Check Network Connection Command by cyberciti.biz

By | 01/09/2012

Linux: Check Network Connection Command

by Vivek Gite on January 10, 2011 · 2 comments· last updated at January 10, 2011

How do I check network connections under Linux using command line options?

You need to use any one of the following tool or command under Linux to check network connections including their state, source/destination, and addresses and bandwidth usage etc:

  1. ss command: It dump socket (network connection) statistics such as all TCP / UDP connections, established connection per protocol (e.g., display all established ssh connections), display all the tcp sockets in various state such as ESTABLISHED or FIN-WAIT-1 and so on.
  2. netstat command: It can display network connections, routing tables, interfaces and much more.
  3. tcptrack and iftop commands: Displays information about TCP connections it sees on a network interface and display bandwidth usage on an interface by host respectively.

Display Currently Established, Closed, Orphaned and Waiting TCP sockets, enter:

# ss -s

Sample outputs:

Total: 529 (kernel 726)  TCP:   1403 (estab 286, closed 1099, orphaned 1, synrecv 0, timewait 1098/0), ports 774  Transport Total     IP        IPv6  *	  726       -         -  RAW	  0         0         0  UDP	  27        13        14  TCP	  304       298       6  INET	  331       311       20  FRAG	  0         0         0

Or you can use the netstat command as follows:

# netstat -s

Sample outputs:

Ip:      102402748 total packets received      3 with invalid addresses      0 forwarded      0 incoming packets discarded      102192035 incoming packets delivered      95627316 requests sent out  Icmp:      6726 ICMP messages received      167 input ICMP message failed.      ICMP input histogram:          destination unreachable: 2353          timeout in transit: 4          echo requests: 4329      10323 ICMP messages sent      0 ICMP messages failed      ICMP output histogram:          destination unreachable: 5994          echo replies: 4329  IcmpMsg:          InType3: 2353          InType8: 4329          InType11: 4          OutType0: 4329          OutType3: 5994  Tcp:      839222 active connections openings      2148984 passive connection openings      1480 failed connection attempts      1501 connection resets received      281 connections established      101263451 segments received      94668430 segments send out      9820 segments retransmited      0 bad segments received.      1982 resets sent  Udp:      1024635 packets received      18 packets to unknown port received.      0 packet receive errors      1024731 packets sent  TcpExt:      592 invalid SYN cookies received      396 resets received for embryonic SYN_RECV sockets      2 packets pruned from receive queue because of socket buffer overrun      3 ICMP packets dropped because they were out-of-window      2166428 TCP sockets finished time wait in fast timer      2773 time wait sockets recycled by time stamp      11 packets rejects in established connections because of timestamp      1223930 delayed acks sent      298 delayed acks further delayed because of locked socket      Quick ack mode was activated 263 times      16413851 packets directly queued to recvmsg prequeue.      627914668 packets directly received from backlog      1146535624 packets directly received from prequeue      43628505 packets header predicted      10588802 packets header predicted and directly queued to user      8646100 acknowledgments not containing data received      44710342 predicted acknowledgments      5 times recovered from packet loss due to fast retransmit      596 times recovered from packet loss due to SACK data      2 bad SACKs received      Detected reordering 1 times using FACK      Detected reordering 4 times using time stamp      3 congestion windows fully recovered      7 congestion windows partially recovered using Hoe heuristic      TCPDSACKUndo: 44      208 congestion windows recovered after partial ack      2743 TCP data loss events      190 timeouts after SACK recovery      90 timeouts in loss state      2268 fast retransmits      220 forward retransmits      3704 retransmits in slow start      1318 other TCP timeouts      TCPRenoRecoveryFail: 2      98 sack retransmits failed      226 packets collapsed in receive queue due to low socket buffer      267 DSACKs sent for old packets      1 DSACKs sent for out of order packets      272 DSACKs received      34 connections reset due to unexpected data      184 connections reset due to early user close      147 connections aborted due to timeout  IpExt:      InBcastPkts: 10

Display All Open Network Ports

Use the ss command as follows:

# ss -l

Sample outputs:

Recv-Q Send-Q                          Local Address:Port                              Peer Address:Port  0      50                                  127.0.0.1:mysql                                        *:*  0      128                                 127.0.0.1:11211                                        *:*  0      128                                         *:sunrpc                                       *:*  0      128                                        :::www                                         :::*  0      128                                         *:55153                                        *:*  0      3                                  10.1.11.27:domain                                       *:*  0      3                               192.168.1.101:domain                                       *:*  0      3                                   127.0.0.1:domain                                       *:*  0      3                                          :::domain                                      :::*  0      128                                        :::ssh                                         :::*  0      128                                         *:ssh                                          *:*  0      128                                 127.0.0.1:ipp                                          *:*  0      128                                       ::1:ipp                                         :::*  0      128                                        :::afs3-callback                                     :::*  0      128                                         *:afs3-callback                                      *:*  0      100                                         *:smtp                                         *:*  0      128                                       ::1:953                                         :::*  0      128                                 127.0.0.1:953                                          *:*  0      5                                           *:8000                                         *:*

OR Use the netstat command as follows:

# netstat -tulpn

Sample outputs:

Active Internet connections (only servers)  Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name  tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      1380/mysqld  tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      1550/memcached  tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      936/portmap  tcp        0      0 0.0.0.0:55153           0.0.0.0:*               LISTEN      1025/rpc.statd  tcp        0      0 10.1.11.27:53           0.0.0.0:*               LISTEN      1343/named  tcp        0      0 192.168.1.101:53        0.0.0.0:*               LISTEN      1343/named  tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      1343/named  tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      979/sshd  tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      1828/cupsd  tcp        0      0 0.0.0.0:7001            0.0.0.0:*               LISTEN      10129/transmission  tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      1694/master  tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      1343/named  tcp        0      0 0.0.0.0:8000            0.0.0.0:*               LISTEN      1539/icecast2  tcp6       0      0 :::80                   :::*                    LISTEN      1899/apache2  tcp6       0      0 :::53                   :::*                    LISTEN      1343/named  tcp6       0      0 :::22                   :::*                    LISTEN      979/sshd  tcp6       0      0 ::1:631                 :::*                    LISTEN      1828/cupsd  tcp6       0      0 :::7001                 :::*                    LISTEN      10129/transmission  tcp6       0      0 ::1:953                 :::*                    LISTEN      1343/named  udp        0      0 239.255.255.250:1900    0.0.0.0:*                           11937/opera  udp        0      0 239.255.255.250:1900    0.0.0.0:*                           11937/opera  udp        0      0 0.0.0.0:111             0.0.0.0:*                           936/portmap  udp        0      0 0.0.0.0:777             0.0.0.0:*                           1025/rpc.statd  udp        0      0 0.0.0.0:38297           0.0.0.0:*                           1025/rpc.statd  udp        0      0 192.168.1.101:33843     0.0.0.0:*                           11937/opera  udp        0      0 10.1.11.27:53           0.0.0.0:*                           1343/named  udp        0      0 192.168.1.101:53        0.0.0.0:*                           1343/named  udp        0      0 127.0.0.1:53            0.0.0.0:*                           1343/named  udp        0      0 0.0.0.0:68              0.0.0.0:*                           5840/dhclient  udp        0      0 127.0.0.1:11211         0.0.0.0:*                           1550/memcached  udp        0      0 0.0.0.0:7001            0.0.0.0:*                           10129/transmission  udp        0      0 10.1.11.27:33372        0.0.0.0:*                           11937/opera  udp6       0      0 :::53                   :::*                                1343/named

Display All TCP Sockets

Type the ss command as follows:

# ss -t -a

Or use the netstat command as follows:

# netstat -nat

Display All UDP Sockets

Type the ss command as follows:

# ss -u -a

Or use the netstat command as follows:

# netstat -nau

lsof Command

You can use the lsof command follows to list more information about open ports:

# lsof -i :portNumber
# lsof -i tcp:portNumber
# lsof -i udp:portNumber
# lsof -i :80 | grep LISTEN

View Established Connections Only

Use the netstat command as follows:

# netstat -natu | grep 'ESTABLISHED'

Say Hello To tcptrack

The tcptrack command displays the status of TCP connections that it sees on a given network interface. tcptrack monitors their state and displays information such as state, source/destination addresses and bandwidth usage in a sorted, updated list very much like the top command.

# tcptrack -i eth0

Sample outputs:

Fig.01: tcptrack in Action

Fig.01: tcptrack in Action

See how to install and use the tcptrack tool under Linux for more information.

iftop command

The iftop command listens to network traffic on a given network interface such as eth0, and displays a table of current bandwidth usage by pairs of hosts:

# iftop -i eth1

It can display or analyses packet flowing in and out of the 192.168.1.0/24 network:

# iftop -F 192.168.1.0/24

Sample outputs:

Fig.02: iftop command in action

Fig.02: iftop command in action

See how to install and use iftop command under Linux for more information.

Recommended readings:

Please go through the following articles for more information:

You should follow me on twitter here or subscribe via free e-mail newsletter here.

{ 2 comments… read them below or add one }

Ionut Ciucanu February 8, 2011 at 12:48 pm

Great set. Thanks!

Reply

Rony B Chandran February 24, 2012 at 8:54 pm

Thanks a Ton much…

Reply

Leave a Comment

You can use these HTML tags and attributes for your code and commands: <strong> <em> <ol> <li> <u> <ul> <blockquote> <pre> <a href=”” title=””>

What is 3 + 2 ?

Please leave these two fields as-is:
Solve the simple math so we know that you are a human and not a bot.



Tagged as: buffer, congestion, connection attempts, connection statistics, DSACKs, icmp messages, iftop command, InBcastPkts, incoming packets, Internet, ip, IpExt, LISTEN, lsof command, netstat, netstat command, network connections, pid, ports, protocol, Q Local, Q Send-, reordering, reset, retransmit, socket, ss command, ssh connections, sshd, tcp, tcp sockets, TCPDSACKUndo, TCPRenoRecoveryFail, tcptrack command, timeout, transmission, tulpn, udp

Previous Faq: Linux / UNIX: Kill User Session

Next Faq: Linux: Find Out My Machine (Host) Name