Mason Firewall

This page printed from: https://www.linuxmonth.com/issue3/tips/tip6.html?print=1

Useful Tip # 6

Regular Tip

Ever wonder what ports are open on your Linux machine ? Did you ever want to know who was connecting to your machine and what services were they connecting to ? Netstat does just that.

To take a look at all TCP ports that are open on you system.
The use of the '-n' option will give you numerical addresses instead of determining the host. This speeds up the response of the output. The '-l' option only shows connections which are in "LISTEN" mode. And '-t' only shows the TCP connections.


netstat -nlt

[user@mymachine /home/user]# netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN

The above output show that I have 3 open ports (80, 3306, 22) on my sytem and are waiting for connections on all of the interfaces. The three ports are 80 => apache , 3306 => mysql, 22 => ssh.

Let's take a look at the active connections to this machine. For this you don't use the '-l' option but instead use the '-a' option. The '-a' stand for, yup, you guessed it, show all.


netstat -nat

[user@mymachine /user]# netstat -nat
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 206.112.62.102:80       204.210.35.27:3467      ESTABLISHED   
tcp        0      0 206.112.62.102:80       208.229.189.4:2582      FIN_WAIT2   
tcp        0   7605 206.112.62.102:80       208.243.30.195:36957    CLOSING     
tcp        0      0 206.112.62.102:22       10.60.1.18:3150         ESTABLISHED 
tcp        0      0 206.112.62.102:22       10.60.1.18:3149         ESTABLISHED 
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      


The above output shows I have 3 web request that are currently being made or are about to finish up. It also show I have 2 SSH connections established. Now I know which IP address are making web requests or have SSH connections open. For more info on the different states, ie "FIN_WAIT2" and "CLOSING" please consult your local man pages.

Well that was a quick tip on how to use netstat to see what TCP ports are open on your machine and who is connecting to them. Hope it was helpful. Share the knowledge !


Other Tips


If you have a useful tip you want to share with the community please let us know at: suggestions@www.linuxmonth.com