Prakash Sawarkar: August 2013

Sunday, 18 August 2013

Redo Backup, Recovery Tool to Backup and Restore Systems

Redo Backup and Recovery is so simple that anyone can use it. It is the easiest, most complete disaster recovery solution available. It allows bare-metal restore. Bare metal restore is not only the best solution for hardware failure, it is also the ultimate antivirus: Even if your hard drive melts or gets completely erased by a virus, you can have a completely-functional system back up and running in as little as 10 minutes.

All your documents and settings will be restored to the exact same state they were in when the last snapshot was taken. Redo Backup and Recovery is a live CD, so it does not matter if you use Windows or Linux. You can use the same tool to backup and restore every machine. And because it is open source released under the GPL, it is completely free for personal and commercial use.
Requirements : USB External Storage Device / Hard Drive or shared network drive.

Download the latest version of the Redo Backup live CD.http
http://sourceforge.net/projects/redobackup/ or http://redobackup.org/

After creating ISO CD image, put the CD in and reboot your computer to use Redo Backup. While system is starting you may need to press F8 or F12 keys to boot from the CD-ROM drive.
Click on "Start Redo Backup"

Welcome screen of "Redo Backup" interface

This is the Redo main menu interface. Connect your USB external storage device to your system and then click on the 'Backup or Restore' option.

Click on the 'Backup' button.

Select which parts of the drive to create backup of. Leave all parts selected if you are unsure. Click on "Next".

Select Destination Drive it could be local drive connected to your computer USB storage device or shared network drive. or shared network drive.

Select Backup Destination Drive

Next it will ask you to give unique name for this backup image, such as the “date“. Today’s date is automatically entered for you like “20130950“.
Next it will backing up your system to the location you selected. This may take an hour or more depending on the speed of your computer and the amount of data you have.

That’s it, you successfully created backup image for your computer. If you would like to Restore this image on any other computer follow the same procedure and select “Restore“, then follow on-screen instructions.

When the process has completed, click on the 'OK' button then reboot or power off your system by clicking on the 'Power Off' option.

Sunday, 11 August 2013

Tcpdump Commands – A Network Sniffer Tool

Tcpdump is a most powerful and widely used command-line packets sniffer or package analyzer tool which is used to capture or filter TCP/IP packets that received or transferred over a network on a specific interface. It is available under most of the Linux/Unix based operating systems. tcpdump also gives us a option to save captured packets in a file for future analysis. It saves the file in a pcap format, that can be viewed by tcpdump command or a open source GUI based tool called Wireshark (Network Protocol Analyzier) that reads tcpdump pcap format files.
1 TCPDUMP works in network layer
2 A network packet header consists of sender,destination,state information and other flag informations.
3TCPDUMP only captures the first 96bytes of data from the packet by default.
Most of the linux distributions these days comes preloaded with tcpdump tool. But you need to be root or sudo permissions to run the tool
Packet sniffer tool called tcpdump.Here, we are going to show you how to install tcpdump and then we discuss and cover some useful commands with their practical examples.
Checking if TCPDUMP is already installed on the machine.
# rpm -qa | grep tcpdump
tcpdump-4.0.0-3.20090921gitdf3cb4.2.el6.x86_64
If not then install
# yum install tcpdump
Once tcpdump tool is installed on systems, you can continue to browse following commands with their examples.
1.Capture Packets from Specific Interface
The command screen will scroll up until you interrupt and when we execute tcpdump command it will captures from all the interfaces, however with -i switch only capture from desire interface.
# tcpdump -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
22:06:54.730711 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq 45175180:45175360, ack 217829, win 41860, length 180
22:06:54.730753 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq 45175360:45175620, ack 217829, win 41860, length 260
22:06:54.730799 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq 45175620:45175912, ack 217829, win 41860, length 292
22:06:54.730843 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq 45175912:45176220, ack 217829, win 41860, length 308
22:06:54.730885 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 45174140, win 63440, length 0
22:06:54.730889 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 45174692, win 62888, length 0
22:06:54.730891 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq 45176220:45176528, ack 217829, win 41860, length 308
22:06:54.730892 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 45175180, win 64240, length 0
2. Capture Only N Number of Packets
When you run tcpdump command it will capture all the packets for specified interface, until you Hit cancel button. But using -c option, you can capture specified number of packets. The below example will only capture 5 packets.
# tcpdump -c 5 -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
22:10:37.385308 IP6 fe80::b947:a4a7:3540:fbd0.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
22:10:37.386857 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq 775198156:775198352, ack 2552333147, win 41860, length 196
22:10:37.387109 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 196, win 64240, length 0
22:10:37.387482 IP oracle.microair.in.48204 > google-public-dns-a.google.com.domain: 20907+ PTR? 2.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa. (90)
22:10:37.441122 IP 172.24.0.69.7765 > 255.255.255.255.7765: UDP, length 92
5 packets captured
51 packets received by filter
0 packets dropped by kernel
3. Print Captured Packets in ASCII
The below tcpdump command with option -A displays the package in ASCII format. It is a character-encoding scheme format.
# tcpdump -A -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
22:12:28.783324 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [.], seq 3274416:3275876, ack 14717, win 41860, length 1460
E...[.@.@................f...!.OP...^"........\........S?}.....0..5 ... +..6wJ....\"....`d.C......{.H......n)...*/...A..x...(..U..f...t!..?l.'.V y...@.$.;`.~..!-...#..............Q.hA......vM.e*....U.`._..x....L."}".%.......!.C.yDm....9,.3.d.!....7.K.....{......Jk..xI...G..O.-uu...6&.`.....f.....j..]`..T7.....*..z.\...3T.bR..[\.
..A.....3...U.9R.U..?Q
...\s#.........9b......rp;{..K.l.$Q,...............(...z...zW...Q.fs.-.M.|a.|+
..@...M...Vc+O.<....=xi.0.y....z....N....]B..w...|.i....13..LE..I...k..^vCre..-zq..n...I..=7.i....4M...<l..8q9A>t.....N>.,{..~.........0u%...G..w.5._.|.a6&.1X...e.......b.W.m.!..[z.....\".....mg..1...x.j.........U#..J=.u@...j.b8m...;.....@.@G....>..+Y<..+..>-.i...yR....h.n..{x}.L....w...xH....:..A....V,*...p$aq |..G.......w.....nA5X.S{...M..$.P0.
length 31
GTTQUICKADMIN........}.{.................F...'...T..........
3818 packets captured
5343 packets received by filter
494 packets dropped by kernel
4. Display Available Interfaces
To list number of available interfaces on the system, run the following command with -D option.
# tcpdump -D
1.eth0
2.usbmon1 (USB bus number 1)
3.usbmon2 (USB bus number 2)
4.usbmon3 (USB bus number 3)
5.usbmon4 (USB bus number 4)
6.usbmon5 (USB bus number 5)
7.usbmon6 (USB bus number 6)
8.usbmon7 (USB bus number 7)
9.usbmon8 (USB bus number 8)
10.any (Pseudo-device that captures on all interfaces)
11.lo
5. Display Captured Packets in HEX and ASCII
The following command with option -XX capture the data of each packet, including its link level header in HEX and ASCII format.
# tcpdump -XX -i eth0
22:16:50.395579 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 17683412, win 64240, length 0
0x0000: 78ac c0bf 1f28 001d 7d5d 6cc1 0800 4500 x....(..}]l...E.
0x0010: 0028 2930 4000 8006 794c ac18 0011 ac18 .()0@...yL......
0x0020: 0012 dfe9 0016 9822 fd4b 2f75 3468 5010 .......".K/u4hP.
0x0030: faf0 8344 0000 0000 0000 0000 ...D........
22:16:50.398976 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 17685192, win 64240, length 0
0x0000: 78ac c0bf 1f28 001d 7d5d 6cc1 0800 4500 x....(..}]l...E.^C
0x0010: 0028 2932 4000 8006 794a ac18 0011 ac18 .()2@...yJ......
0x0020: 0012 dfe9 0016 9822 fd7f 2f75 3b5c 5010 ......."../u;\P.
0x0030: faf0 7c1c 0000 0000 0000 0000 ..|.........
6. Capture and Save Packets in a File
As we said, that tcpdump has a feature to capture and save the file in a .pcap format, to do this just execute command with -w option.
# tcpdump -w 0001.pcap -i eth0
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
3242 packets captured
5443 packets received by filter
459 packets dropped by kernel
7. Read Captured Packets File
To read and analyze captured packet 0001.pcap file use the command with -r option, as shown below.
# tcpdump -r 0001.pcap
reading from file 0001.pcap, link-type EN10MB (Ethernet)
22:18:20.777219 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq 796301044:796301176, ack 2552432619, win 41860, length 132
22:18:20.777768 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 132, win 63328, length 0
22:18:20.778891 ARP, Request who-has 172.24.0.237 tell 172.24.0.222, length 46
22:18:20.779235 ARP, Request who-has 172.24.0.222 tell 172.24.0.237, length 46
22:18:20.789737 IP6 fe80::838:18d9:7a9f:ada4 > ff02::1:ff3f:f871: ICMP6, neighbor solicitation, who has fe80::f6ce:46ff:fe3f:f871, length 32
22:18:20.804236 ARP, Request who-has 172.24.0.100 tell 172.24.0.225, length 46
22:18:20.851399 ARP, Request who-has 172.24.229.57 tell 172.24.1.56, length 46
22:18:20.884141 IP6 fe80::99e1:a71b:73e4:c08f.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
22:18:20.971320 IP6 fe80::838:18d9:7a9f:ada4 > ff02::1:ff3f:f871: ICMP6, neighbo
8. Capture IP address Packets
To capture packets for a specific interface, run the following command with option -n.
# tcpdump -n -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
22:22:36.418987 IP 172.24.0.18.ssh > 172.24.0.17.57321: Flags [P.], seq 491164:491328, ack 2237, win 41860, length 164
22:22:36.419018 IP 172.24.0.18.ssh > 172.24.0.17.57321: Flags [P.], seq 491328:491492, ack 2237, win 41860, length 164
22:22:36.419061 IP 172.24.0.18.ssh > 172.24.0.17.57321: Flags [P.], seq 491492:491736, ack 2237, win 41860, length 244
22:22:36.419103 IP 172.24.0.18.ssh > 172.24.0.17.57321: Flags [P.], seq 491736:491996, ack 2237, win 41860, length 260
22:22:36.419154 IP 172.24.0.18.ssh > 172.24.0.17.57321: Flags [P.], seq 491996:492288, ack
9. Capture only TCP Packets.
To capture packets based on TCP port, run the following command with option tcp.
# tcpdump -i eth0 tcp
22:24:26.130264 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 379764, win 64240, length
22:24:26.130272 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 380124, win 63880, length
22:24:26.130308 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq 381100:381280, ack 1769, win 41860, length 180
22:24:26.130359 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq 381280:381684, ack 1769, win 41860, length 404
22:24:26.130405 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq 381684:381960, ack 1769, win 41860, length 276
22:24:26.130453 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq 381960:382140, ack 1769, win 41860, length 180
22:24:26.130502 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq
10. Capture Packet from Specific Port
Let’s say you want to capture packets for specific port 22, execute the below command by specifying port number 22 as shown below.
# tcpdump -i eth0 port 22
22:26:07.085560 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq 252584:252860, ack 1145, win 41860, length 276
22:26:07.085599 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq 252860:253008, ack 1145, win 41860, length 148
22:26:07.085629 IP oracle.microair.in.ssh > 172.24.0.17.57321: Flags [P.], seq 253008:253172, ack 1145, win 41860, length 164
22:26:07.085713 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 251740, win 63164, length
22:26:07.085722 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 252292, win 62612, length
22:26:07.085727 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 252860, win 62044, length
11. Capture Packets from source IP
To capture packets from source IP, say you want to capture packets for 192.168.0.2, use the command as follows.
# tcpdump -i eth0 src 172.24.0.17
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
22:29:25.056030 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 815597688, win 63160,
22:29:25.340967 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 149, win 63012, length 0
22:29:25.540963 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 297, win 62864, length 0
22:29:25.603310 IP 172.24.0.17.54624 > 224.0.0.252.hostmon: UDP, length 27
22:29:25.672694 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 561, win 64240, length 0
22:29:25.703109 IP 172.24.0.17.54624 > 224.0.0.252.hostmon: UDP, length 27
22:29:25.703428 IP 172.24.0.17.57321 > oracle.microair.in.ssh: Flags [.], ack 82
12. Capture Packets from destination IP
To capture packets from destination IP, say you want to capture packets for 173.194.36.21, use the command as follows.
# tcpdump -i eth0 dst 173.194.36.21
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
10:55:01.798591 IP 192.168.0.2.59896 > 173.194.36.21.http: Flags [.], ack 2480401451, win 318, options [nop,nop,TS val 7955710 ecr 804759402], length 0
10:55:05.527476 IP 192.168.0.2.59894 > 173.194.36.21.http: Flags [F.], seq 2521556029, ack 2164168606, win 245, options [nop,nop,TS val 7959439 ecr 804759284], length 0
10:55:05.626027 IP 192.168.0.2.59894 > 173.194.36.21.http: Flags [.], ack 2, win 245, o
13 Capture ARP traffic
# tcpdump -i eth0 arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
22:39:04.490803 ARP, Request who-has 172.24.230.102 tell 172.24.1.56, length 46
22:39:04.725159 ARP, Request who-has 172.24.2.254 tell 172.24.3.128, length 46
22:39:04.838408 ARP, Request who-has 172.24.1.83 tell 172.24.0.239, length 46
C22:39:05.003475 ARP, Request who-has 172.24.3.106 tell 172.24.3.107, length 46

Saturday, 3 August 2013

Linux Netstat Command Examples

Netstat command displays various network related information such as network connections, routing tables, interface statistics, masquerade connections, multicast memberships etc.
10 practical Linux netstat command examples.

1. List All Ports (both listening and non listening ports)
List all ports using netstat -a
# netstat -a | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address Stat
e
tcp 0 0 *:submission *:* LIST
EN
tcp 0 0 localhost:dyna-access *:* LIST
EN
tcp 0 0 *:sunrpc *:* LIST
EN
tcp 0 0 *:urd *:* LIST
EN
tcp 0 0 *:ssh *:* LIST
EN
tcp 0 0 *:smtp *:* LIST
EN
tcp 0 0 *:iscsi-target *:* LIST
EN
tcp 0 0 *:49641 *:* LIST
EN
tcp 0 52 oracle.microair.in:ssh 172.24.23.153:14211 ESTA
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 14148 /tmp/.X11-unix/X9
unix 2 [ ACC ] STREAM LISTENING 12054 @/var/run/hald/dbus-cYZ
kVWR8Gb
unix 2 [ ACC ] STREAM LISTENING 14230 /tmp/orbit-root/linc-90
0-0-3376678e2d44f
unix 2 [ ACC ] STREAM LISTENING 14719 /tmp/orbit-root/linc-8f
1-0-4e4fb3ab4acf6
unix 2 [ ] DGRAM 10609 /var/run/portreserve/so
cket
unix 2 [ ACC ] STREAM LISTENING 10684 /var/run/rpcbind.sock
List all tcp ports using netstat -at
# netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:submission *:* LISTEN
tcp 0 0 localhost:dyna-access *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:urd *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
List all udp ports using netstat -au
# netstat -au
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 *:sunrpc *:*
udp 0 0 *:ipp *:*
udp 0 0 *:iris-xpcs *:*
udp 0 0 *:821 *:*
udp 0 0 *:41786 *:*
udp 0 0 *:sunrpc *:*
2. List Sockets which are in Listening State
List only listening ports using netstat -l
# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:submission *:* LISTEN
tcp 0 0 localhost:dyna-access *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:urd *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
tcp 0 0 *:iscsi-target *:* LISTEN
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 14148 /tmp/.X11-unix/X9
unix 2 [ ACC ] STREAM LISTENING 12054 @/var/run/hald/dbus-cYZkVWR8Gb
unix 2 [ ACC ] STREAM LISTENING 14230 /tmp/orbit-root/linc-900-0-3376678e2d44f
unix 2 [ ACC ] STREAM LISTENING 14719 /tmp/orbit-root/linc-8f
List only listening TCP Ports using netstat -lt
# netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:submission *:* LISTEN
tcp 0 0 localhost:dyna-access *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:urd *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
List only listening UDP Ports using netstat -lu
# netstat -lu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 *:sunrpc *:*
udp 0 0 *:ipp *:*
udp 0 0 *:iris-xpcs *:*
udp 0 0 *:821 *:*
List only the listening UNIX Ports using netstat -lx
# netstat -lx
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 14148 /tmp/.X11-unix/X9
unix 2 [ ACC ] STREAM LISTENING 12054 @/var/run/hald/dbus-cYZkVWR8Gb
unix 2 [ ACC ] STREAM LISTENING 14230 /tmp/orbit-root/linc-900-0-3376678e2d44f
unix 2 [ ACC ] STREAM LISTENING 14719 /tmp/orbit-root/linc-8f1-0-4e4fb3ab4acf6
unix 2 [ ACC ] STREAM LISTENING 10684 /var/run/rpcbind.sock
unix 2 [ ACC ] STREAM LISTENING 10737 /var/run/mcelog-client
unix 2 [ ACC ] STREAM LISTENING 11764 /var/run/dbus/system_bu
3. Show the statistics for each protocol
Show statistics for all ports using netstat -s
# netstat -s
Ip:
390700 total packets received
0 forwarded
0 incoming packets discarded
383228 incoming packets delivered
8510 requests sent out
Icmp:
7 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
destination unreachable: 2
echo requests: 5
79 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 74
echo replies: 5
IcmpMsg:
InType3: 2
InType8: 5
OutType0: 5
OutType3: 74
Tcp:
5 active connections openings
113 passive connection openings
16 failed connection attempts
0 connection resets received
1 connections established
7103 segments received
10131 segments send out
73 segments retransmited
0 bad segments received.
378 resets sent
Udp:
42 packets received
13 packets to unknown port received.
0 packet receive errors
44 packets sent
Show statistics for TCP (or) UDP ports using netstat -st (or) -su
# netstat -st
# netstat -su
4. Display PID and program names in netstat output using netstat -p
netstat -p option can be combined with any other netstat option. This will add the “PID/Program Name” to the netstat output. This is very useful while debugging to identify which program is running on a particular port.
# netstat -pt
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 248 oracle.microair.in:ssh 172.24.0.17:57321 ESTABLISHED 29088/sshd
5. Don’t resolve host, port and user name in netstat output
When you don’t want the name of the host, port or user to be displayed, use netstat -n option. This will display in numbers, instead of resolving the host name, port name, user name.
This also speeds up the output, as netstat is not performing any look-up.
# netstat -an
If you don’t want only any one of those three items ( ports, or hosts, or users ) to be resolved, use following commands.
# netsat -a --numeric-ports
# netsat -a --numeric-hosts
# netsat -a --numeric-users
6. Print netstat information continuously
netstat will print information continuously every few seconds.
# netstat -c
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 prakash-laptop.loc:33362 201-151-18-123.ama:www ESTABLISHED
tcp 1 1 prakash-laptop.loc:52144 201.41.143.232:www CLOSING
tcp 0 0 prakash-laptop.loc:43143 server-101-41-43-5:www ESTABLISHED
7. Find the non supportive Address families in your system
# netstat --verbose
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 52 oracle.microair.in:ssh 172.24.0.17:57321 ESTABLISHED
netstat: no support for `AF INET (sctp)' on this system.
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 10609 /var/run/portreserve/socket
unix 2 [ ] DGRAM 10824 /var/run/fcm/fcm_clif
unix 2 [ ] DGRAM 1855 @/org/kernel/udev/udevd
unix 15 [ ] DGRAM 10626 /dev/log
unix 2 [ ] DGRAM 11192 @/org/freedesktop/hal/u
At the end, you will have something like this.
unix 3 [ ] STREAM CONNECTED 14695 @/tmp/.X11-unix/X9
netstat: no support for `AF IPX' on this system.
netstat: no support for `AF AX25' on this system.
netstat: no support for `AF X25' on this system.
netstat: no support for `AF NETROM' on this system.
8. Display the kernel routing information using netstat -r
# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default 172.16.24.251 0.0.0.0 UG 0 0 0 eth0
link-local * 255.255.0.0 U 0 0 0 eth0
172.10.0.0 * 255.255
Note: Use netstat -rn to display routes in numeric format without resolving for host-names.
9. Find out on which port a program is running
# netstat -ap | grep ssh
tcp 0 0 *:ssh *:* LISTEN 2125/sshd
tcp 0 52 oracle.microair.in:ssh 172.16.0.223:56231 ESTABLISHED 29088/sshd
tcp 0 0 *:ssh *:* LISTEN 2125/sshd
unix 2 [ ] DGRAM 62948 29088/sshd
Find out which process is using a particular port:
# netstat -an | grep ':80'
10. Show the list of network interfaces
# netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR
eth0 1500 0 0 0 0 0 0 0 0 0
eth2 1500 0 743679 0 0 0 262033 6 0 0
lo 65336 0 4 0 0 0 4 0 0 0
Display extended information on the interfaces (similar to ifconfig) using netstat -ie:
# netstat -ie
Kernel Interface table
eth0 Link encap:Ethernet HWaddr 73:CC:A0:BF:BF:14
inet addr:172.16.0.223 Bcast:172.16.4.255 Mask:255.255.252.0
inet6 addr: fe80::7aac:c0ff:febf:1f28/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:750344 errors:0 dropped:0 overruns:0 frame:0
TX packets:26214 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:78170590 (74.5 MiB) TX bytes:8935032 (8.5 MiB)
Interrupt:19 Memory:f0500000-f0520000