Network

netstat

-p show pid
-t tcp
-u udp
-l listening
-i show network interface packet transactions
-r show kernel ip routing
-g show group membership information of IPV4 and IPV6
-a all

common usage

netstat -ie  = ifconfig
netstat -lt  #show all listening tcp
netstat -r   #show routing
netstat -g   #show group membership information of IPV4 and IPV6
netstat -i   #show network interfact packet tracnsactions

[root@sf-vm-1 ~]# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         10.0.5.1        0.0.0.0         UG        0 0          0 eno16777984
10.0.5.0        0.0.0.0         255.255.255.0   U         0 0          0 eno16777984
172.17.0.0      0.0.0.0         255.255.0.0     U         0 0          0 docker0
[root@sf-vm-1 ~]# netstat -i
Kernel Interface table
Iface      MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
docker0   1500        3      0      0 0             3      0      0      0 BMU
eno16777  1500 30067952      0    978 0      21248940      0      0      0 BMRU
lo       65536     7256      0      0 0          7256      0      0      0 LRU
[root@sf-vm-1 ~]# netstat -g
IPv6/IPv4 Group Memberships
Interface       RefCnt Group
--------------- ------ ---------------------
lo              1      all-systems.mcast.net
eno1677798      1      all-systems.mcast.net
docker0         1      all-systems.mcast.net
lo              1      ff02::1
lo              1      ff01::1
eno16777984     1      ff02::1:ff46:b199
eno16777984     1      ff02::1
eno16777984     1      ff01::1
docker0         1      ff02::1:ff63:217f
docker0         1      ff02::1
docker0         1      ff01::1

ss - socket statistics

ss is almost same as netstat but fater and has some specific usage

-n, --numeric don't resolve service names
ss -s #summary statistics
ss -antp src :80
ss -altp dst :80
ss -nt -o

ss -t4 state established

1. established
2. syn-sent
3. syn-recv
4. fin-wait-1
5. fin-wait-2
6. time-wait
7. closed
8. close-wait
9. last-ack
10. closing
11. all - All of the above states
12. connected - All the states except for listen and closed
13. synchronized - All the connected states except for syn-sent
14. bucket - Show states, which are maintained as minisockets, i.e. time-wait and syn-recv.
15. big - Opposite to bucket state.

fuser

fuser 8080/tcp

fuser -k 8080/tcp

lsof

lsof -i:8080 kill -9 $(lsof -i:8080)

parameters

-t - show only process ID
-i - show only internet connections related process

nmap

parameter

nmap -sP IP ping only
nmap -sS 192.168.1.1 TCP SYN scan
nmap -sU 192.168.1.1 UDP scan
namp -sO 192.168.1.1 protocol scan
namp -p 1024-2048 192.168.1.1 port range scan
namp -p 80,25,443,110 192.168.1.1 port scan

tcpdump

parameters

-XX : Same as -X, but also shows the ethernet header.
-D : Show the list of available interfaces
-l : Line-readable output (for viewing as you save, or sending to other commands)
-q : Be less verbose (more quiet) with your output.
-t : Give human-readable timestamp output.
-tttt : Give maximally human-readable timestamp output.
-i eth0 : Listen on the eth0 interface.
-vv : Verbose output (more v’s gives more output).
-c : Only get x number of packets and then stop.
-s : Define the snaplength (size) of the capture in bytes. Use -s0 to get everything, unless you are intentionally capturing less.
-S : Print absolute sequence numbers.
-e : Get the ethernet header as well.
-q : Show less protocol information.
-E : Decrypt IPSEC traffic by providing an encryption key.

examples:

tcpdump 'src 10.0.2.4 and (dst port 3389 or 22)'

tcpdump dst 192.168.0.2 and src net and not icmp

tcpdump net 1.2.3.0/24

tcpdump -c 1 -X icmp

tcpdump -nnvvS src 10.5.2.3 and dst port 3389

write to one PCAP file

tcpdump port 80 -w capture_file

PreviousDisk NextTCP/IP and OSI

Last updated 4 years ago

Was this helpful?

netstat -ie = ifconfig netstat -lt #show all listening tcp netstat -r #show routing netstat -g #show group membership information of IPV4 and IPV6 netstat -i #show network interfact packet tracnsactions

[root@sf-vm-1 ~]# netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface default 10.0.5.1 0.0.0.0 UG 0 0 0 eno16777984 10.0.5.0 0.0.0.0 255.255.255.0 U 0 0 0 eno16777984 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 [root@sf-vm-1 ~]# netstat -i Kernel Interface table Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg docker0 1500 3 0 0 0 3 0 0 0 BMU eno16777 1500 30067952 0 978 0 21248940 0 0 0 BMRU lo 65536 7256 0 0 0 7256 0 0 0 LRU [root@sf-vm-1 ~]# netstat -g IPv6/IPv4 Group Memberships Interface RefCnt Group --------------- ------ --------------------- lo 1 all-systems.mcast.net eno1677798 1 all-systems.mcast.net docker0 1 all-systems.mcast.net lo 1 ff02::1 lo 1 ff01::1 eno16777984 1 ff02::1:ff46:b199 eno16777984 1 ff02::1 eno16777984 1 ff01::1 docker0 1 ff02::1:ff63:217f docker0 1 ff02::1 docker0 1 ff01::1

1. established 2. syn-sent 3. syn-recv 4. fin-wait-1 5. fin-wait-2 6. time-wait 7. closed 8. close-wait 9. last-ack 10. closing 11. all - All of the above states 12. connected - All the states except for listen and closed 13. synchronized - All the connected states except for syn-sent 14. bucket - Show states, which are maintained as minisockets, i.e. time-wait and syn-recv. 15. big - Opposite to bucket state.