Netstat

What is “Netstat”

“Netstat is an extremely useful Linux command line tool that allows you to check which service is connecting to a port on your machine. It is very useful to analyze what’s going on on your machine when you are facing or trying to to prevent an attack on it. You can find information such as how many connection are being made on a port, which IP addresses these connections originate from, and much more. Netstat ships with most distributions of Linux so it should already be installed on yours”

In short, the netstat command is used to show network status. However, the netstat command can be used to determine the amount of traffic on the network to ascertain whether performance problems are due to network congestion.

Below is the Netstat command to show traffic

netstat -ant

You will get a result something like that

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 ::ffff:192.168.1.19:80 ::ffff:192.168.1.240:63049 TIME_WAIT
tcp 0 0 ::ffff:192.168.0.19:80 ::ffff:192.168.1.240:62793 TIME_WAIT
tcp 0 0 ::ffff:192.168.1.19:80 ::ffff:192.168.1.240:62795 TIME_WAIT

The first thing you realize is that an output this big is not of too much use. So you can different it by port, such as port 80 (web service) or 3306 (mysql service)

netstat -ant | grep 80
netstat -ant | grep 3306

If you want to see how much connection is the particular service, you can sort it as below command

netstat -ant | grep 80 | wc -l
netstat -ant | grep 3306 | wc -l

Netstat is a very powerful command if you know how to optimize it. You can use it for all kind of service in the server.

Leave a Reply

Your email address will not be published. Required fields are marked *