Network Monitoring  «Prev  Next»

Lesson 4 Determining which servers are listening
ObjectiveUse netstat command to check what servers are listening for connection on machine.

Determining which Servers are listening

Linux Network Admin - Module 5 - Lesson 4

A second important application of the netstat command is to determine what servers are listening for connections on your machine. Of particular interest are TCP and UDP[1] servers. You obtain this information using the -a option to netstat:
under Local Address refers to the local machine
  1. * under Local Address refers to the local machine.
  2. *.* under Foreign Address means that any incoming connection is acceptable.
  3. LISTEN means that the server indicated is waiting for a connection.
  4. This line means that the server is listening on the SMTP port. This is the email server (Mail Transfer Agent) awaiting incoming email.

netstat command a-option
For UDP servers, use the -u option. The -n option means to use numeric addresses:
host$ netstat –nua

Active Internet connections (including servers)

Proto Recv-Q Send-Q Local Address  Foreign Address

udp    0     0 0.0.0.0:753         0.0.0.0:*

udp    0     0 0.0.0.0:514         0.0.0.0:*

udp    0     0 0.0.0.0:111         0.0.0.0:*

udp    0     0 0.0.0.0:37          0.0.0.0:*

udp    0     0 127.0.0.1:53        0.0.0.0:*

udp    0     0 131.193.178.198:53  0.0.0.0:*

udp    0     0 0.0.0.0:53          0.0.0.0:*

udp    0     0 0.0.0.0:635         0.0.0.0:*

udp    0     0 0.0.0.0:2049        0.0.0.0:*

udp    0     0 0.0.0.0:137         0.0.0.0:*

udp    0     0 0.0.0.0:138         0.0.0.0:*


On Solaris, to view a report on active UDP connections, use netstat -P udp.
This output is similar to the TCP output, except that:
  1. The port numbers refer to UDP ports.
  2. It refers to the first interface on the local machine (by a standard convention).
  3. There is no state, because UDP carries no state.
Notice the UDP server listening on port 53; this is the DNS port (called domain in /etc/services), so this machine has a DNS server listening for UDP connections. The UDP server on port 111 is the portmapper process (rpcbind).
[1]UDP: User Datagram Protocol: A connectionless datagram service in the Transport layer used by applications that typically transmit small quantities of data.