What is the meaning of the –t, -u, –n, –a and –p options in netstat? (use man netstat to answer)
Display the services currently running.
a. Use the ps command to display all the programs running in the background:
[analyst@secOps ~]$ sudo ps –elf
[sudo] password for analyst:
F S UID PID PPID C PRI NI ADDR SZ WCHAN STIME TTY TIME CMD
4 S root 1 0 0 80 0 - 2250 SyS_ep Feb27 ? 00:00:00 /sbin/init
1 S root 2 0 0 80 0 - 0 kthrea Feb27 ? 00:00:00 [kthreadd]
1 S root 3 2 0 80 0 - 0 smpboo Feb27 ? 00:00:00 [ksoftirqd/0]
1 S root 5 2 0 60 -20 - 0 worker Feb27 ? 00:00:00 [kworker/0:0H]
1 S root 7 2 0 80 0 - 0 rcu_gp Feb27 ? 00:00:00 [rcu_preempt]
1 S root 8 2 0 80 0 - 0 rcu_gp Feb27 ? 00:00:00 [rcu_sched]
1 S root 9 2 0 80 0 - 0 rcu_gp Feb27 ? 00:00:00 [rcu_bh]
1 S root 10 2 0 -40 - - 0 smpboo Feb27 ? 00:00:00 [migration/0]
1 S root 11 2 0 60 -20 - 0 rescue Feb27 ? 00:00:00 [lru-add-drain]
5 S root 12 2 0 -40 - - 0 smpboo Feb27 ? 00:00:00 [watchdog/0]
1 S root 13 2 0 80 0 - 0 smpboo Feb27 ? 00:00:00 [cpuhp/0]
5 S root 14 2 0 80 0 - 0 devtmp Feb27 ? 00:00:00 [kdevtmpfs]
1 S root 15 2 0 60 -20 - 0 rescue Feb27 ? 00:00:00 [netns]
1 S root 16 2 0 80 0 - 0 watchd Feb27 ? 00:00:00 [khungtaskd]
1 S root 17 2 0 80 0 - 0 oom_re Feb27 ? 00:00:00 [oom_reaper]
b. In Linux, programs can also call other programs. The ps command can also be used to display such process hierarchy. Use –ejH options to display the currently running process tree.
[analyst@secOps ~]$ sudo ps –ejH
[sudo] password for analyst:
1 1 1 ? 00:00:00 systemd
167 167 167 ? 00:00:01 systemd-journal
193 193 193 ? 00:00:00 systemd-udevd
209 209 209 ? 00:00:00 rsyslogd
210 210 210 ? 00:01:41 java
212 212 212 ? 00:00:01 ovsdb-server
213 213 213 ? 00:00:00 start_pox.sh
224 213 213 ? 00:01:18 python2.7
214 214 214 ? 00:00:00 systemd-logind
216 216 216 ? 00:00:01 dbus-daemon
221 221 221 ? 00:00:05 filebeat
239 239 239 ? 00:00:05 VBoxService
287 287 287 ? 00:00:00 ovs-vswitchd
382 382 382 ? 00:00:00 dhcpcd
387 387 387 ? 00:00:00 lightdm
410 410 410 tty7 00:00:10 Xorg
460 387 387 ? 00:00:00 lightdm
492 492 492 ? 00:00:00 sh
503 492 492 ? 00:00:00 xfce4-session
513 492 492 ? 00:00:00 xfwm4
517 492 492 ? 00:00:00 Thunar
1592 492 492 ? 00:00:00 thunar-volman
519 492 492 ? 00:00:00 xfce4-panel
554 492 492 ? 00:00:00 panel-6-systray
559 492 492 ? 00:00:00 panel-2-actions
523 492 492 ? 00:00:01 xfdesktop
530 492 492 ? 00:00:00 polkit-gnome-au
395 395 395 ? 00:00:00 nginx
396 395 395 ? 00:00:00 nginx
408 384 384 ? 00:01:58 java
414 414 414 ? 00:00:00 accounts-daemon
418 418 418 ? 00:00:00 polkitd
c. As mentioned before, servers are essentially programs, often started by the system itself at boot time. The task performed by a server is called service. In such fashion, a web server provides web services.
The netstat command is a great tool to help identify the network servers running on a computer. The power of netstat lies on its ability to display network connections.
In the terminal window, type netstat.
[analyst@secOps ~]$ netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost.localdo:48746 localhost.local:wap-wsp ESTABLISHED
tcp 0 0 localhost.localdo:48748 localhost.local:wap-wsp ESTABLISHED
tcp6 0 0 localhost.local:wap-wsp localhost.localdo:48748 ESTABLISHED
tcp6 0 0 localhost.local:wap-wsp localhost.localdo:48746 ESTABLISHED
tcp6 0 0 localhost.local:wap-wsp localhost.localdo:48744 ESTABLISHED
tcp6 0 0 localhost.localdo:48744 localhost.local:wap-wsp ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 3 [ ] DGRAM 8472 /run/systemd/notify
unix 2 [ ] DGRAM 8474 /run/systemd/
cgroups-agent
As seen above, netstat returns lots of information when used without options. Many options can be used to filter and format the output of netstat, making it more useful.
d. Use netstat with the –tunap options to adjust the output of netstat. Notice that netstat allows multiple options to be grouped together under the same “- ” sign.
The information for the nginx server is highlighted.
[analyst@secOps ~]$ sudo netstat -tunap
[sudo] password for analyst:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
395/nginx: master p
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
279/vsftpd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
277/sshd
tcp 0 0 0.0.0.0:6633 0.0.0.0:* LISTEN
257/python2.7
tcp6 0 0 :::22 :::* LISTEN
277/sshd
tcp6 0 0 :::23 :::* LISTEN
1/init
udp 0 0 192.168.1.15:68 0.0.0.0:*
237/systemd-network
-a: shows both listen and non-listening sockets. -n: use numeric output (no DNS, service port or username resolution), -p: show the PID of the connection owner process. -t: shows TCP connections. –u: shows UDP connections
Computer Science & Information Technology
You might also like to view...
Many businesses have realized that social media is not an important part of their marketing plan
Indicate whether the statement is true or false
Computer Science & Information Technology
Any unwanted and unsolicited email is called spam.
Answer the following statement true (T) or false (F)
Computer Science & Information Technology
______________ connections to ISPs use a standard telephone line with special equipment on each end to create always-on Internet connections at speeds much greater than dial-up.
A. FTTN B. ISDN C. DSL D. Broadband cable
Computer Science & Information Technology
One way you can open the Create Alternate Layout dialog box is by clicking the Create Alternate layout command on the _______________ menu.
Fill in the blank(s) with the appropriate word(s).
Computer Science & Information Technology