The Netstat command is one of the most powerful utilities that are offered in search of a secure network configuration.
Although the process table will show that daemons have been launched from the command line, and the /etc/inetd.conf file shows you those that are controlled by inetd, the netstat command is the last “authority” in port diagnostics that the Linux server listen to them.
The netstat -inet command shows the connections that are currently active (ESTABLISHED) or interrupted (CLOSE_WAIT) as well as those services that wait for new connections (LISTEN). Netstat displays information about the Linux network subsystem.
You can see the status of network connections by listing the open sockets. This is the default operation: if you do not specify the address families, then the active sockets of all address families will be displayed. With the -idd option (userid) option.
With the -v option, you can determine netstat to tell which the kernel does not support known address families. The option -a can display additional information about network timers.
Activating the option -p will cause the Process PID to be displayed and the name of the program that holds the socket.
Print all sockets, including sockets that listen to server processes.
The inet address family will display raw, UDP, and TCP sockets.
-r, –route
With -r, –route, you get the routing tables of the kernel in the same format as the route -e command. netstat -er will display the format as a route.
-g, –groups
The -g, –groups option displays membership information to a multicast group for IPv4 and IPv6.
-i, –interface
If you use the -i, –interfaces option, a table will be listed with all (or specified interface) network interfaces. The display mode uses the format of the ifconfig -e command and is described in ifconfig (8). The netstat command will print a table or only one interface as the ifconfig command does. With the switch you can also include the interfaces that are not configured (meaning they do not have the U = UP flag set).
-M, –masquerade
A list of all the sneaky sessions can also be viewed. With-you can include more information about sequence numbering and delta factors caused by rewriting data to FTP sessions (PORT command).
-N, –Netlink
Recent kernels have kernel/user communication support called Netlink. You can receive messages about creating or deleting interfaces or routes using the /dev/route device (36.0).
OPTIONS
-v, –verbose
Tell the user details of what’s happening. In particular, it displays some useful information about non-configured address families.
-n, –numeric
Displays the addresses in numeric mode instead of trying to determine the host, port, and user names symbolically.
-p, –programs
Shows the process name and PID of the owner of each socket it displays. You must be the owner of such a process in order to see all of its sockets or, in general, the root user, to see all the possible information.
-A , –af family
Uses a different method to set up address families. family is a list of family keywords separated by commas (‘,’) such as inet, unix, ipx, ax25, netrom, and ddp. This has the same effect as using long options –inet, –unix, –ipx, –ax25, –netrom and –ddp.
-c, –continuous
This will cause Netstat to continuously display the selected table every second until it is interrupted by the user.