1. Home
  2. Networking
  3. Integrated cisco and unix network architectures

socklist and netstat

socklist(8) is a useful tool for displaying open TCP/UDP sockets in an overview fashion (see Example 6-2).

Example 6-2. socklist Output

[root@callisto:~#] socklist

type  port      inode     uid    pid   fd  name

tcp  32768        986      29    681    6  rpc.statd

tcp  32769       1058       0    754    4  rpc.mountd

tcp    929       1042       0    749    4  rpc.rquotad

tcp  32770       1632       0   1157    6  xinetd

tcp    963       1631       0   1157    5  xinetd

tcp    139       1183       0    844    9  smbd

tcp    111        913       0    653    4  portmap

tcp   6000       1986       0   1449    1  X

tcp  10000       1924       0   1385    4  miniserv.pl

tcp     21       1636       0   1157    9  xinetd

tcp     22       1520       0   1066    3  sshd

tcp    505       2968       0   1343    4  rcd

tcp  33424      28161     500   3704   47  mozilla-bin

tcp     22      27806       0   3776    4  sshd

udp  32768        983      29    681    4  rpc.statd

udp   2049       1082       0      0    0

udp  32769       1055       0    754    3  rpc.mountd

udp  32770       1088       0      0    0

udp    137       3257       0    849   15  nmbd

udp    137       1194       0    849   10  nmbd

udp    137       1192       0    849    8  nmbd

udp    137       1189       0    849    6  nmbd

udp    138       3258       0    849   16  nmbd

udp    138       1195       0    849   11  nmbd

udp    138       1193       0    849    9  nmbd

udp    138       1190       0    849    7  nmbd

udp  10000       1925       0   1385    5  miniserv.pl

udp    926       1037       0    749    3  rpc.rquotad

udp     69       1635       0   1157    8  xinetd

udp    111        910       0    653    3  portmap

udp    500       1515       0    939   10  pluto

udp    123       1704       0   1175    7  ntpd

udp    123       1703       0   1175    6  ntpd

udp    123       1702       0   1175    5  ntpd

udp    123       1701       0   1175    4  ntpd

netstat(8) provides additional details about the UNIX network subsystem, such as network connections, routing tables, interface statistics, and multicast memberships (see Example 6-3).

Example 6-3. netstat Output

[root@callisto:~#] netstat -i

Kernel Interface table

Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR   TX-OK TX-ERR TX-DRP TX-OVR Flg

eth0   1500   0       0      0      0      0     439      0      0      0 BMRU

eth1   1500   0   10098      0      0      0    8208      0      0      0 BMRU

eth1:  1500   0     - no statistics available -                        BMRU

ipsec 16260   0       0      0      0      0    7096      0    129      0 ORU

lo    16436   0      64      0      0      0      64      0      0      0 LRU



[root@callisto:~#] netstat -l

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State

tcp        0      0 *:32768                 *:*                     LISTEN

tcp        0      0 *:32769                 *:*                     LISTEN

tcp        0      0 *:929                   *:*                     LISTEN

tcp        0      0 localhost:32770         *:*                     LISTEN

tcp        0      0 *:pkcipe                *:*                     LISTEN

tcp        0      0 *:netbios-ssn           *:*                     LISTEN

tcp        0      0 *:sunrpc                *:*                     LISTEN

tcp        0      0 *:x11                   *:*                     LISTEN

tcp        0      0 callisto:10000          *:*                     LISTEN

tcp        0      0 *:ftp                   *:*                     LISTEN

tcp        0      0 *:ssh                   *:*                     LISTEN

tcp        0      0 *:505                   *:*                     LISTEN

udp        0      0 *:32768                 *:*

udp        0      0 *:nfs                   *:*

udp        0      0 *:32769                 *:*

udp        0      0 *:32770                 *:*

udp        0      0 192.168.45.2:netbios-ns *:*

udp        0      0 192.168.14.1:netbios-ns *:*

udp        0      0 callisto:netbios-ns     *:*

udp        0      0 *:netbios-ns            *:*

udp        0      0 192.168.45.:netbios-dgm *:*

udp        0      0 192.168.14.:netbios-dgm *:*

udp        0      0 callisto:netbios-dgm    *:*

udp        0      0 *:netbios-dgm           *:*

udp        0      0 *:10000                 *:*

udp        0      0 *:926                   *:*

udp        0      0 *:tftp                  *:*

udp        0      0 *:sunrpc                *:*

udp        0      0 callisto:isakmp         *:*

udp        0      0 callisto:ntp            *:*

udp        0      0 192.168.14.1:ntp        *:*

udp        0      0 localhost:ntp           *:*

udp        0      0 *:ntp                   *:*

Active UNIX domain sockets (only servers)

Proto RefCnt Flags       Type       State         I-Node Path

unix  2      [ ACC ]     STREAM     LISTENING     2969   /var/run/rcd/rcd

unix  2      [ ACC ]     STREAM     LISTENING     2564   /tmp/ksocket-gschmied/kdeinit-:0

unix  2      [ ACC ]     STREAM     LISTENING     2569   /tmp/.ICE-unix/dcop1571-1062316048

unix  2      [ ACC ]     STREAM     LISTENING     2704   /tmp/.ICE-unix/1598

unix  2      [ ACC ]     STREAM     LISTENING     2592   /tmp/ksocket-gschmied

graphics/ccc.gif/klauncherKIy0fa.slave-socket

unix  2      [ ACC ]     STREAM     LISTENING     1404   /var/run/pluto.ctl

unix  2      [ ACC ]     STREAM     LISTENING     2675   /tmp/mcop-gschmied

graphics/ccc.gif/callisto-0631-3f51a81c

unix  2      [ ACC ]     STREAM     LISTENING     1987   /tmp/.X11-unix/X0

unix  2      [ ACC ]     STREAM     LISTENING     1712   /dev/gpmctl

unix  2      [ ACC ]     STREAM     LISTENING     1766   /tmp/.font-unix/fs7100



[root@callisto:~#] netstat -s

Ip:

    11160 total packets received

    0 forwarded

    0 incoming packets discarded

    11143 incoming packets delivered

    10339 requests sent out

Icmp:

    0 ICMP messages received

    0 input ICMP messages failed.

    ICMP input histogram:

    4 ICMP messages sent

    0 ICMP messages failed

    ICMP output histogram:

        destination unreachable: 4

Tcp:

    703 active connections openings

    2 passive connection openings

    0 failed connection attempts

    2 connection resets received

    2 connections established

    10272 segments received

    9535 segments sent out

    37 segments retransmitted

    0 bad segments received.

    2 resets sent

Udp:

    875 packets received

    4 packets to unknown port received.

    0 packet receive errors

    800 packets sent

TcpExt:

    ArpFilter: 0

    21 TCP sockets finished time wait in fast timer

    597 delayed acks sent

    2 delayed acks further delayed because of locked socket

    Quick ack mode was activated 30 times

    3 packets directly queued to recvmsg prequeue.

    1 packets directly received from prequeue

    4825 packets header predicted

    TCPPureAcks: 1549

    TCPHPAcks: 2674

    TCPRenoRecovery: 0

    TCPSackRecovery: 0

    TCPSACKReneging: 0

    TCPFACKReorder: 0

    TCPSACKReorder: 0

    TCPRenoReorder: 0

    TCPTSReorder: 0

    TCPFullUndo: 0

    TCPPartialUndo: 0

    TCPDSACKUndo: 0

    TCPLossUndo: 9

    TCPLoss: 0

    TCPLostRetransmit: 0

    TCPRenoFailures: 0

    TCPSackFailures: 0

    TCPLossFailures: 0

    TCPFastRetrans: 0

    TCPForwardRetrans: 0

    TCPSlowStartRetrans: 0

    TCPTimeouts: 22

    TCPRenoRecoveryFail: 0

    TCPSackRecoveryFail: 0

    TCPSchedulerFailed: 0

    TCPRcvCollapsed: 0

    TCPDSACKOldSent: 10

    TCPDSACKOfoSent: 0

    TCPDSACKRecv: 1

    TCPDSACKOfoRecv: 0

    TCPAbortOnSyn: 0

    TCPAbortOnData: 0

    TCPAbortOnClose: 1

    TCPAbortOnMemory: 0

    TCPAbortOnTimeout: 0

    TCPAbortOnLinger: 0

    TCPAbortFailed: 0

    TCPMemoryPressures: 0

The Linux netstat -M command sequence additionally displays masqueraded connections. netstat options can be combined with the -ev switch for extended and even more verbose output (type netstat -ev). We will extensively rely on netstat -rn (the routing table) and netstat -i. netstat -i presents interface counter statistics such as transmitted and received frames, frame errors, and dropped frames. The netstat -g multicast command sequence is discussed in detail in Chapter 14, "Multicast Architectures."

Note that netstat displays various types of sockets:

  • TCP

  • UDP

  • Raw

  • UNIX domain sockets



    		Command Syntax Conventions
    		Chapter 1. Operating System Issues and Features-The Big Picture
    		Chapter 2. User-Space Routing Software
    		Chapter 3. Kernel Requirements for a Full-Featured Lab
    		Chapter 4. Gateway WAN/Metro Interfaces
    		Chapter 5. Ethernet and VLANs
    		Chapter 6. The Analyzer Toolbox, DHCP, and CDP
    		Terminal Emulation Software
    		Secure Shell Tools
    		Protocol Analyzer
    		Statistical Tools
    		Port Scanners
    		socklist and netstat
    		Ping and Traceroute Combinations
    		DNS Auditing Tools
    		Traffic and Packet Generators
    		Lab 6-1: Using Sniffers-DHCP Example
    		Lab 6-2: UNIX CDP Configuration
    		Summary
    		Recommended Reading
    		Chapter 7. The UNIX Routing and ARP Tables
    		Chapter 8. Static Routing Concepts
    		Chapter 9. Dynamic Routing Protocols-Interior Gateway Protocols
    		Chapter 10. ISP Connectivity with BGPv4-An Exterior Gateway Path-Vector Routing Protocol for Interdomain Routing
    		Chapter 11. VPN Technologies, Tunnel Interfaces, and Architectures
    		Chapter 12. Designing for High Availability
    		Chapter 13. Policy Routing, Bandwidth Management, and QoS
    		Chapter 14. Multicast Architectures
    		Chapter 15. Network Address Translation
    		Appendix A. UNIX Kernel Configuration Files
    		Appendix B. The FreeBSD Netgraph Facility