What is the Netstat Command?

What is the Netstat Command?

The netstat command is a Command Prompt command used to display very detailed information about how your computer is communicating with other computers or network devices.
Specifically, the netstat command can show details about individual network connections, overall and protocol-specific networking statistics, and much more, all of which could help troubleshoot certain kinds of networking issues.

Netstat Command Syntax:

netstat [-a] [-b] [-e] [-f] [-n] [-o] [-p protocol] [-r] [-s] [-t] [-x] [-y] [time_interval] [/?]

Tip: See How To Read Command Syntax if you're not sure how to read the netstat command syntax above.
Execute the netstat command alone to show a relatively simple list of all active TCP connections which, for each one, will show the local IP address (your computer), the foreign IP address (the other computer or network device), along with their respective port numbers, as well as the TCP state.

-a = This switch displays active TCP connections, TCP connections with the listening state, as well as UDP ports that are being listened to.
-b = This netstat switch is very similar to the -o switch listed below, but instead of displaying the PID, will display the process's actual file name. Using -b over -o might seem like it's saving you a step or two but using it can sometimes greatly extend the time it takes netstat to fully execute.
-e = Use this switch with the netstat command to show statistics about your network connection. This data includes bytes, unicast packets, non-unicast packets, discards, errors, and unknown protocols received and sent since the connection was established.
-f = The -f switch will force the netstat command to display the Fully Qualified Domain Name (FQDN) for each foreign IP addresses when possible.
-n = Use the -n switch to prevent netstat from attempting to determine host names for foreign IP addresses. Depending on your current network connections, using this switch could considerably reduce the time it takes for netstat to fully execute.
-o = A handy option for many troubleshooting tasks, the -o switch displays the process identifier (PID) associated with each displayed connection. See the example below for more about using netstat -o.
-p = Use the -p switch to show connections or statistics only for a particular protocol. You can not define more than one protocol at once, nor can you execute netstat with -p without defining a protocol.
protocol = When specifying a protocol with the -p option, you can use tcp, udp, tcpv6, or udpv6. If you use -s with -p to view statistics by protocol, you can use icmp, ip, icmpv6, or ipv6 in addition to the first four I mentioned.
-r = Execute netstat with -r to show the IP routing table. This is the same as using the route command to execute route print.
-s = The -s option can be used with the netstat command to show detailed statistics by protocol. You can limit the statistics shown to a particular protocol by using the -s option and specifying that protocol, but be sure to use -s before -p protocol when using the switches together.
-t = Use the -t switch to show the current TCP chimney offload state in place of the typically displayed TCP state.
-x = Use the -x option to show all NetworkDirect listeners, connections, and shared endpoints.
-y = The -y switch can be used to show the TCP connection template for all connection. You cannot use -y with any other netstat option.
time_interval = This is the time, in seconds, that you'd like the netstat command to re-execute automatically, stopping only when you use Ctrl-C to end the loop.
/? = Use the help switch to show details about the netstat command's several options.
Tip: Make all that netstat information in the command line easier to work with by outputting what you see on the screen to a text file using a redirection operator. See How To Redirect Command Output to a File for complete instructions.

Netstat Command Examples:

netstat -f
In this first example, I execute netstat to show all active TCP connections. However, I do want to see the computers I'm connected to in FQDN format [-f] instead of a simple IP address.
Here's an example of what you might see:

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    127.0.0.1:5357         VM-Windows-7:49229     TIME_WAIT
  TCP    127.0.0.1:49225        VM-Windows-7:12080     TIME_WAIT
  TCP    192.168.1.14:49194     75.125.212.75:http     CLOSE_WAIT
  TCP    192.168.1.14:49196     a795sm.avast.com:http  CLOSE_WAIT
  TCP    192.168.1.14:49197     a795sm.avast.com:http  CLOSE_WAIT
  TCP    192.168.1.14:49230     TIM-PC:wsd             TIME_WAIT
  TCP    192.168.1.14:49231     TIM-PC:icslap          ESTABLISHED
  TCP    192.168.1.14:49232     TIM-PC:netbios-ssn     TIME_WAIT
  TCP    192.168.1.14:49233     TIM-PC:netbios-ssn     TIME_WAIT
  TCP    [::1]:2869             VM-Windows-7:49226     ESTABLISHED
  TCP    [::1]:49226            VM-Windows-7:icslap    ESTABLISHED

As you can see, I had 11 active TCP connections at the time I executed netstat. The only protocol (in the Proto column) listed is TCP, which was expected because I did not use -a.
You can also see three sets of IP addresses in the Local Address column - my actual IP address of 192.168.1.14 and both IPv4 and IPv6 versions of my loopback addresses, along with the port each connection is using. The Foreign Address column lists the FQDN (75.125.212.75 didn't resolve for some reason) along with that port as well.
Finally, the State column lists the TCP state of that particular connection.
netstat -o
In this example, I want to run netstat normally so it only shows active TCP connections, but I also want to see the corresponding process identifier [-o] for each connection so I can determine which program on my computer initiated each one.
Here's what my computer displayed:

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    192.168.1.14:49194     75.125.212.75:http     CLOSE_WAIT      2948
  TCP    192.168.1.14:49196     a795sm:http            CLOSE_WAIT      2948
  TCP    192.168.1.14:49197     a795sm:http            CLOSE_WAIT      2948

You probably noticed the new PID column. In this case, the PIDs are all the same, meaning that the same program on my computer opened these connections.
To determine what program is represented by the PID of 2948 on my computer, all I have to do is open Task Manager, click on the Processes tab, and note the Image Name listed next to the PID I'm looking for in the PID column.¹
Using the netstat command with the -o option can be very helpful when tracking down which program is using too big a share of your bandwidth. It can also help locate the destination where some kind of malware, or even an otherwise legitimate piece of software, might be sending information without your permission.
Note: While this and the previous example were both run on the same computer, and within just a minute of each other, you can see that the list of active TCP connections is considerably different. This is because your computer is constantly connecting to, and disconnecting from, various other devices on your network and over the Internet.

netstat -s -p tcp -f

In this third example, I want to see protocol specific statistics [-s] but not all of them, just TCP stats [-p tcp]. I also want the foreign addresses displayed in FQDN format [-f].
This is what the netstat command, as shown above, produced on my computer:

TCP Statistics for IPv4

  Active Opens                        = 77
  Passive Opens                       = 21
  Failed Connection Attempts          = 2
  Reset Connections                   = 25
  Current Connections                 = 5
  Segments Received                   = 7313
  Segments Sent                       = 4824
  Segments Retransmitted              = 5

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    127.0.0.1:2869         VM-Windows-7:49235     TIME_WAIT
  TCP    127.0.0.1:2869         VM-Windows-7:49238     ESTABLISHED
  TCP    127.0.0.1:49238        VM-Windows-7:icslap    ESTABLISHED
  TCP    192.168.1.14:49194     75.125.212.75:http     CLOSE_WAIT
  TCP    192.168.1.14:49196     a795sm.avast.com:http  CLOSE_WAIT
  TCP    192.168.1.14:49197     a795sm.avast.com:http  CLOSE_WAIT

As you can see, various statistics for the TCP protocol are displayed, as are all active TCP connections at the time.

netstat -e -t 5

In this final example, I executed the netstat command to show some basic network interface statistics [-e] and I wanted these statistics to continually update in the command window every five seconds [-t 5].
Here's what's produced on screen:

Interface Statistics

                           Received            Sent

Bytes                      22132338         1846834
Unicast packets               19113            9869
Non-unicast packets               0               0
Discards                          0               0
Errors                            0               0
Unknown protocols                 0
Interface Statistics

                           Received            Sent

Bytes                      22134630         1846834
Unicast packets               19128            9869
Non-unicast packets               0               0
Discards                          0               0
Errors                            0               0
Unknown protocols                 0
^C

Various pieces of information, which you can see here and that I listed in the -e syntax above, are displayed.
I only let the netstat command automatically execute one extra time, as you can see by the two tables in the result. Note the ^C at the bottom, indicating that I used the Ctrl-C abort command to stop the rerunning of the command.

Netstat Command Availability:

The netstat command is available from within the Command Prompt in most versions of Windows including Windows 8, Windows 7, Windows Vista, Windows XP, Windows Server operating systems, and some older versions of Windows too.
Note: The availability of certain netstat command switches and other netstat command syntax may differ from operating system to operating system.

Netstat Related Commands:The netstat command is often used with other networking related Command Prompt commands like nslookup, ping, tracert, ipconfig, and others.

How to configure telnet server in Linux

How to configure telnet server in Linux

telnet server is used to login into another system. You can use the telnet command to log in remotely to another system on your network. The system can be on your local area network or available through an Internet connection. Telnet operates as if you were logging in to another system from a remote terminal. You will be asked for a login name and password. In effect, you are logging in to another account on another system. In fact, if you have an account on another system, you could use Telnet to log in to it.

Dear visitor this article is written for RHEL 5. We have updated version of this article for RHEL6 with video tutorial. If you are looking for RHEL6 please check this article. How to configure Telnet Server in RHEL6.

You invoke the Telnet utility with the keyword telnet. If you know the name of the site you want to connect with, you can enter telnet and the name of the site on the Linux command line.
CAUTION The original version of Telnet is noted for being very insecure. For secure connections over a network or the Internet, you should use the Secure Shell (SSH). We will cover SSH server in next article. SSH operate in the same way as the original but use authentication and encryption to secure the Telnet connection. Even so, it is advisable never to use Telnet to log in to your root account. That why by defaults root account is disable for root login.

Configure telnet server

In this example we will configure a telnet server and will invoke connection from client side.
For this example we are using three systems one linux server one linux clients and one window clients.

• A linux server with ip address 192.168.0.254 and hostname Server
• A linux client with ip address 192.168.0.1 and hostname Client1
• A windows xp system with ip address 192.168.0.2 and hostname Client2
• Updated /etc/hosts file on both linux system
• Running portmap and xinetd services
• Firewall should be off on server

We suggest you to review that article before start configuration of telnet server. Once you have completed the necessary steps follow this guide.Four rpm are required to configure telnet server. telnet, telnet-server, portmap, xinetd check them if not found then install

Now check telnet, portmap, xinetd service in system service it should be on

 #setup
Select  System service from list
[*]portmap 
[*]xinetd
[*]telnet 

Now restart xinetd and portmap service

To keep on these services after reboot on then via chkconfig command

After reboot verify their status. It must be in running condition

Create a normal user named vinita

On Linux client

ping from telnet server and run telnet command and give user name and password

On Window client

ping from telnet server and run telnet command

Give user name and password

How to enable root login from telnet server

On linux server open file securetty

In the end of file add pts/0 to enable one telnet session for root. if you need to open more telnet session for root and add more pts/1 pts/2 and so on.

Now restart xinetd and portmap service

Verfiy from window by login from root





















Source: http://computernetworkingnotes.com/network-administrations/telnet-server.html
More : http://computernetworkingnotes.com/network-administration/how-to-configure-telnet-server-in-rhel6.html

A simple script that will telnet a number of IP and Ports

Hi,

I would like to create a simple script that will telnet a number of IP and Ports one after the other to confirm connectivity to those addresses.

I thought about changing /etc/services file for telnet port... but there are other machines too which is accessible on telnet standard port.. I thought about changing /etc/services file for telnet port... but there are other machines too which is accessible on telnet standard port..

Any ideas on where to start?

I have looked through the search results and have the following based on an existing script.

Code:

 
#!/bin/sh
set -vx
read line < portTest
OIFS=$IFS
IFS=#;
for i in $line;
do
# check for open ports #
connTest=`echo " " |telnet "$i"`
if [ "`echo $connTest | awk '{ print $3 }` " = "Connected" ]
then
echo "$connTest port is up"
else
echo "$connTest port is down"
fi
done

This refers to a file "portTest" which looks like this:
139.xxx.xxx.xxx 7001#139.xxx.xxx.xxx 7011#139.xxx.xxx.xxx 2001#

If I echo the variable $i earlier in the script than the telnet command it prints the whole value up to #, but when it sends the telnet request the port is not included.

Any ideas why?

Troubleshooting with Telnet

Poor telnet, it used to be the cool kid on the block. It was the program all sysadmins turned to when they needed to connect to a remote server. Telnet just wasn't that good at keeping a secret—all communication went over plain text—so administrators started switching to SSH for encrypted remote shell sessions. Of course, along with the switch came a huge stigma against administrators who still used telnet. Eventually, telnet became an outcast—the program you used if you were an out-of-touch old-timer who didn't care about security.
I for one think telnet isn't all bad. Sure, it can't keep a secret, but it still can do a lot of useful things around the server room. Really, telnet just provides you a convenient way to connect to a network port and send commands. Telnet can work well to diagnose problems with one of the many services out there that still accept plain-text commands in their protocol. In fact, it's one of my go-to command-line programs when I'm troubleshooting. In this column, I'm going to give telnet a second chance and describe how to use it to perform some common troubleshooting tasks.

Test Remote Ports

There are many different ways to test whether a network port is listening on a system, including GUI port scanners, Nmap and nc. Although all of those can work well, and even I find myself using Nmap more often than not, not all machines end up having Nmap installed. Just about every system includes telnet though, including a lot of embedded systems with BusyBox environments. So if I wanted to test whether the SMTP port (port 25) was listening on a server with the IP 192.168.5.5, I could type:

$ telnet 192.168.5.5 25
Trying 192.168.5.5...
telnet: Unable to connect to remote host: Connection refused

In this case, the remote port is unavailable, so I would fall back to some other troubleshooting methods to figure out why. If the port were open and available though, I could just start typing SMTP commands (more on that later).
As you can see from the above example, the syntax is to type the command telnet, the IP or hostname to connect to, and the remote port (otherwise it will default to port 23—the default port for telnet). So if I wanted to test a Web server instead, I would connect to the HTTP port (port 80):

$ telnet www.example.net 80

Troubleshoot Web Servers

While you are connecting to port 80, you might as well actually throw some HTTP commands at it and test that it works. For starters, you want to make sure you actually are connected:

$ telnet www.example.net 80
Trying 192.168.5.5...
Connected to www.example.net.
Escape character is '^]'.

Once you are connected, you can pass a basic HTTP GET request to ask for the default index page followed by the host you want to connect to:

GET / HTTP/1.1
host: www.example.net

The GET request specifies which page (/) along with what protocol you will use (HTTP/1.1). Since these days most Web servers end up hosting multiple virtual hosts from the same port, you can use the host command so the Web server knows which virtual host to direct you to. If you wanted to load some other Web page, you could replace GET / with, say, GET /forum/. It's possible your connection will time out if you don't type it in fast enough—if that happens, you always can copy and paste the command instead. After you type your commands, press Enter one final time, and you'll get a lot of headers you don't normally see along with the actual HTML content:

HTTP/1.1 200 OK
Date: Tue, 10 Jul 2012 04:54:04 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Mon, 24 May 2010 21:33:10 GMT
ETag: "38111c-b1-4875dc9938880"
Accept-Ranges: bytes
Content-Length: 177
Vary: Accept-Encoding
Content-Type: text/html
X-Pad: avoid browser bug

<html><body><h1>It works!</h1>
<p>This is the default web page for this server.</p>
<p>The web server software is running but no content 
has been added, yet.</p>
</body></html>

As you can see from my output, this is just the default Apache Web server page, but in this case, the HTML output is only one part of the equation. Equally useful in this output are all of the headers you get back from the HTTP/1.1 200 OK reply code to the modification dates on the Web page, to the Apache server version. After you are done sending commands, just press Ctrl-] and Enter to get back to a telnet prompt, then type quit to exit telnet.
I usually just use telnet to do some basic HTTP troubleshooting, because once you get into the realm of authentication, following redirects and other more complicated parts of the protocol, it's much simpler to use a command-line tool like curl, or I guess if you have to, even a regular GUI Web browser.

Send an E-mail

Although I just use telnet for basic Web server troubleshooting, telnet ends up being my preferred tool for e-mail troubleshooting, mostly because it's so simple to send a complete e-mail with only a few telnet commands.
The first step is to initiate a telnet connection with the mail server you want to test on port 25:

$ telnet mail.example.net 25
Trying 192.168.5.5...
Connected to mail.example.net.
Escape character is '^]'.
220 mail.example.net ESMTP Postfix

Unlike the blank prompt you may get when you connect to an HTTP server, with SMTP, you should get an immediate reply back. In this case, the reply is telling me I'm connecting to a Postfix server. Once I get that 220 prompt, I can start typing SMTP commands, starting with the HELO command that lets me tell the mail server what server is connecting to it:

HELO lappy486.example.net
250 mail.example.net

The nice thing about the interactive SMTP connection here is that if I do somehow make a typo in a command or make a mistake, it should let me know; otherwise, I should get a 250 reply. After HELO, you use the MAIL FROM: command to list what e-mail address the e-mail should appear to be from. I say appear to be from, because you can put just about any e-mail address you want here, which is a good reason not to blindly trust FROM addresses:

MAIL FROM: <root@example.net>
250 Ok

In the past, I used to type in the e-mail address directly without surrounding it with <>. My personal Postfix servers are fine with this, but other mail servers are more strict and will reply with a syntax error if you don't surround the e-mail address with <>. Since this FROM address was accepted, you can follow up with RCPT TO: and specify who the e-mail is addressed to:

RCPT TO: <postmaster@example.net>
250 Ok

The fact that the mail server responded with 250 should mean that it accepted the TO address you specified here. Finally, you can type DATA and type the rest of your e-mail, including any extra headers you want to add, like Subject, then finish up with a single period on its own line:

DATA
354 End data with <CR><LF>.<CR><LF>
Subject: Give Telnet a Chance 1
Hi,

All we are saying is give telnet a chance.
.
250 Ok: queued as 52A1EE3D117

When I'm testing e-mails with telnet, I usually put a number in the subject line so I can continually increment it with each test. This way, if some e-mail messages don't get delivered, I can tell which ones went through and which ones didn't.
Once you are done with the DATA section and the e-mail is queued, you can type quit to exit:

quit
221 Bye
Connection closed by foreign host.

Now that you have some ways to troubleshoot with telnet, hopefully you won't relegate telnet to the junk drawer of your Linux systems. Sure, you may not want to use it for remote shells, but now that just about everyone uses SSH anyway, maybe you can break out telnet on your terminal for all of your other plain-text network needs without your friends scolding you.

Source: http://www.linuxjournal.com/content/troubleshooting-telnet

Telnet

Telnet

About telnet

Telnet is software that allows users to remotely access another computer such as a server, network device, or other computer. With telnet, users can connect to a device or computer, manage a network device, setup a device, transfer files, etc.

    See the telnet definition for further information about the term telnet as well as related dictionary terms.

Telnet programs

In addition to using the telnet program that came included with your operating system, there are numerous telnet programs available. Users who use telnet often or want or need additional features should consider a third-party telnet program.

We highly recommend users consider the Van Dyke CRT program. A demo of this program can be found on our software download section.

Unix and Linux variant telnet

All variants of Linux and Unix such as Red Hat, Solaris, and FreeBSD, have the ability of telneting to a remote host through the command prompt. At the prompt type one of the below examples.

telnet <hostname>

or

telnet
open <hostname>

The hostname will be the domain, shell account or IP address.

If done properly you will either get to a prompt where you can perform the commands necessary or should receive a prompt for the username and password. If you have an account setup on the computer you are attempting to connect to, enter it now. If you do not have an account for the server, you can try connecting anonymously by entering your name and e-mail address as shown below.

username: anonymous
password: myname@myemail.com

If this feature is supported on the server you would then be logged in anonymously to that server.

Once connected you will be able to navigate through the command line just as if you were locally on the computer.

Additional information and syntax of the telnet command can also be found on our Unix and Linux telnet command page.

Microsoft Windows telnet

Microsoft has included telnet on Windows 3.11, Windows 95, Windows 98, Windows ME, Windows NT, Windows 2000, and Windows XP.

Windows 3.11 users

To access Microsoft Telnet from Windows 3.11 open File Manager, open the Windows directory, and double-click on telnet.exe.

Other Microsoft Windows users

To access Microsoft Telnet from Windows 95, Windows 98, Windows ME, Windows NT,  Windows 2000, or Windows XP, click Start, Run, type "telnet" and press enter. Some setups of Microsoft Windows may prohibit users from running the telnet command. Check with your system administrator if you are unable to open the program.

Once you are in the telnet window, click the below version of Windows you are using for additional steps and information on how to use telnet.

Windows 3.11 users
Windows 95 users
Windows 98 users
Windows ME users
Windows NT users
Windows 2000 users
Windows XP users

Windows 3.11, 95, 98, ME, NT users

Once the telnet window is open, click on the Connect drop down option and select Remote System from the drop down menu. Once connected, type in the hostname that will be the either the domain, shell account or IP address for the computer you are attempting to connect to. The port should remain to telnet and the TermType should remain at vt100 unless you know that it is different.

Skip to the below what next section for additional information steps on what to do once connected.

Windows 2000 and XP users

Windows 2000 and Windows XP users will be able to navigate through Telnet using a command line similar to MS-DOS. If you have run the telnet command from the run line, type "open <address>" where <address> is the address of where you are attempting to connect.

Additional information and available commands for the Windows 2000 and Windows XP can also be found on the telnet command page.

Skip to the below what next section for additional information steps on what to do once connected.

What next

If done properly, you will either get to a prompt where you can perform the commands necessary, or should receive a prompt for the username and password. If you have an account setup on the computer you are attempting to connect to, enter it now. If you do not have an account for the server, you can try connecting anonymously by entering your name and e-mail address as shown below.

username: anonymous
password: myname@myemail.com

If this feature is supported on the server you would then be logged in anonymously to that server.

Linux and Unix telnet command

Uses the telnet protocol to connect to another remote computer.

Syntax

telnet [-8] [-E] [-L] [-c] [-d] [-r] [ -e escape_char ] [ -l user ] [-n file ] [ host [ port ] ]

-8	Specifies an 8-bit data path. Negotiating the TELNET BINARY option is attempted for both input and output.
-E	Stops any character from being recognized as an escape character.
-L	Specifies an 8-bit data path on output. This causes the BINARY option to be negotiated on output.
-c	Disables the reading of the user's telnetrc file.
-d	Sets the initial value of the debug toggle to TRUE.
-r	Specifies a user interface similar to rlogin . In this mode, the escape character is set to the tilde (~) character, unless modified by the -e option. The rlogin escape character is only recognized when it is preceded by a carriage return. In this mode, the telnet escape character, normally '^]', must still precede a telnet command. The rlogin escape character can also be followed by '.\r' or '^Z', and, like rlogin, closes or suspends the connection, respectively. This option is an uncommitted inter- face and may change in the future.
-e escape_char	Sets the initial escape character to escape_char. escape_char may also be a two character sequence consisting of '^' followed by one character. If the second character is '?', the DEL character is selected. Otherwise, the second character is converted to a control character and used as the escape character. If the escape character is the null string (that is, -e ''), it is disabled.
-l user	When connecting to a remote system that understands the ENVIRON option, then user will be sent to the remote system as the value for the ENVIRON variable USER.
-n file	Opens tracefile for recording trace information.

Examples

telnet host.com

The above example would open a telnet session to the domain host.com.

Caution: Telnet is not encrypted and all data, including passwords is sent accross a network as plaintext. If intercepted, someone could learn your username and password. Instead of using Telnet consider using SSH.

Additional examples and general information on telnet can also be found on our telnet help page.

Processes

When you enter a command it invokes a program. While this program is running it is called a process. It is important to grasp that although there is only one copy of a program held in the file system, any number of processes can be invoked which run this program.
When the operating system is started after a boot, a single process is started. This process is the parent of all subsequent processes. Each process created on the system has a unique number, known as its PID, associated with it.
When you login to the system a process is started to run your shell program. Any processes that are started from within your shell - such as entering a command - are the children of this process. A process can have many children, but only one parent.