How do I see TCP connections in Linux?
Checking the network interfaces on a Linux systemUse the/sbin/ifconfig command, which
may need to be installed in some distributions, is used to view the currently configured network interfaces. The ifconfig command is used to configure a network interface (that is, to associate an IP address with a network device). If you run ifconfig without any command-line arguments, the command displays information about current network interfaces.This output displayed will show the loopback interface ( Show
Checking the IP routing table on a Linux systemThe other network configuration command,/sbin/route , also provides status information when you run it without a command-line argument. If you’re having trouble checking a connection to another
host (that you specify with an IP address), check the IP routing table to see whether a default gateway is specified. Then check the gateway’s routing table to ensure that paths to an outside network appear in that routing table.Typical output from the Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 192.168.0.0 * 255.255.255.0 U 0 0 0 eth2 169.254.0.0 * 255.255.0.0 U 0 0 0 eth2 default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0As this routing table shows, the local network uses the eth0 and eth2 Ethernet interfaces, and the default gateway is the eth0 Ethernet interface. The default gateway is a
routing device that handles packets addressed to any network other than the one in which the Linux system resides. In this example, packets addressed to any network address other than those beginning with 192.168.0 are sent to the gateway — 192.168.0.1 . The gateway forwards those packets to other networks (assuming, of course, that the gateway is connected to another network, preferably the Internet). Checking connectivity to a host on a Linux systemTo check for a network connection to a specific host, use theping command. ping is a widely used TCP/IP tool that uses a series of Internet Control Message Protocol (ICMP, pronounced EYE-comp) messages. ICMP provides for an echo message to which every host responds. Using the ICMP messages and replies, ping can determine whether the other system is alive and can compute the round-trip delay in communicating with that system.The following example shows how you can run ping 192.168.0.1MHere’s what this command displays on a home network: PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data. 64 bytes from 192.168.0.1: icmp_seq=1 ttl=63 time=0.256 ms 64 bytes from 192.168.0.1: icmp_seq=2 ttl=63 time=0.267 ms 64 bytes from 192.168.0.1: icmp_seq=3 ttl=63 time=0.272 ms 64 bytes from 192.168.0.1: icmp_seq=4 ttl=63 time=0.267 ms 64 bytes from 192.168.0.1: icmp_seq=5 ttl=63 time=0.275 ms --- 192.168.0.1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 3999ms rtt min/avg/max/mdev = 0.256/0.267/0.275/0.016 msIn Linux, ping continues to run — unless you used the -c option — until you press Ctrl+C to stop it; then it displays summary statistics showing the typical time it takes to send a packet between the two systems. On some systems, ping simply reports that a remote host is alive. You can still get the timing information by using appropriate command-line arguments, however. The
Checking network status on a Linux systemTo check the status of the network, use thenetstat command. This command displays the status of network connections of various types (such as TCP and UDP connections). You can view the status of the interfaces quickly by typing netstat -i, which results in output similar to the following: Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 613175 0 0 1 574695 0 0 0 BMRU eth2 1500 0 4298 0 0 0 1375 1 0 0 BMRU lo 16436 0 3255 0 0 0 3255 0 0 0 LRUIn this case, the output shows the current status of the loopback and Ethernet interfaces. The table below describes the meanings of the columns. Meanings of Columns in the Kernel Interface Table
netstat option is -t , which shows all active TCP connections. Following is a typical result of typing netstat -t on one Linux PC: Meanings of Columns in the Kernel Interface TableActive Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 localhost:2654 localhost:1024 ESTABLISHED tcp 0 0 localhost:1024 localhost:2654 ESTABLISHED tcp 0 0 LNBNECXAN.nrockv01.:ssh 192.168.0.6:1577 ESTABLISHEDIn this case, the output columns show the protocol ( Proto ), the number of bytes in the receive and transmit queues (Recv-Q , Send-Q ), the local TCP port in hostname:service format (Local Address ), the remote port (Foreign Address ), and the state of the connection.Type netstat -ta
to see all TCP connections — both active and the ones your Linux system is listening to (with no connection established yet). Here’s typical output from the Meanings of Columns in the Kernel Interface TableActive Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:32769 *:* LISTEN tcp 0 0 *:mysql *:* LISTEN tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 *:ftp *:* LISTEN tcp 0 0 localhost.localdomain:ipp *:* LISTEN tcp 0 0 *:telnet *:* LISTEN tcp 0 0 localhost.localdomain:5335 *:* LISTEN tcp 0 0 localhost.localdomain:smtp *:* LISTEN tcp 0 0 192.168.0.9:45876 www.redhat.com:http ESTABLISHED tcp 0 0 192.168.0.9:45877 www.redhat.com:http ESTABLISHED tcp 0 0 192.168.0.9:45875 www.redhat.com:http ESTABLISHED tcp 0 0 *:ssh *:* LISTEN tcp 0 0 ::ffff:192.168.0.7:ssh ::ffff:192.168.0.3:4932 ESTABLISHED Sniffing network packets on a Linux systemSniffing network packets sounds like something illegal, doesn’t it? It’s nothing like that. Sniffing simply refers to viewing the TCP/IP network data packets. The concept is to capture all the network packets so that you can examine them later.If you feel like sniffing TCP/IP packets, you can use tcpdump , log in as root and type the tcpdump command in a terminal window. Typically, you want to save the output in a file and examine that file later. Otherwise, tcpdump starts spewing results that flash by in the window. To capture 1,000 packets in a file named tdout and
attempt to convert the IP addresses to names, type the following command: tcpdump -a -c 1000 > tdoutAfter capturing 1,000 packets, tcpdump quits. Then you can examine the output file, tdout . That file is a text file, so you can simply open it in a text editor or type more tdout to view the captured packets.To whet your curiosity, here are some lines from typical output from 20:05:57.723621 arp who-has 192.168.0.1 tell LNBNECXAN.nrockv01.md.comcast.net 20:05:57.723843 arp reply 192.168.0.1 is-at 0:9:5b:44:78:fc 20:06:01.733633 LNBNECXAN.nrockv01.md.comcast.net.1038 > 192.168.0.6.auth: S 536321100:536321100(0) win 5840The output offers some clues about what’s going on, with each line showing information about one network packet. Every line starts with a time stamp followed by details on the packet (information such as where it originates and where it’s going). No details here, but you can type man tcpdump to find out some of the details (and, more important, see other ways to use tcpdump ).If tcpdump isn’t installed in Debian, type apt-get install tcpdump to install it. You can use another packet sniffer called Wireshark in Linux. Using GUI toolsYou can check the status of your network through the graphical interfaces in several ways. One of those ways is System Monitor.How can I see all TCP connections?You can view the mapping network context of each TCP connection and the number of bytes of data sent and received over each TCP connection by using the netstat command.
How do I see all connections in Linux?To get the list of all clients connected to HTTP (Port 80) or HTTPS (Port 443), you can use the ss command or netstat command, which will list all the connections (regardless of the state they are in) including UNIX sockets statistics.
How do I find TCP IP connections?To test your TCP/IP connection to the network, follow these steps:. Verify that TCP/IP communication is configured and started on each of the workstations. ... . From a workstation, open a command prompt and type ping followed by the IP address of the interface you have configured.. What is the command to check connections in Linux?ping. The ping command is the simplest and most often used command for doing basic connectivity testing. It sends out packets called echo requests and are packets that request a response.
|