In Linux operating system, many services are running. All services are client and server architecture based; hence networking is must to communicate with another system or to external world through internet. To monitor the network, we use netstat to get statistic of the network and information such as connection, routing tables and interface statistics. Most of the Linux administrator will use this command for trouble shooting network problems. Using the netstat command, we can get the all active TCP or UDp connection, ethernet statistics, display stream statistics (which process are using socket) and display content of the IP routing table.
[[email protected] ~]# netstat | head
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 ::ffff:192.168.1.104:ssh ::ffff:192.168.1.115:re101 ESTABLISHED
tcp 0 52 ::ffff:192.168.1.104:ssh ::ffff:192.168.1.1:lipsinc1 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 1122 @/org/kernel/udev/udevd
unix 2 [ ] DGRAM 5923 @/org/freedesktop/hal/udev_event
unix 22 [ ] DGRAM 4838 /dev/log
unix 2 [ ] STREAM 28089
Above command output shows active connections on this machine. In this Example, I have connected my Linux Test Box through SSH from the 192.168.1.115.
Using netstat command, we find information related to routing table.
[[email protected] ~]# netstat -route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
Above program displays routing tables information on Linux system. Here, you can find whatever request comes from application layer (web browser); it goes to default route that is gateway through interface eth0.
[[email protected] ~]# netstat -l | grep -i ssh
tcp 0 0 *:ssh *:* LISTEN
-l option shows listen sockets. Using this, we can find service which transport protocol is using. In above example, ssh using tcp as transport (Transport Layer) protocol.
This command will display network gateway information on Linux server.