid Proxy Server (You will need to know your ip address)
 ifconfig (write down your inet address e.g. 192.168.1.100)
Open Firefox
     Edit > Preferences, Advanced > Network Tab > Connection-Settings:
     Manual Proxy Configuration:
     HTTP Proxy: your IP address or loopback address 127.0.0.1,    Port: 3128
     Click Ok and Close
Now if you try and go to a website like google you should see an ERROR - Access Denied message from Squid (see bottom line). This means that Squid is working by actively denying the traffic.
Now we need to configure Squid to allow web traffic through the proxy server. Open squid.conf in your favorite text editor like gedit, nano, or vi
 sudo nano squid.conf
or
 sudo gedit squid.conf & (If gedit does not open from the terminal you can open it as root user)
 sudo su
 gedit squid.conf &
To switch out of root user
 su your-username (if you are root user the prompt is a "#" switch back to your user account privilege)


If you chose to open with squid.conf with gedit, then turn on line numbering (Edit > Preferences > View >Display Line Numbers)
Change the name of your Squid Proxy Server, around line 3399, change:
 #    TAG: visible_hostname
to
 visible_hostname YourNameProxyServer  
You can configure access rules for your Squid proxy server (lines 331 to 831 are for Access Control). Notice that on lines 606 to 630 the local networks and usable ports (services) are defined. Active configuration lines, are the lines that are not commented out, i.e. they do not start with  a # sign.

To re-enable web access uncomment line 676
 #http_access allow localnet
to
 http_access allow localnet
To verify the Web is now working, save your changes to the squid.conf file and restart your Squid server.
 service squid restart (or "sudo service squid restart" if you are no longer root)
Now resfresh your Firefox web browser and your homepage should be visible.
Now we can practice writing a custom ACL (access list) in the squid.conf file to block specific domains and websites. We can write our custom ACL at the end of the acl lines around line 631. From an empty line write the following lines to test domain blocking:
 acl blocked_websites dstdomain .msn.com .yahoo.com
 http_access deny blocked_websites
Now restart your Squid server, and test to see if Squid denies access to your blocked domains/websites in Firefox. 

 

Struggling With Some Linux Terminologies? Here's Help

There are several Linux terms that beginners in Linux may not be aware of. And when you look for them on the Internet, you may come across certain Linux terms that may just hinder your understanding. This is where a ready reference can come handy for you. Have a look... 

As cited on foogazi.com, here are the terms with their meanings -

APT (Advanced Packaging Tool) – It simplifies the process of managing packages on Linux by automating the retrieval, configuration and installation. This is usually found on a Debian or Ubuntu distro.

Bash (Bourne Again Shell) – It is the default shell in many Linux distributions. Whenever one makes reference to a shell or the command line, it is the Bash shell that they are usually referring to.

CLI (Command Line Interface) – Whenever you launch a terminal and if you are not using Window Manager, or X11, you are working on the CLI.

Dependency – This is an application, library, or development set that a package relies upon for working.

Distro – This is the short form of Distribution. It is a set of programs that are mixed with the Linux kernel for creating an Operating System.

GNOME – This is a “complete” desktop environment for Linux and is the default desktop on the Ubuntu distribution.

GRUB – This is one more boot loader for Linux. It permits its users to have several types of Operating Systems on their system at the same time and gives them the option to select which one to run whenever they start their computer.

KDE- (K Desktop Environment) – This is a desktop environment for Linux workstations.

Kernel – This is the core of “brain” of Linux. It controls the hardware and is what every Linux distro is based upon.

LILO (Linux Loader) – This is in many ways the same as Grub and is a boot loader for Linux. It generally writes to the Master Boot Record (MBR) on your device.

Linus Torvalds – He is the man who wrote the Linux kernel in 1991.

Man – This is the short form for manual. Whenever somebody says “read the man page” or “rtfm” upon you asking a question about a command, they would like you to type “man command”.

Root – It is the superuser account on all Linux systems.

RPM – This is a package manager and can be used for building, installing, query, verify, update, and delete individual software packages. It is used as default on the Red Hat and Fedora distributions.

Sudo (Super User DO) – This permits the user to get root access without the need for logging in as a root.

Tux – This is the Linux Penguin.

YAST (Yet Another Setup Tool) – This is used on the SuSE distro and is a setup and configuration tool.

YUM – This is an automated update program that can be used for maintaining systems via the rpm.
X / X11- It is also called the X Window System providing the standard toolkit and protocol with which graphical user interfaces can be built. 


Source: http://www.efytimes.com/e1/fullnews.asp?edid=117436

All You Need To Learn To Start A Career In Linux

All You Need To Learn To Start A Career In Linux

So, if you have also planned to opt the Open Source route, it’s necessary to understand what is required to learn if you are willing to build a career in Linux. So here we bring to you 12 tools that are required to be understood before diving into the open source world. 1. Apache: Apache is definitely the world’s most widely used web-server which is known for its open source architecture. Often termed as the Apache HyperText Transfer Protocol (HTTP) server program, it is one of the crucial and primary requirements to create a good CMS or likewise. So even if you are not willing to learn it all, you do need to learn the basics. Major of the Linux employers would ask you to come with a hands-on over the apache administration. Resource: Apache’s Documentation. 2. Apt-get tool: It is a command-line tool to handle packages which are used to get hold of other tools using the APT library. Although, mainly used on Debian based systems, apt-get is cross-platform with various front ends built for it. Apt-get is one of the simplest tools to use and one should still be familiar with its working and syntax on command line. Resource: Apt-get tool Manual. 3. BASH Shell: Bash (Bourne again shell) is a sh-compatible command language interpreter which executes commands from the standard input or a file. It incorporates cool features from the Korn and C shells(ksh and csh) too. It is fairly necessary for you to know how to program in Bash. One can save a lot of time and energy by writing down a little bash script to automate a task on the command line. Resource: Complete BASH manual. 4. Iptables: If you’re hitting for a Linux administrator, or someone on similar lines, you need to master this. Iptables is used to install, manage and inspect the tables in the IP packet filter rules within the Linux kernel. With iptables you have the ability to create firewall rules on your Linux computer to allow/restrict access through each network interface. You should be capable enough to list the IP rules, filter a range of IPs and add/remove the rules to the table. Resource: Iptables. 5. MySQL: MySQL is a simple SQL database with GNU readline capabilities which supports interactive and non-interactive use. While it is used interactively, the query results are presented as an ASCII-table. For a non-interactive use, as in a filter, the results are tab-separated. However, the output format can easily be altered using command options. To work on Linux domain, it would be very possible for you work on Linux-Apache-MySQL-PHP, aka LAMP. Hence, you need to be familiar with a MySQL server. Resource: MySQL Documentation. 6. SSH and OpenSSH: SSH/OpenSSH client is a tool/program for logging onto a remote machine to executing commands over it. You might have to use a lot of SSH while working on a Linux network. Some of the basic requirements are – connecting to a server using SSH and setting up a key-based authentication for SSH. Resource: SSH. 7. Perl: It is one of the best known scripting languages for system management tasks. It is optimized for scanning arbitrary text files, extracting information from them, and printing reports based on that. Perl is known to be easy to use, efficient, and complete within itself. Several administration tasks can be completed with less pain and trouble with the advent of Perl scripts. Being a Linux admin, you may have to use this feature of Perl to master your network and system upgradation processes. Resource: The Perl manual. 8. PHP: PHP is a recursive acronym for ‘PHP: Hypertext Preprocessor.‘ This again is a widely-used Open Source general-purpose scripting language with special inclination towards Web development paradigm. It can be easily embedded into HTML and hence widely used. Having a good hands-on over PHP, Apache and MySQL is essential to get your favorite Linux job. Resource: PHP documentation. 9. Postfix: It is a mail transfer agent (MTA) used on Linux analogous to Sendmail and Qmail. It is known to handle the routing and delivery of emails. If you’re handling a Linux network, particularly a mail server, you need to have a knowledge about this very MTA. You must master the art of configuring postfix main.cf and master.cf files along with troubleshooting other postfix errors. Resource: Postfix official documentation. 10. rsync: It is a powerful tool to greatly speed up file transfers when the destination file is being updated. Rsync uses a remote-update protocol which basically copies only the difference of files that have been changed. It is a great tool for backing up files to another Linux host. An aspirant should atleast be aware of the syntax used with rsync to copy files to another host machine. Resource: documentation. 11. Samba: You would have probably come across this name while working on Linux and reading articles over the web. The Samba software suite is a collection of programs which implement the Server Message Block(SMB) protocol for *NIX systems. This protocol is often referred to as the Common Internet File System or CIFS. A lot of companies which run over a Linux based environment use Samba to share files across the network. As Linux career enthusiast, you should master Samba to perfection. The preliminaries include – installing and configuring Samba server, adding and maintaining users, setting up Samba shares, et al. Resource: Samba Manual. 12. SCP: It helps copy files between hosts within a network. It uses ssh for data transfer with same authentication and security as ssh. scp asks for pass-phrases if they are needed for authentication. One needs to know scp if he/she needs to copy files between Linux hosts over a public or private network with security concerns. Resource: scp manual. Courtesy: Sources : http://www.efytimes.com/e1/fullnews.asp?edid=116654

Setup: Linux Static TCP/IP Settings

Setup: Linux Static TCP/IP Settings

You need to update and/or edit the network configuration files. This tutorial provides procedures to configure a static IP address on a computer running the following operating systems:

1.     RHEL / Red hat / Fedora / CentOS Linux eth0 config file - /etc/sysconfig/network-scripts/ifcfg-eth0

2.     RHEL / Red hat / Fedora / CentOS Linux eth1 config file - /etc/sysconfig/network-scripts/ifcfg-eth1

3.     Debian / Ubuntu Linux - /etc/network/interfaces

In this example you will use the following Internet Protocol Version 4 (TCP/IPv4) Properties including IP, default gateway, and preferred DNS servers:

§  IP address: 192.168.1.10

§  Netmask: 255.255.255.0

§  Hostname: server1.cyberciti.biz

§  Domain name: cyberciti.biz

§  Gateway IP: 192.168.1.254

§  DNS Server IP # 1: 192.168.1.254

§  DNS Server IP # 2: 8.8.8.8

§  DNS Server IP # 3: 202.54.2.5

Howto: Ubuntu Linux convert DHCP network configuration to static IP configuration

My friend's wanted to know how to change or convert DHCP network configuration to static configuration. After initial installation, he wanted to change network settings. Further, his system is w/o GUI system aka X Windows. Here is quick way to accomplish the same:

Your main network configuration file is /etc/network/interfaces

Desired new sample settings:
=> Host IP address 192.168.1.100
=> Netmask: 255.255.255.0
=> Network ID: 192.168.1.0
=> Broadcast IP: 192.168.1.255
=> Gateway/Router IP: 192.168.1.254
=> DNS Server: 192.168.1.254
Open network configuration file
$ sudo vi /etc/network/interfacesOR$ sudo nano /etc/network/interfaces
Find and remove dhcp entry:
iface eth0 inet dhcp
Append new network settings:
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.254

Save and close the file. Restart the network:
$ sudo /etc/init.d/networking restart

Task: Define new DNS servers

Open /etc/resolv.conf file
$ sudo vi /etc/resolv.conf
You need to remove old DNS server assigned by DHCP server:
search myisp.com
nameserver 192.168.1.254
nameserver 202.54.1.20
nameserver 202.54.1.30

Save and close the file.

Task: Test DNS server

$ host cyberciti.biz

Network command line cheat sheet

You can also use commands to change settings. Please note that these settings are temporary and not the permanent. Use above method to make network changes permanent or GUI tool as described below.

Task: Display network interface information

$ ifconfig

Task: Take down network interface eth0 / take a network interface down

$ sudo ifconfig eth0 downOR $ sudo ifdown eth0

Task: Bring a network interface eth0 up

$ sudo ifconfig eth0 upOR$ sudo ifup eth0

Task: Change IP address and netmask from command line

Activate network interface eth0 with a new IP (192.168.1.50) / netmask:
$ sudo ifconfig eth0 192.168.1.50 netmask 255.255.255.0 up

Task: Display the routing table

$ /sbin/route OR$ /sbin/route -n
Output:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
localnet        *               255.255.255.0   U     0      0        0 ra0
172.16.114.0    *               255.255.255.0   U     0      0        0 eth0
172.16.236.0    *               255.255.255.0   U     0      0        0 eth1
default         192.168.1.254   0.0.0.0         UG    0      0        0 ra0

Task: Add a new gateway

$ sudo route add default gw 172.16.236.0

Task: Display current active Internet connections (servers and established connection)

$ netstat -nat

Task: Display open ports

$ sudo netstat -tulpOR$ sudo netstat -tulpn

Task: Display network interfaces stats (RX/TX etc)

$ netstat -i

Task: Display output for active/established connections only

$ netstat -e
$ netstat -te
$ netstat -tue

Where,

• -t : TCP connections
• -u : UDP connections
• -e : Established

Task: Test network connectivity

Send ICMP ECHO_REQUEST to network hosts, routers, servers etc with ping command. This verifies connectivity exists between local host and remote network system:
$ ping router
$ ping 192.168.1.254
$ ping cyberciti.biz

Task: Use GUI (Graphical Configuration) network Tool

If you are new, use GUI configuration tool, type the following command at terminal:
$ network-admin &
Above command is Ubuntu's GUI for configuring network connections tool.

Final tip - Learn how find out more information about commands

A man page is your best friend when you wanted to learn more about particular command or syntax. For example, read detailed information about ifconfig and netstat command:
$ man ifconfig
$ man netstat

Just get a short help with all command options by appending --help option to each command:
$ netstat --help
Find out what command is used for particular task by searching the short descriptions and manual page names for the keyword:
$ man -k 'delete directory'
$ apropos -s 1 remove
Display short descriptions of a command:
$ whatis rm
$ whatis netstat
Linux offers an excellent collection of utilities, which can be use to finding the files and executables, remember you cannot memorize all the commands and files ;

20 Netstat Commands for Linux Network Management

20 Netstat Commands for Linux Network Management

netstat (network statistics) is a command line tool for monitoring network connections both incoming and outgoing as well as viewing routing tables, interface statistics etc. netstat is available on all Unix-like Operating Systems and also available on Windows OS as well. It is very useful in terms of network troubleshooting and performance measurement. netstat is one of the most basic network service debugging tools, telling you what ports are open and whether any programs are listening on ports.

Linux Netstat Command

This tool is very important and much useful for Linux network administrators as well as system administrators to monitor and troubleshoot their network related problems and determine network traffic performance. This article shows usages of netstat command with their examples which may be useful in daily operation.

1. Listing all the LISTENING Ports of TCP and UDP connections

Listing all ports (both TCP and UDP) using netstat -a option.

# netstat -a | more

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 *:sunrpc                    *:*                         LISTEN
tcp        0     52 192.168.0.2:ssh             192.168.0.1:egs             ESTABLISHED
tcp        1      0 192.168.0.2:59292           www.gov.com:http            CLOSE_WAIT
tcp        0      0 localhost:smtp              *:*                         LISTEN
tcp        0      0 *:59482                     *:*                         LISTEN
udp        0      0 *:35036                     *:*
udp        0      0 *:npmp-local                *:*

Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     16972  /tmp/orbit-root/linc-76b-0-6fa08790553d6
unix  2      [ ACC ]     STREAM     LISTENING     17149  /tmp/orbit-root/linc-794-0-7058d584166d2
unix  2      [ ACC ]     STREAM     LISTENING     17161  /tmp/orbit-root/linc-792-0-546fe905321cc
unix  2      [ ACC ]     STREAM     LISTENING     15938  /tmp/orbit-root/linc-74b-0-415135cb6aeab

2. Listing TCP Ports connections

Listing only TCP (Transmission Control Protocol) port connections using netstat -at.

# netstat -at

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 *:ssh                       *:*                         LISTEN
tcp        0      0 localhost:ipp               *:*                         LISTEN
tcp        0      0 localhost:smtp              *:*                         LISTEN
tcp        0     52 192.168.0.2:ssh             192.168.0.1:egs             ESTABLISHED
tcp        1      0 192.168.0.2:59292           www.gov.com:http            CLOSE_WAIT

3. Listing UDP Ports connections

Listing only UDP (User Datagram Protocol ) port connections using netstat -au.

# netstat -au

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
udp        0      0 *:35036                     *:*
udp        0      0 *:npmp-local                *:*
udp        0      0 *:mdns                      *:*

4. Listing all LISTENING Connections

Listing all active listening ports connections with netstat -l.

# netstat -l

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 *:sunrpc                    *:*                         LISTEN
tcp        0      0 *:58642                     *:*                         LISTEN
tcp        0      0 *:ssh                       *:*                         LISTEN
udp        0      0 *:35036                     *:*
udp        0      0 *:npmp-local                *:*

Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     16972  /tmp/orbit-root/linc-76b-0-6fa08790553d6
unix  2      [ ACC ]     STREAM     LISTENING     17149  /tmp/orbit-root/linc-794-0-7058d584166d2
unix  2      [ ACC ]     STREAM     LISTENING     17161  /tmp/orbit-root/linc-792-0-546fe905321cc
unix  2      [ ACC ]     STREAM     LISTENING     15938  /tmp/orbit-root/linc-74b-0-415135cb6aeab

5. Listing all TCP Listening Ports

Listing all active listening TCP ports by using option netstat -lt.

# netstat -lt

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 *:dctp                      *:*                         LISTEN
tcp        0      0 *:mysql                     *:*                         LISTEN
tcp        0      0 *:sunrpc                    *:*                         LISTEN
tcp        0      0 *:munin                     *:*                         LISTEN
tcp        0      0 *:ftp                       *:*                         LISTEN
tcp        0      0 localhost.localdomain:ipp   *:*                         LISTEN
tcp        0      0 localhost.localdomain:smtp  *:*                         LISTEN
tcp        0      0 *:http                      *:*                         LISTEN
tcp        0      0 *:ssh                       *:*                         LISTEN
tcp        0      0 *:https                     *:*                         LISTEN

6. Listing all UDP Listening Ports

Listing all active listening UDP ports by using option netstat -lu.

# netstat -lu

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
udp        0      0 *:39578                     *:*
udp        0      0 *:meregister                *:*
udp        0      0 *:vpps-qua                  *:*
udp        0      0 *:openvpn                   *:*
udp        0      0 *:mdns                      *:*
udp        0      0 *:sunrpc                    *:*
udp        0      0 *:ipp                       *:*
udp        0      0 *:60222                     *:*
udp        0      0 *:mdns                      *:*

7. Listing all UNIX Listening Ports

Listing all active UNIX listening ports using netstat -lx.

# netstat -lx

Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     4171   @ISCSIADM_ABSTRACT_NAMESPACE
unix  2      [ ACC ]     STREAM     LISTENING     5767   /var/run/cups/cups.sock
unix  2      [ ACC ]     STREAM     LISTENING     7082   @/tmp/fam-root-
unix  2      [ ACC ]     STREAM     LISTENING     6157   /dev/gpmctl
unix  2      [ ACC ]     STREAM     LISTENING     6215   @/var/run/hald/dbus-IcefTIUkHm
unix  2      [ ACC ]     STREAM     LISTENING     6038   /tmp/.font-unix/fs7100
unix  2      [ ACC ]     STREAM     LISTENING     6175   /var/run/avahi-daemon/socket
unix  2      [ ACC ]     STREAM     LISTENING     4157   @ISCSID_UIP_ABSTRACT_NAMESPACE
unix  2      [ ACC ]     STREAM     LISTENING     60835836 /var/lib/mysql/mysql.sock
unix  2      [ ACC ]     STREAM     LISTENING     4645   /var/run/audispd_events
unix  2      [ ACC ]     STREAM     LISTENING     5136   /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     6216   @/var/run/hald/dbus-wsUBI30V2I
unix  2      [ ACC ]     STREAM     LISTENING     5517   /var/run/acpid.socket
unix  2      [ ACC ]     STREAM     LISTENING     5531   /var/run/pcscd.comm

8. Showing Statistics by Protocol

Displays statistics by protocol. By default, statistics are shown for the TCP, UDP, ICMP, and IP protocols. The -s parameter can be used to specify a set of protocols.

# netstat -s

Ip:
    2461 total packets received
    0 forwarded
    0 incoming packets discarded
    2431 incoming packets delivered
    2049 requests sent out
Icmp:
    0 ICMP messages received
    0 input ICMP message failed.
    ICMP input histogram:
    1 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 1
Tcp:
    159 active connections openings
    1 passive connection openings
    4 failed connection attempts
    0 connection resets received
    1 connections established
    2191 segments received
    1745 segments send out
    24 segments retransmited
    0 bad segments received.
    4 resets sent
Udp:
    243 packets received
    1 packets to unknown port received.
    0 packet receive errors
    281 packets sent

9. Showing Statistics by TCP Protocol

Showing statistics of only TCP protocol by using option netstat -st.

# netstat -st

Tcp:
    2805201 active connections openings
    1597466 passive connection openings
    1522484 failed connection attempts
    37806 connection resets received
    1 connections established
    57718706 segments received
    64280042 segments send out
    3135688 segments retransmited
    74 bad segments received.
    17580 resets sent

10. Showing Statistics by UDP Protocol

# netstat -su

Udp:
    1774823 packets received
    901848 packets to unknown port received.
    0 packet receive errors
    2968722 packets sent

11. Displaying Service name with PID

Displaying service name with their PID number, using option netstat -tp will display “PID/Program Name”.

# netstat -tp

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 192.168.0.2:ssh             192.168.0.1:egs             ESTABLISHED 2179/sshd
tcp        1      0 192.168.0.2:59292           www.gov.com:http            CLOSE_WAIT  1939/clock-applet

12. Displaying Promiscuous Mode

Displaying Promiscuous mode with -ac switch, netstat print the selected information or refresh screen every five second. Default screen refresh in every second.

# netstat -ac 5 | grep tcp

tcp        0      0 *:sunrpc                    *:*                         LISTEN
tcp        0      0 *:58642                     *:*                         LISTEN
tcp        0      0 *:ssh                       *:*                         LISTEN
tcp        0      0 localhost:ipp               *:*                         LISTEN
tcp        0      0 localhost:smtp              *:*                         LISTEN
tcp        1      0 192.168.0.2:59447           www.gov.com:http            CLOSE_WAIT
tcp        0     52 192.168.0.2:ssh             192.168.0.1:egs             ESTABLISHED
tcp        0      0 *:sunrpc                    *:*                         LISTEN
tcp        0      0 *:ssh                       *:*                         LISTEN
tcp        0      0 localhost:ipp               *:*                         LISTEN
tcp        0      0 localhost:smtp              *:*                         LISTEN
tcp        0      0 *:59482                     *:*                         LISTEN

13. Displaying Kernel IP routing

Display Kernel IP routing table with netstat and route command.

# netstat -r

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.0.0     *               255.255.255.0   U         0 0          0 eth0
link-local      *               255.255.0.0     U         0 0          0 eth0
default         192.168.0.1     0.0.0.0         UG        0 0          0 eth0

14. Showing Network Interface Transactions

Showing network interface packet transactions including both transferring and receiving packets with MTU size.

# netstat -i

Kernel Interface table
Iface       MTU Met    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500   0     4459      0      0      0     4057      0      0      0 BMRU
lo        16436   0        8      0      0      0        8      0      0      0 LRU

15. Showing Kernel Interface Table

Showing Kernel interface table, similar to ifconfig command.

# netstat -ie

Kernel Interface table
eth0      Link encap:Ethernet  HWaddr 00:0C:29:B4:DA:21
          inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:feb4:da21/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4486 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4077 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2720253 (2.5 MiB)  TX bytes:1161745 (1.1 MiB)
          Interrupt:18 Base address:0x2000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:480 (480.0 b)  TX bytes:480 (480.0 b)

16. Displaying IPv4 and IPv6 Information

Displays multicast group membership information for both IPv4 and IPv6.

# netstat -g

IPv6/IPv4 Group Memberships
Interface       RefCnt Group
--------------- ------ ---------------------
lo              1      all-systems.mcast.net
eth0            1      224.0.0.251
eth0            1      all-systems.mcast.net
lo              1      ff02::1
eth0            1      ff02::202
eth0            1      ff02::1:ffb4:da21
eth0            1      ff02::1

17. Print Netstat Information Continuously

To get netstat information every few second, then use the following command, it will print netstat information continuously, say every few seconds.

# netstat -c

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 tecmint.com:http   sg2nlhg007.shr.prod.s:36944 TIME_WAIT
tcp        0      0 tecmint.com:http   sg2nlhg010.shr.prod.s:42110 TIME_WAIT
tcp        0    132 tecmint.com:ssh    115.113.134.3.static-:64662 ESTABLISHED
tcp        0      0 tecmint.com:http   crawl-66-249-71-240.g:41166 TIME_WAIT
tcp        0      0 localhost.localdomain:54823 localhost.localdomain:smtp  TIME_WAIT
tcp        0      0 localhost.localdomain:54822 localhost.localdomain:smtp  TIME_WAIT
tcp        0      0 tecmint.com:http   sg2nlhg010.shr.prod.s:42091 TIME_WAIT
tcp        0      0 tecmint.com:http   sg2nlhg007.shr.prod.s:36998 TIME_WAIT

18. Finding non supportive Address

Finding un-configured address families with some useful information.

# netstat --verbose

netstat: no support for `AF IPX' on this system.
netstat: no support for `AF AX25' on this system.
netstat: no support for `AF X25' on this system.
netstat: no support for `AF NETROM' on this system.

19. Finding Listening Programs

Find out how many listening programs running on a port.

# netstat -ap | grep http

tcp        0      0 *:http                      *:*                         LISTEN      9056/httpd
tcp        0      0 *:https                     *:*                         LISTEN      9056/httpd
tcp        0      0 tecmint.com:http   sg2nlhg008.shr.prod.s:35248 TIME_WAIT   -
tcp        0      0 tecmint.com:http   sg2nlhg007.shr.prod.s:57783 TIME_WAIT   -
tcp        0      0 tecmint.com:http   sg2nlhg007.shr.prod.s:57769 TIME_WAIT   -
tcp        0      0 tecmint.com:http   sg2nlhg008.shr.prod.s:35270 TIME_WAIT   -
tcp        0      0 tecmint.com:http   sg2nlhg009.shr.prod.s:41637 TIME_WAIT   -
tcp        0      0 tecmint.com:http   sg2nlhg009.shr.prod.s:41614 TIME_WAIT   -
unix  2      [ ]         STREAM     CONNECTED     88586726 10394/httpd

20. Displaying RAW Network Statistics

# netstat --statistics --raw

Ip:
    62175683 total packets received
    52970 with invalid addresses
    0 forwarded
Icmp:
    875519 ICMP messages received
        destination unreachable: 901671
        echo request: 8
        echo replies: 16253
IcmpMsg:
        InType0: 83
IpExt:
    InMcastPkts: 117

That’s it, If you are looking for more information and options about netstat command, refer netstat manual docs or use man netstat command to know all the information. If we’ve missed anything in the list, please inform us using our comment section below. So, we could keep updating this list based on your comments.

UNIX / Linux: 10 Netstat Command Examples

Netstat command displays various network related information such as network connections, routing tables, interface statistics, masquerade connections, multicast memberships etc.,
 10 practical unix netstat command examples.

1. List All Ports (both listening and non listening ports)

List all ports using netstat -a

# netstat -a | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 localhost:30037         *:*                     LISTEN
udp        0      0 *:bootpc                *:*                                

Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     6135     /tmp/.X11-unix/X0
unix  2      [ ACC ]     STREAM     LISTENING     5140     /var/run/acpid.socket

List all tcp ports using netstat -at

# netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 localhost:30037         *:*                     LISTEN
tcp        0      0 localhost:ipp           *:*                     LISTEN
tcp        0      0 *:smtp                  *:*                     LISTEN
tcp6       0      0 localhost:ipp           [::]:*                  LISTEN

List all udp ports using netstat -au

# netstat -au
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
udp        0      0 *:bootpc                *:*
udp        0      0 *:49119                 *:*
udp        0      0 *:mdns                  *:*

2. List Sockets which are in Listening State

List only listening ports using netstat -l

# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 localhost:ipp           *:*                     LISTEN
tcp6       0      0 localhost:ipp           [::]:*                  LISTEN
udp        0      0 *:49119                 *:*

List only listening TCP Ports using netstat -lt

# netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 localhost:30037         *:*                     LISTEN
tcp        0      0 *:smtp                  *:*                     LISTEN
tcp6       0      0 localhost:ipp           [::]:*                  LISTEN

List only listening UDP Ports using netstat -lu

# netstat -lu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
udp        0      0 *:49119                 *:*
udp        0      0 *:mdns                  *:*

List only the listening UNIX Ports using netstat -lx

# netstat -lx
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     6294     private/maildrop
unix  2      [ ACC ]     STREAM     LISTENING     6203     public/cleanup
unix  2      [ ACC ]     STREAM     LISTENING     6302     private/ifmail
unix  2      [ ACC ]     STREAM     LISTENING     6306     private/bsmtp

3. Show the statistics for each protocol

Show statistics for all ports using netstat -s

# netstat -s
Ip:
    11150 total packets received
    1 with invalid addresses
    0 forwarded
    0 incoming packets discarded
    11149 incoming packets delivered
    11635 requests sent out
Icmp:
    0 ICMP messages received
    0 input ICMP message failed.
Tcp:
    582 active connections openings
    2 failed connection attempts
    25 connection resets received
Udp:
    1183 packets received
    4 packets to unknown port received.
.....

Show statistics for TCP (or) UDP ports using netstat -st (or) -su

# netstat -st

# netstat -su

4. Display PID and program names in netstat output using netstat -p

netstat -p option can be combined with any other netstat option. This will add the “PID/Program Name” to the netstat output. This is very useful while debugging to identify which program is running on a particular port.

# netstat -pt
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        1      0 ramesh-laptop.loc:47212 192.168.185.75:www        CLOSE_WAIT  2109/firefox
tcp        0      0 ramesh-laptop.loc:52750 lax:www ESTABLISHED 2109/firefox

5. Don’t resolve host, port and user name in netstat output

When you don’t want the name of the host, port or user to be displayed, use netstat -n option. This will display in numbers, instead of resolving the host name, port name, user name.
This also speeds up the output, as netstat is not performing any look-up.

# netstat -an

If you don’t want only any one of those three items ( ports, or hosts, or users ) to be resolved, use following commands.

# netsat -a --numeric-ports

# netsat -a --numeric-hosts

# netsat -a --numeric-users

6. Print netstat information continuously

netstat will print information continuously every few seconds.

# netstat -c
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 ramesh-laptop.loc:36130 101-101-181-225.ama:www ESTABLISHED
tcp        1      1 ramesh-laptop.loc:52564 101.11.169.230:www      CLOSING
tcp        0      0 ramesh-laptop.loc:43758 server-101-101-43-2:www ESTABLISHED
tcp        1      1 ramesh-laptop.loc:42367 101.101.34.101:www      CLOSING
^C

7. Find the non supportive Address families in your system

netstat --verbose

At the end, you will have something like this.

 netstat: no support for `AF IPX' on this system.
 netstat: no support for `AF AX25' on this system.
 netstat: no support for `AF X25' on this system.
 netstat: no support for `AF NETROM' on this system.

8. Display the kernel routing information using netstat -r

# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.1.0     *               255.255.255.0   U         0 0          0 eth2
link-local      *               255.255.0.0     U         0 0          0 eth2
default         192.168.1.1     0.0.0.0         UG        0 0          0 eth2

Note: Use netstat -rn to display routes in numeric format without resolving for host-names.

9. Find out on which port a program is running

# netstat -ap | grep ssh
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp        1      0 dev-db:ssh           101.174.100.22:39213        CLOSE_WAIT  -
tcp        1      0 dev-db:ssh           101.174.100.22:57643        CLOSE_WAIT  -

Find out which process is using a particular port:

# netstat -an | grep ':80'

10. Show the list of network interfaces

# netstat -i
Kernel Interface table
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0         0      0      0 0             0      0      0      0 BMU
eth2       1500 0     26196      0      0 0         26883      6      0      0 BMRU
lo        16436 0         4      0      0 0             4      0      0      0 LRU

Display extended information on the interfaces (similar to ifconfig) using netstat -ie:

# netstat -ie
Kernel Interface table
eth0      Link encap:Ethernet  HWaddr 00:10:40:11:11:11
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Memory:f6ae0000-f6b00000

Linux netstat command explained with 10 examples

Linux netstat command explained with 10 examples

inShare

The netstat command in Linux is a very useful tool when dealing with networking issues. This command is capable of producing information related to network connections, routing tables, interface statistics etc. This utility also helps the network administrators to keep an eye on the invalid or suspicious network connections. In this article we will understand the basics of this command using some practical examples. The syntax of this command is :

 

netstat [options]...

 

1. Display routing information maintained by kernel

This information can be retrieved using the -r option along with this command.

Consider the following example :

$ netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.1.0     *               255.255.255.0   U         0 0          0 wlan0
link-local      *               255.255.0.0     U         0 0          0 wlan0
default         192.168.1.1     0.0.0.0         UG        0 0          0 wlan0

So we see that kernel routing table information was displayed using the -r option. The flag 'U' indicates that this entry is up while the flag 'G' indicates that this entry is not a direct entry i.e. the destination indicated in this route entry is not on the same network. A list of flags is given below :

A Receive all multicast at this interface.
B OK broadcast.
D Debugging ON.
M Promiscuous Mode.
O No ARP at this interface.
P P2P connection at this interface.
R Interface is running.
U Interface is up.
G Not a direct entry.

 

2. Display multicast group membership information

This information is displayed for both IPv4 and IPv6 and can be retrieved using -g option with this command.

Consider the following example :

$ netstat -g
IPv6/IPv4 Group Memberships
Interface       RefCnt Group
--------------- ------ ---------------------
lo              1      all-systems.mcast.net
eth0            1      all-systems.mcast.net
wlan0           1      224.0.0.251
wlan0           1      all-systems.mcast.net
lo              1      ip6-allnodes
eth0            1      ip6-allnodes
wlan0           1      ff02::1:ff20:3a8e
wlan0           1      ip6-allnodes
pan0            1      ip6-allnodes

So we see that the multicast information was displayed in the above output.

 

3. Display information related to all network interfaces

This is made possible using the -i option along with this command.

Consider the following example :

$ netstat -i
Kernel Interface table
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0         0      0      0 0             0      0      0      0 BMU
lo        16436 0        44      0      0 0            44      0      0      0 LRU
wlan0      1500 0    166164      0      0 0        152434      0      0      0 BMRU

So we see that all the network information related to individual interfaces was displayed in the output. The RX and TX columns are described as follows :

RX-OK   : Correct packets received on this interface.
RX-ERR : Incorrect packets received on this interface
RX-DRP : Packets that were dropped at this interface.
RX-OVR : Packets that this interface was unable to receive.

Similar definition is for the TX columns that describe the transmitted packets.

 

4. Display summary statistics for each protocol

This is very handy information that netstat command provides. This information can be retrieved by using -s option with this command.

Consider the following example :

$ netstat -s
Ip:
    167813 total packets received
    1 with invalid addresses
    0 forwarded
    0 incoming packets discarded
    166864 incoming packets delivered
    153028 requests sent out
Icmp:
    12 ICMP messages received
    0 input ICMP message failed.
    ICMP input histogram:
        destination unreachable: 12
    12 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 12
IcmpMsg:
        InType3: 12
        OutType3: 12
Tcp:
    3270 active connections openings
    0 passive connection openings
    11 failed connection attempts
    279 connection resets received
    2 connections established
    158262 segments received
    145989 segments send out
    477 segments retransmited
    0 bad segments received.
    1938 resets sent
Udp:
    5418 packets received
    12 packets to unknown port received.
    0 packet receive errors
    5387 packets sent
UdpLite:
TcpExt:
    52 packets pruned from receive queue because of socket buffer overrun
    1661 TCP sockets finished time wait in fast timer
    2 time wait sockets recycled by time stamp
    5 packets rejects in established connections because of timestamp
    3733 delayed acks sent
    1 delayed acks further delayed because of locked socket
    Quick ack mode was activated 890 times
    384 packets directly queued to recvmsg prequeue.
    210504 bytes directly received in process context from prequeue
    83445 packet headers predicted
    153 packets header predicted and directly queued to user
    8241 acknowledgments not containing data payload received
    1732 predicted acknowledgments
    3 congestion windows recovered without slow start by DSACK
    203 congestion windows recovered without slow start after partial ack
    1 timeouts after reno fast retransmit
    9 timeouts after SACK recovery
    2 timeouts in loss state
    9 retransmits in slow start
    428 other TCP timeouts
    1782 packets collapsed in receive queue due to low socket buffer
    861 DSACKs sent for old packets
    22 DSACKs sent for out of order packets
    276 DSACKs received
    407 connections reset due to unexpected data
    272 connections reset due to early user close
    4 connections aborted due to timeout
    TCPDSACKIgnoredOld: 128
    TCPDSACKIgnoredNoUndo: 31
    TCPSackShiftFallback: 2
IpExt:
    InMcastPkts: 2370
    OutMcastPkts: 1199
    InBcastPkts: 2270
    OutBcastPkts: 1331
    InOctets: 194805011
    OutOctets: 15947915
    InMcastOctets: 74161
    OutMcastOctets: 41385
    InBcastOctets: 477074
    OutBcastOctets: 194151

So we see that vital statistical information related to each protocol was displayed in the output.

 

5. Monitor continuously

Yes, netstat command provides an option -c using which any type of information can be monitored continuously. Here continuously means that same information would be fetched again and again after each second and the netstat output will grow until you choose to stop the command.

Here is an example where the interface information can be monitored continuously :

$ netstat -ic
Kernel Interface table
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0         0      0      0 0             0      0      0      0 BMU
lo        16436 0        44      0      0 0            44      0      0      0 LRU
wlan0      1500 0    167000      0      0 0        153174      0      0      0 BMRU
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0         0      0      0 0             0      0      0      0 BMU
lo        16436 0        44      0      0 0            44      0      0      0 LRU
wlan0      1500 0    167000      0      0 0        153174      0      0      0 BMRU
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0         0      0      0 0             0      0      0      0 BMU
lo        16436 0        44      0      0 0            44      0      0      0 LRU
wlan0      1500 0    167000      0      0 0        153174      0      0      0 BMRU
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0         0      0      0 0             0      0      0      0 BMU
lo        16436 0        44      0      0 0            44      0      0      0 LRU
wlan0      1500 0    167000      0      0 0        153174      0      0      0 BMRU
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0         0      0      0 0             0      0      0      0 BMU
lo        16436 0        44      0      0 0            44      0      0      0 LRU
wlan0      1500 0    167000      0      0 0        153174      0      0      0 BMRU
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0         0      0      0 0             0      0      0      0 BMU
lo        16436 0        44      0      0 0            44      0      0      0 LRU
wlan0      1500 0    167000      0      0 0        153174      0      0      0 BMRU
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0         0      0      0 0             0      0      0      0 BMU
lo        16436 0        44      0      0 0            44      0      0      0 LRU
wlan0      1500 0    167000      0      0 0        153174      0      0      0 BMRU
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0         0      0      0 0             0      0      0      0 BMU
lo        16436 0        44      0      0 0            44      0      0      0 LRU
wlan0      1500 0    167001      0      0 0        153174      0      0      0 BMRU
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0         0      0      0 0             0      0      0      0 BMU
lo        16436 0        44      0      0 0            44      0      0      0 LRU
wlan0      1500 0    167001      0      0 0        153175      0      0      0 BMRU
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0         0      0      0 0             0      0      0      0 BMU
lo        16436 0        44      0      0 0            44      0      0      0 LRU
wlan0      1500 0    167001      0      0 0        153175      0      0      0 BMRU
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0         0      0      0 0             0      0      0      0 BMU
lo        16436 0        44      0      0 0            44      0      0      0 LRU
wlan0      1500 0    167001      0      0 0        153175      0      0      0 BMRU
^C
$

So we see that the interface information (using -i) was displayed continuously again and again using -c option. The figure change (highlighted in bold) in the output above gives us an idea how -c option is useful to see updates in statistics in real time.

 

6. Display extra information

Apart from the information that netstat produces in output, Extra information can be produced in output using -e option.

Consider an example below :

$ netstat -e
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode      
tcp        0      0 himanshu-laptop.l:46096 sjc-not16.sjc.dropb:www ESTABLISHED himanshu   88185      
tcp       38      0 himanshu-laptop.l:40156 v-d-1a.sjc.dropbo:https CLOSE_WAIT  himanshu   88182      
tcp       38      0 himanshu-laptop.l:54501 v-client-5a.sjc.d:https CLOSE_WAIT  himanshu   247035     
tcp       38      0 himanshu-laptop.l:60738 v-client-2b.sjc.d:https CLOSE_WAIT  himanshu   10991      
tcp        0      0 himanshu-laptop.l:59610 del01s05-in-f22.1:https ESTABLISHED himanshu   186169     
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ]         DGRAM                    3273     @/org/kernel/udev/udevd
unix  20     [ ]         DGRAM                    4787     /dev/log
unix  3      [ ]         STREAM     CONNECTED     206978   @/tmp/dbus-VwQ8GS3QiP
unix  3      [ ]         STREAM     CONNECTED     206977   
unix  3      [ ]         STREAM     CONNECTED     206943   @/tmp/dbus-VwQ8GS3QiP
unix  3      [ ]         STREAM     CONNECTED     206942   
unix  3      [ ]         STREAM     CONNECTED     206941   @/tmp/.ICE-unix/1543
unix  3      [ ]         STREAM     CONNECTED     206940   
unix  3      [ ]         STREAM     CONNECTED     206939   @/tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     206938   
unix  3      [ ]         STREAM     CONNECTED     206937   /tmp/orbit-himanshu/linc-dcf-0-427340219d277
unix  3      [ ]         STREAM     CONNECTED     206936   
unix  3      [ ]         STREAM     CONNECTED     206933   /tmp/orbit-himanshu/linc-630-0-480531b88e2fc
...
...
...

So we see that lots of extra information related to internet connections (like user, Inode etc) was produced in the output.

 

7. Display network timer related information

This type of information can be produced in output using -o option with this command.

Consider the following example :

$ netstat -o
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       Timer
tcp        0      0 himanshu-laptop.l:46096 sjc-not16.sjc.dropb:www ESTABLISHED off (0.00/0/0)
tcp       38      0 himanshu-laptop.l:40156 v-d-1a.sjc.dropbo:https CLOSE_WAIT  off (0.00/0/0)
tcp       38      0 himanshu-laptop.l:54501 v-client-5a.sjc.d:https CLOSE_WAIT  off (0.00/0/0)
tcp       38      0 himanshu-laptop.l:60738 v-client-2b.sjc.d:https CLOSE_WAIT  off (0.00/0/0)
tcp        0      0 himanshu-laptop.l:59610 del01s05-in-f22.1:https ESTABLISHED off (0.00/0/0)
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ]         DGRAM                    3273     @/org/kernel/udev/udevd
unix  20     [ ]         DGRAM                    4787     /dev/log
unix  3      [ ]         STREAM     CONNECTED     206978   @/tmp/dbus-VwQ8GS3QiP
unix  3      [ ]         STREAM     CONNECTED     206977   
unix  3      [ ]         STREAM     CONNECTED     206943   @/tmp/dbus-VwQ8GS3QiP
unix  3      [ ]         STREAM     CONNECTED     206942   
...
...
...

So we see that the timer related information (highlighted in bold) was produced in the output.

 

8. Display the PID of the program using socket

The PID of the program using a particular socket can be produced in the output using the option -p with this command.

Consider the following example :

$ netstat -p
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0    195 himanshu-laptop.l:46096 sjc-not16.sjc.dropb:www ESTABLISHED 1643/dropbox    
tcp       38      0 himanshu-laptop.l:40156 v-d-1a.sjc.dropbo:https CLOSE_WAIT  1643/dropbox    
tcp       38      0 himanshu-laptop.l:54501 v-client-5a.sjc.d:https CLOSE_WAIT  1643/dropbox    
tcp       38      0 himanshu-laptop.l:60738 v-client-2b.sjc.d:https CLOSE_WAIT  1643/dropbox    
tcp        0      0 himanshu-laptop.l:59610 del01s05-in-f22.1:https ESTABLISHED 1887/firefox    
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name    Path
unix  2      [ ]         DGRAM                    3273     -                   @/org/kernel/udev/udevd
unix  20     [ ]         DGRAM                    4787     -                   /dev/log
unix  3      [ ]         STREAM     CONNECTED     206978   1581/dbus-daemon    @/tmp/dbus-VwQ8GS3QiP
unix  3      [ ]         STREAM     CONNECTED     206977   1627/metacity       
...
...
...

As suggested by the highlighted portion in the output, the PID related information was produced using -p option.

 

9. Show only listening sockets

This can be made possible by using the -l option with this command.

Consider the following example :

$ netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 localhost:ipp           *:*                     LISTEN     
tcp        0      0 *:17500                 *:*                     LISTEN     
tcp6       0      0 [::]:netbios-ssn        [::]:*                  LISTEN     
tcp6       0      0 localhost:ipp           [::]:*                  LISTEN     
tcp6       0      0 [::]:microsoft-ds       [::]:*                  LISTEN
...
...
...

So we see that only those sockets whose state is LISTEN are produced in the output.

 

10. Show routing information from route cache

Information from route cache is produced in the output using -C option with this command.

Consider the following example :

$ netstat -C
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 himanshu-laptop.l:46096 sjc-not16.sjc.dropb:www ESTABLISHED
tcp       38      0 himanshu-laptop.l:40156 v-d-1a.sjc.dropbo:https CLOSE_WAIT 
tcp       38      0 himanshu-laptop.l:54501 v-client-5a.sjc.d:https CLOSE_WAIT 
tcp       38      0 himanshu-laptop.l:60738 v-client-2b.sjc.d:https CLOSE_WAIT 
tcp        0      0 himanshu-laptop.l:59610 del01s05-in-f22.1:https ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ]         DGRAM                    3273     @/org/kernel/udev/udevd
unix  20     [ ]         DGRAM                    4787     /dev/log
unix  3      [ ]         STREAM     CONNECTED     206978   @/tmp/dbus-VwQ8GS3QiP
unix  3      [ ]         STREAM     CONNECTED     206977   
unix  3      [ ]         STREAM     CONNECTED     206943   @/tmp/dbus-VwQ8GS3QiP
unix  3      [ ]         STREAM     CONNECTED     206942   
...
...
...

The output above is produced using the information from route cache.