View network connections of Linux Servers

peterking1697923543 peterking1697923543
Blog
View network connections of Linux Servers

Network monitoring is an essential task for any system administrator, as it can help diagnose problems, optimize performance, and secure the network. In this blog, I will show you how to install and use some of the most popular tools for network monitoring on Linux, such as:

  • netstat: A command-line tool that displays information about the network connections, routing tables, interface statistics, and more.
  • pktstat: A tool that displays the bandwidth usage of each network interface, showing the current, average, and peak values.

How to Install netstat and pktstat

To install these tools on your Linux server, you can use the following commands:

  • For Debian-based distributions (such as Ubuntu), use sudo apt-get install net-tools pktstat
  • For Arch-based distributions, use sudo pacman -S net-tools pktstat
  • For Red Hat-based distributions, use sudo dnf install net-tools pktstat

How to Use netstat and pktstat

To use netstat, you can run the command netstat with various options to filter and display the information you need. For example, to list only the active TCP and/or UDP connections, you can use the -t and -u options, respectively. To show the numerical addresses and ports instead of the hostnames and service names, you can use the -n option. To show the process ID and name that owns each socket, you can use the -p option. To show the state of each connection, you can use the -s option.

For example, to list only the HTTP connections, you can use the following command:

netstat -tunp | grep :80

This will show the TCP and UDP connections that use port 80, which is the default port for HTTP. You will see the local address, the foreign address, the state, and the process ID and name for each connection.


root@ubuntu# netstat -tunp | grep :80
tcp        0      0 24.199.119.xx:80       177.231.24.212:43860    ESTABLISHED 458176/nginx: worke
tcp        0      0 24.199.119.xx:80       177.231.24.212:42919    ESTABLISHED 458176/nginx: worke


root@ubuntu# netstat -tunp | grep :443
tcp        0      0 24.199.119.xx:43086    3.223.179.78:443        ESTABLISHED 520140/bun
tcp        0      0 24.199.119.xx:56634    52.40.50.104:443        ESTABLISHED 520140/bun
tcp        0      0 24.199.119.xx:38102    44.199.146.189:443      ESTABLISHED 520140/bun
tcp        0      0 24.199.119.xx:57028    54.91.109.128:443       ESTABLISHED 520140/bun
tcp        0      0 24.199.119.xx:60610    34.234.148.207:443      ESTABLISHED 520140/bun
tcp        0      0 24.199.119.xx:443      96.49.215.54:56259      ESTABLISHED 458176/nginx: worke
tcp        0      0 24.199.119.xx:443      96.49.215.54:56269      ESTABLISHED 458176/nginx: worke
tcp        0      0 24.199.119.xx:443      66.249.66.197:44987     TIME_WAIT   -
tcp        0      0 24.199.119.xx:443      96.49.215.54:56127      ESTABLISHED 458176/nginx: worke


To use pktstat, you can run the command pktstat with the -i option to specify the interface you want to monitor. For example, to monitor the eth0 interface, you can use the following command:

pktstat -i eth0

This will show the bandwidth usage of the eth0 interface in real time, with the following columns:

  • Rate: The current data rate in bits per second (bps) or bytes per second (Bps), depending on the -B option.
  • Peak: The peak data rate in the last 10 seconds.
  • Avg: The average data rate in the last 10 seconds.
  • Total: The total amount of data transferred in the current session.
  • Pkt: The number of packets transferred in the current session.
  • Tag: The descriptive string of the packet class, such as the protocol, the source and destination addresses and ports, and the service name.

You can also use other options to customize the output of pktstat, such as:

  • -1: Single-shot mode, which collects data for a specified time and then exits.
  • -c: Do not combine some packet classes into one class, such as multiple TCP connections.
  • -F: Show full hostnames instead of truncated ones.
  • -n: Do not resolve hostnames or service port numbers, just show numerical addresses and ports.
  • -p: Show packet counts instead of bit counts.
  • -t: Top mode, which sorts the display by bit count or packet count, depending on the -p option.
  • -w: Specify the refresh interval in seconds.

You can also press some keys while pktstat is running to toggle some options, such as:

  • q: Quit the program.
  • Ctrl-L: Redraw the screen.
  • t: Toggle the top mode.
  • T: Toggle the totals mode.
  • w: Change the wait time value.
  • n: Toggle the numeric mode.
  • p: Toggle the packets mode.
  • b or B: Toggle the bps or Bps mode.
  • f or F: Toggle the full hostnames mode.
  • r: Reset the collected statistics and flush the flow history and caches.
  • l: Show and sort flows by when they were last active.
  • ?: Toggle the display of help/status text at the bottom of the screen.


root@ubuntu:~# pktstat -n



interface: eth0

   bps    % desc
  93.5   0% tcp 119.164.22.4:43331 <-> 24.199.114.51:22
            tcp 24.199.114.xx:22 <-> 80.210.26.105:44289
            tcp 24.199.114.xx:22 <-> 87.6.135.137:42205
            tcp 24.199.114.xx:22 <-> 87.6.135.137:42344
  2.0k   9% tcp 24.199.114.xx:22 <-> 87.6.135.137:42478
  7.8k  35% tcp 24.199.114.xx:22 <-> 87.6.135.137:42618
  4.7k  21% tcp 24.199.114.xx:22 <-> 87.6.135.137:42735
 317.3   1% tcp 24.199.114.xx:22 <-> 96.49.215.54:59441

Comments (0)

U
Press Ctrl+Enter to post

No comments yet

Be the first to share your thoughts!