Network commands
Ping command syntax for Windows
| -t | Pings the specified host until stopped. To stop – type Control-C |
| -a | Resolve adresses to hostnames |
| -n | Number of echo requests to send |
| -l | Send buffer size |
| -f | Set Don’t Fragmet flag in packet (IPv4-only) |
| -i | Set Time To Live |
| -v | Set Type of Service (Setting has been deprecated) |
| -r | Record route for count hops (IPv4-only) |
| -s | Timestamp for count hops (IPv4-only) |
| -j | Loose source route along host-list (IPv4-only) |
| -k | Strict source route along host-list (IPv4-only) |
| -w | Timeout in milliseconds to wait for each reply |
| -R | Use routing header to test reverse route also (IPv6-only, deprecated per RFC 5095) |
| -S | Source address to use |
| -c | Routing compartment identifier |
| -p | Ping a Hyper-V Network Virtualization provider address |
| -4 | Force using IPv4 |
| -6 | Force using Ipv6 |
Syntax of the traceroute and tracert commands
traceroute [options] host_Address [pathlength] (Linux)
tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] [-R] [-S srcaddr] [-4] [-6] target_name (Windows)
Traceroute options for Linux
If you are a Linux user (Ubuntu, Linux Mint, Manjaro, Red Hat, Debian, etc.), you can specify your traceroute command with the following options:
| Option | Description |
| –help | Information about the command. |
| -d | This command enables debugging on Linux. |
| -F | Forbid fragmentation. |
| -f first_ttl | Put the first TTL value of the packet. |
| -g gateway | Define a loose source route gateway. |
| -i interface | Set the interface for the probes. |
| -m max_ttl | The TTL in traceroute means the maximum amount of hops. |
| -N | The number of probes that are sent at the same time (simultaneously). |
| -n | Stop the resolving of the IP addresses. |
| -p port | Define the port for the query. |
| -t | Set the type-of-service in probes. |
| -w waittime | Maximum waiting time for each of the replies. |
| -q nqueries | Set the number of queries. The default value is 3. |
| -r | Bypass the routing tables and send them to the host directly (on an attached network only). |
| -S srcaddr | IPv6 only – source address. |
| -e | Show ICMP extensions. |
| -A | AS lookups enable for each hop. |
| -V | Show version. |
| -U | Use a particular UDP port. The default value is 53. |
| -UL | Use the UDPLITE for the query. |
| -P protocol | Send packets of a specified IP protocol. |
| -I | Use the ICMP echo for the requests. |
| -T | Use the TCP SYN for the requests. |
| -4 | Use only IPv4 addresses |
| -6 | Use only IPv6 addresses |
Traceroute options for Windows
You can use the Tracert command with various options to perform more precise tests. The following options work on Windows Vista, Windows 7, Windows 8, and of course, Windows 10.
| Option | Description |
| -d | Do not resolve addresses to hostnames. |
| -h aximum_hops | Maximum number of hops to search for target. You can put higher than 30, if you want to query a very remote target. |
| -j host-list | Loose source route along host-list (IPv4-only). Show only IPv4 addresses. |
| -w timeout | Wait timeout milliseconds for each reply. Inscrease it, to see more about slower routers. |
| -R | Trace round-trip path (IPv6-only). |
| -S srcaddr | Source address to use (IPv6-only). |
| -4 | Force using IPv4. |
| -6 | Force using IPv6. |
1-listening all the ports :
[root@server ~]# netstat -a
Connexions Internet actives (serveurs et établies)
Proto Recv-Q Send-Q Adresse locale Adresse distante Etat
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN
tcp 0 0 server:ssh 192.168.162.1:60235 ESTABLISHED
tcp 0 0 server:ssh 192.168.162.1:60234 ESTABLISHED
tcp 0 36 server:ssh 192.168.162.1:64254 ESTABLISHED
tcp 0 0 server:ssh 192.168.162.1:64255 ESTABLISHED
tcp 0 0 server:44302 ftp.udc.es:http TIME_WAIT
2- listening all the ports TCP :
[root@server ~]# netstat -at
Connexions Internet actives (serveurs et établies)
Proto Recv-Q Send-Q Adresse locale Adresse distante Etat
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN
tcp 0 0 server:ssh 192.168.162.1:60235 ESTABLISHED
tcp 0 0 server:ssh 192.168.162.1:60234 ESTABLISHED
tcp 0 36 server:ssh 192.168.162.1:64254 ESTABLISHED
tcp 0 0 server:ssh 192.168.162.1:64255 ESTABLISHED
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 localhost:smtp [::]:* LISTEN
3- listening all the ports UDP :
[root@server ~]# netstat -au
Connexions Internet actives (serveurs et établies)
Proto Recv-Q Send-Q Adresse locale Adresse distante Etat
udp 0 0 0.0.0.0:bootpc 0.0.0.0:*
4- listening all the ports listening
[root@server ~]# netstat -l
Connexions Internet actives (seulement serveurs)
Proto Recv-Q Send-Q Adresse locale Adresse distante Etat
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 localhost:smtp [::]:* LISTEN
udp 0 0 0.0.0.0:bootpc 0.0.0.0:*
raw6 0 0 [::]:ipv6-icmp [::]:* 7
Sockets du domaine UNIX actives(seulement serveurs)
Proto RefCnt Flags Type State I-Node Chemin
unix 2 [ ACC ] STREAM LISTENING 13584 /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 8730 /run/systemd/journal/stdout
unix 2 [ ACC ] STREAM LISTENING 17972 /var/run/vmware/guestServicePipe
unix 2 [ ACC ] STREAM LISTENING 21258 private/tlsmgr
unix 2 [ ACC ] STREAM LISTENING 21247 public/pickup
unix 2 [ ACC ] STREAM LISTENING 21261 private/rewrite
unix 2 [ ACC ] STREAM LISTENING 21251 public/cleanup
unix 2 [ ACC ] STREAM LISTENING 21264 private/bounce
5- listening all the ports TCP with active listening :
[root@server ~]# netstat -lt
Connexions Internet actives (seulement serveurs)
Proto Recv-Q Send-Q Adresse locale Adresse distante Etat
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 localhost:smtp [::]:* LISTEN
6- listening ONLY all the UDP port listening
[root@server ~]# netstat -lu
Connexions Internet actives (seulement serveurs)
Proto Recv-Q Send-Q Adresse locale Adresse distante Etat
udp 0 0 0.0.0.0:bootpc 0.0.0.0:*
7ALL the ports stats
[root@server ~]# netstat -s
Ip:
146222 total packets received
0 forwarded
0 incoming packets discarded
145736 incoming packets delivered
68597 requests sent out
Icmp:
9 ICMP messages received
0 input ICMP message failed.
Histogramme d’entrée ICMP
echo requests: 6
echo replies: 3
14 ICMP messages sent
0 ICMP messages failed
Histogramme de sortie ICMP
8-TCP port stats :
[root@server ~]# netstat -st
IcmpMsg:
InType0: 3
InType8: 6
OutType0: 6
OutType3: 5
OutType8: 3
Tcp:
23 active connections openings
16 passive connection openings
0 failed connection attempts
6 connection resets received
4 connections established
145564 segments received
86188 segments send out
4 segments retransmited
0 bad segments received.
6 resets sent
9- Port UDP stats :
[root@server ~]# netstat -su
IcmpMsg:
InType0: 3
InType8: 6
OutType0: 6
OutType3: 5
OutType8: 3
Udp:
184 packets received
0 packets to unknown port received.
0 packet receive errors
184 packets sent
0 receive buffer errors
0 send buffer errors
UdpLite:
IpExt:
10- show the program name and the associate PID
Cette commande est très utile lorsque vous souhaitez connaitre quel programme est exécuté sur un port particulier.
[root@server ~]# netstat -p
Connexions Internet actives (sans serveurs)
Proto Recv-Q Send-Q Adresse locale Adresse distante Etat PID/Program name
tcp 0 0 server:ssh 192.168.162.1:60235 ESTABLISHED 16640/sshd: root@no
tcp 0 0 server:ssh 192.168.162.1:60234 ESTABLISHED 16635/sshd: root@pt
tcp 0 0 server:ssh 192.168.162.1:64254 ESTABLISHED 24314/sshd: root@pt
tcp 0 0 server:ssh 192.168.162.1:64255 ESTABLISHED 24320/sshd: root@no
Sockets du domaine UNIX actives(sans serveurs)
Proto RefCnt Flags Type State I-Node PID/Program name Chemin
unix 3 [ ] DGRAM 8710 1/systemd /run/systemd/notify
unix 2 [ ] DGRAM 8712 1/systemd /run/systemd/cgroups-agent
unix 5 [ ] DGRAM 8733 1/systemd /run/systemd/journal/socket
unix 17 [ ] DGRAM 8735 1/systemd /dev/log
unix 2 [ ] DGRAM 13608 1/systemd /run/systemd/shutdownd
unix 3 [ ] STREAM CONNECTE 21287 1201/master
unix 3 [ ] STREAM CONNECTE 21286 1201/master
unix 3 [ ] STREAM CONNECTE 19431 762/NetworkManager
unix 2 [ ] DGRAM 16912 692/auditd
11- Afficher directement les IP et pas de résolution de nom :
Pour afficher toutes les connexions et tous les ports en écoute mais n’affiche que les adresses IP sans la résolutions des noms.
[root@server ~]# netstat -an
Connexions Internet actives (serveurs et établies)
Proto Recv-Q Send-Q Adresse locale Adresse distante Etat
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 192.168.162.131:22 192.168.162.1:60235 ESTABLISHED
tcp 0 0 192.168.162.131:22 192.168.162.1:60234 ESTABLISHED
tcp 0 36 192.168.162.131:22 192.168.162.1:64254 ESTABLISHED
tcp 0 0 192.168.162.131:22 192.168.162.1:64255 ESTABLISHED
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
udp 0 0 0.0.0.0:68 0.0.0.0:*
raw6 0 0 :::58 :::* 7
Sockets du domaine UNIX actives(serveurs et établies)
Proto RefCnt Flags Type State I-Node Chemin
12-Affiche le numéro d’identification des processus (PID) associé à chaque connexion :
[root@server ~]# netstat -o
Connexions Internet actives (sans serveurs)
Proto Recv-Q Send-Q Adresse locale Adresse distante Etat Timer
tcp 0 0 server:ssh 192.168.162.1:60235 ESTABLISHED keepalive (3340,42/0/0)
tcp 0 0 server:ssh 192.168.162.1:60234 ESTABLISHED keepalive (3340,42/0/0)
tcp 0 36 server:ssh 192.168.162.1:64254 ESTABLISHED on (0,24/0/0)
tcp 0 0 server:ssh 192.168.162.1:64255 ESTABLISHED keepalive (5109,89/0/0)
Sockets du domaine UNIX actives(sans serveurs)
Proto RefCnt Flags Type State I-Node Chemin
unix 3 [ ] DGRAM 8710 /run/systemd/notify
unix 2 [ ] DGRAM 8712 /run/systemd/cgroups-agent
unix 5 [ ] DGRAM 8733 /run/systemd/journal/socket
unix 17 [ ] DGRAM 8735 /dev/log
unix 2 [ ] DGRAM 13608 /run/systemd/shutdownd
13- Afficher la table de routage IPV4 et IP6 :
[root@server ~]# netstat -r
Table de routage IP du noyau
Destination Passerelle Genmask Indic MSS Fenêtre irtt Iface
default gateway 0.0.0.0 UG 0 0 0 ens33
192.168.162.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33
Linux nslookup Command Examples for DNS Lookup
by LAKSHMANAN GANAPATHY on JULY 25, 2012https://www.facebook.com/plugins/like.php?href=https%3A%2F%2Fwww.thegeekstuff.com%2F2012%2F07%2Fnslookup-examples%2F&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font&height=21https://platform.twitter.com/widgets/tweet_button.a53eecb4584348a2ad32ec2ae21f6eae.en.html#dnt=false&id=twitter-widget-0&lang=en&original_referer=https%3A%2F%2Fwww.thegeekstuff.com%2F2012%2F07%2Fnslookup-examples%2F&size=m&text=10%20Linux%20nslookup%20Command%20Examples%20for%20DNS%20Lookup&time=1635601439148&type=share&url=https%3A%2F%2Fwww.thegeekstuff.com%2F2012%2F07%2Fnslookup-examples%2F
nslookup is a network administration tool for querying the Domain Name System (DNS) to obtain domain name or IP address mapping or any other specific DNS record.
It is also used to troubleshoot DNS related problems. This article provides few examples on using the nslookup command.
nslookup can operate on both “Interactive mode” and “Non-Interactive mode”. Interactive mode allows the user to query the DNS-Server about various host, and domains. Non-Interactive mode allows the user to query the information for a host or domain. In this article, all the commands explained are “Non-Interactive mode”.
1. nslookup – Simple Example
nslookup followed by the domain name will display the “A Record” ( IP Address ) of the domain.
$ nslookup redhat.com Server: 192.168.19.2 Address: 192.168.19.2#53 Non-authoritative answer: Name: redhat.com Address: 209.132.183.181
In the above output, server refers to the IP address of the DNS server. Then the below section provides the “A Record” ( IP Address ) of the domain “redhat.com”.
The default output of nslookup command is less cluttered than the default output of dig command. Some of you might be comfortable using dig command for DNS lookups.
2. Query the MX Record using -query=mx
MX ( Mail Exchange ) record maps a domain name to a list of mail exchange servers for that domain. The MX record tells that all the mails sent to “@redhat.com” should be routed to the Mail server in that domain.https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8090601437064582&output=html&h=250&slotname=8643685131&adk=4128877562&adf=3109659872&pi=t.ma~as.8643685131&w=300&lmt=1635601437&psa=0&format=300×250&url=https%3A%2F%2Fwww.thegeekstuff.com%2F2012%2F07%2Fnslookup-examples%2F&flash=0&wgl=1&uach=WyJXaW5kb3dzIiwiMC4wLjAiLCJ4ODYiLCIiLCI5NS4wLjQ2MzguNjkiLFtdLG51bGwsbnVsbCwiNjQiXQ..&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hdHRlc3RhdGlvbi5hbmRyb2lkLmNvbSIsInN0YXRlIjo3fV0.&dt=1635601437515&bpp=41&bdt=1441&idt=377&shv=r20211026&mjsv=m202110270101&ptt=9&saldr=aa&abxe=1&prev_fmts=728×90%2C0x0&nras=1&correlator=755765632335&frm=20&pv=1&ga_vid=12674029.1635601437&ga_sid=1635601438&ga_hid=565581113&ga_fc=1&u_tz=120&u_his=3&u_h=900&u_w=1600&u_ah=860&u_aw=1600&u_cd=24&adx=471&ady=1427&biw=1583&bih=757&scr_x=0&scr_y=0&eid=44751036%2C31063295%2C31063330%2C31063166%2C21067496&oid=2&pvsid=16020166034523&pem=846&ref=https%3A%2F%2Fwww.google.com%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C860%2C1600%2C757&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=b4zVGKRyXC&p=https%3A//www.thegeekstuff.com&dtd=396
$ nslookup -query=mx redhat.com Server: 192.168.19.2 Address: 192.168.19.2#53 Non-authoritative answer: redhat.com mail exchanger = 10 mx2.redhat.com. redhat.com mail exchanger = 5 mx1.redhat.com. Authoritative answers can be found from: mx2.redhat.com internet address = 66.187.233.33 mx1.redhat.com internet address = 209.132.183.28
In the above example, we have 2 MX records for the domain “redhat.com”. The number ( 5, 10 ), associated with the MX records tells the preference of mail server. Lower the number, higher the preference. So when a mail is sent to “@redhat.com”, first preference will be “mx1.redhat.com”, then “mx2.redhat.com”.
Authoritative Answer vs Non-Authoritative Answer
You may also noticed the keyword “Authoritative Answer” and “Non-Authoritative Answer” in the above output.
Any answer that originates from the DNS Server which has the complete zone file information available for the domain is said to be authoritative answer.
In many cases, DNS servers will not have the complete zone file information available for a given domain. Instead, it maintains a cache file which has the results of all queries performed in the past for which it has gotten authoritative response. When a DNS query is given, it searches the cache file, and return the information available as “Non-Authoritative Answer”.
3. Query the NS Record using -query=ns
NS ( Name Server ) record maps a domain name to a list of DNS servers authoritative for that domain. It will output the name serves which are associated with the given domain.
nslookup -type=ns redhat.com Server: 192.168.19.2 Address: 192.168.19.2#53 Non-authoritative answer: redhat.com nameserver = ns4.redhat.com. redhat.com nameserver = ns2.redhat.com. redhat.com nameserver = ns1.redhat.com. redhat.com nameserver = ns3.redhat.com. Authoritative answers can be found from: ns4.redhat.com internet address = 209.132.188.218 ns2.redhat.com internet address = 209.132.183.2 ns1.redhat.com internet address = 209.132.186.218 ns3.redhat.com internet address = 209.132.176.100
4. Query the SOA Record using -query=soa
SOA record ( start of authority ), provides the authoritative information about the domain, the e-mail address of the domain admin, the domain serial number, etc…
$ nslookup -type=soa redhat.com Server: 192.168.19.2 Address: 192.168.19.2#53 Non-authoritative answer: redhat.com origin = ns1.redhat.com mail addr = noc.redhat.com serial = 2012071601 refresh = 300 retry = 180 expire = 604800 minimum = 14400 Authoritative answers can be found from: ns1.redhat.com internet address = 209.132.186.218
- mail addr – specifies the mail address of the domain admin ( noc@redhat.com )
- serial – sort of revision numbering system. The standard convention is to use “YYYYMMYYNN” format. ( 2012-07-16. 01 will be incremented, if more than one edit has taken place on a same day )
- refresh – specifies ( in seconds ), when the secondary DNS will poll the primary to see if the serial number has been increased. If increased, secondary will make a new request to copy the new zone file.
- retry – specifies the interval to re-connect with the Primary DNS
- expire – specifies the time that the secondary DNS will keep the cached zone file as valid
- minimum – specifies the time that the secondary DNS should cache the zone file
5. View available DNS records using -query=any
We can also view all the available DNS records using -query=any option.
$ nslookup -type=any google.com Server: 192.168.19.2 Address: 192.168.19.2#53 Non-authoritative answer: Name: google.com Address: 173.194.35.7 Name: google.com Address: 173.194.35.8 google.com nameserver = ns1.google.com. google.com nameserver = ns2.google.com. google.com origin = ns1.google.com mail addr = dns-admin.google.com serial = 2012071701 refresh = 7200 retry = 1800 expire = 1209600 minimum = 300 google.com mail exchanger = 20 alt1.aspmx.l.google.com. google.com mail exchanger = 30 alt2.aspmx.l.google.com. google.com mail exchanger = 40 alt3.aspmx.l.google.com. google.com mail exchanger = 50 alt4.aspmx.l.google.com. google.com mail exchanger = 10 aspmx-v4v6.l.google.com. google.com has AAAA address 2a00:1450:4002:801::1004 Authoritative answers can be found from: ns4.google.com internet address = 216.239.38.10 ns3.google.com internet address = 216.239.36.10
6. Reverse DNS lookup
You can also do the reverse DNS look-up by providing the IP Address as argument to nslookup.
$ nslookup 209.132.183.181 Server: 192.168.19.2 Address: 192.168.19.2#53 Non-authoritative answer: 181.183.132.209.in-addr.arpa name = origin-www2.redhat.com.
7. Using Specific DNS server
Instead of using default DNS server’s for querying, you can also specify a particular name server to resolve the domain name.
$ nslookup redhat.com ns1.redhat.com Server: 209.132.186.218 Address: 209.132.186.218#53 Name: redhat.com Address: 209.132.183.181
In the above command, we have used the ns1.redhat.com as the DNS server. Here you may notice that, we don’t get any “Non-authoritative answer:” header, since ns1.redhat.com has all the zone information of redhat.com
8. Change the port number to connect with
By default DNS servers uses the port number 53. If for any reasons, the port number got changed, then we can specify the port number using -port option
$ nslookup -port 56 redhat.com
9. Change timeout interval to wait for a reply
You can change the default timeout to wait for a reply using -timeout option.
$ nslookup -timeout=10 redhat.com
10. Enabling debug mode using -debug
You can turn on/off the debugging using -debug option in the command line
$ nslookup -debug redhat.com
Server: 192.168.19.2
Address: 192.168.19.2#53
------------
QUESTIONS:
redhat.com, type = A, class = IN
ANSWERS:
-> redhat.com
internet address = 209.132.183.181
ttl = 5
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
Non-authoritative answer:
Name: redhat.com
Address: 209.132.183.181
The debug mode will display the packets information during searching.
Netstat commands
1-listening all the ports : [root@server ~]# netstat -a Connexions Internet actives (serveurs et établies) Proto Recv-Q Send-Q Adresse locale Adresse distante Etat tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN tcp 0 0 server:ssh 192.168.162.1:60235 ESTABLISHED tcp 0 0 server:ssh 192.168.162.1:60234 ESTABLISHED tcp 0 36 server:ssh 192.168.162.1:64254 ESTABLISHED tcp 0 0 server:ssh 192.168.162.1:64255 ESTABLISHED tcp 0 0 server:44302 ftp.udc.es:http TIME_WAIT 2- listening all the ports TCP : [root@server ~]# netstat -at Connexions Internet actives (serveurs et établies) Proto Recv-Q Send-Q Adresse locale Adresse distante Etat tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN tcp 0 0 server:ssh 192.168.162.1:60235 ESTABLISHED tcp 0 0 server:ssh 192.168.162.1:60234 ESTABLISHED tcp 0 36 server:ssh 192.168.162.1:64254 ESTABLISHED tcp 0 0 server:ssh 192.168.162.1:64255 ESTABLISHED tcp6 0 0 [::]:ssh [::]:* LISTEN tcp6 0 0 localhost:smtp [::]:* LISTEN 3- listening all the ports UDP : [root@server ~]# netstat -au Connexions Internet actives (serveurs et établies) Proto Recv-Q Send-Q Adresse locale Adresse distante Etat udp 0 0 0.0.0.0:bootpc 0.0.0.0:* 4- listening all the ports listening [root@server ~]# netstat -l Connexions Internet actives (seulement serveurs) Proto Recv-Q Send-Q Adresse locale Adresse distante Etat tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN tcp6 0 0 [::]:ssh [::]:* LISTEN tcp6 0 0 localhost:smtp [::]:* LISTEN udp 0 0 0.0.0.0:bootpc 0.0.0.0:* raw6 0 0 [::]:ipv6-icmp [::]:* 7 Sockets du domaine UNIX actives(seulement serveurs) Proto RefCnt Flags Type State I-Node Chemin unix 2 [ ACC ] STREAM LISTENING 13584 /run/systemd/private unix 2 [ ACC ] STREAM LISTENING 8730 /run/systemd/journal/stdout unix 2 [ ACC ] STREAM LISTENING 17972 /var/run/vmware/guestServicePipe unix 2 [ ACC ] STREAM LISTENING 21258 private/tlsmgr unix 2 [ ACC ] STREAM LISTENING 21247 public/pickup unix 2 [ ACC ] STREAM LISTENING 21261 private/rewrite unix 2 [ ACC ] STREAM LISTENING 21251 public/cleanup
unix 2 [ ACC ] STREAM LISTENING 21264 private/bounce 5- listening all the ports TCP with active listening : [root@server ~]# netstat -lt Connexions Internet actives (seulement serveurs) Proto Recv-Q Send-Q Adresse locale Adresse distante Etat tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN tcp6 0 0 [::]:ssh [::]:* LISTEN tcp6 0 0 localhost:smtp [::]:* LISTEN 6- listening ONLY all the UDP port listening [root@server ~]# netstat -lu Connexions Internet actives (seulement serveurs) Proto Recv-Q Send-Q Adresse locale Adresse distante Etat udp 0 0 0.0.0.0:bootpc 0.0.0.0:* 7ALL the ports stats [root@server ~]# netstat -s Ip: 146222 total packets received 0 forwarded 0 incoming packets discarded 145736 incoming packets delivered 68597 requests sent out Icmp: 9 ICMP messages received 0 input ICMP message failed. Histogramme d’entrée ICMP echo requests: 6 echo replies: 3 14 ICMP messages sent 0 ICMP messages failed Histogramme de sortie ICMP 8-TCP port stats : [root@server ~]# netstat -st IcmpMsg: InType0: 3 InType8: 6 OutType0: 6 OutType3: 5 OutType8: 3 Tcp: 23 active connections openings 16 passive connection openings 0 failed connection attempts 6 connection resets received 4 connections established 145564 segments received 86188 segments send out
4 segments retransmited 0 bad segments received. 6 resets sent 9- Port UDP stats : [root@server ~]# netstat -su IcmpMsg: InType0: 3 InType8: 6 OutType0: 6 OutType3: 5 OutType8: 3 Udp: 184 packets received 0 packets to unknown port received. 0 packet receive errors 184 packets sent 0 receive buffer errors 0 send buffer errors UdpLite: IpExt: 10- show the program name and the associate PID
Cette commande est très utile lorsque vous souhaitez connaitre quel programme est exécuté sur un port particulier. [root@server ~]# netstat -p Connexions Internet actives (sans serveurs) Proto Recv-Q Send-Q Adresse locale Adresse distante Etat PID/Program name tcp 0 0 server:ssh 192.168.162.1:60235 ESTABLISHED 16640/sshd: root@no tcp 0 0 server:ssh 192.168.162.1:60234 ESTABLISHED 16635/sshd: root@pt tcp 0 0 server:ssh 192.168.162.1:64254 ESTABLISHED 24314/sshd: root@pt tcp 0 0 server:ssh 192.168.162.1:64255 ESTABLISHED 24320/sshd: root@no Sockets du domaine UNIX actives(sans serveurs) Proto RefCnt Flags Type State I-Node PID/Program name Chemin unix 3 [ ] DGRAM 8710 1/systemd /run/systemd/notify unix 2 [ ] DGRAM 8712 1/systemd /run/systemd/cgroups-agent unix 5 [ ] DGRAM 8733 1/systemd /run/systemd/journal/socket unix 17 [ ] DGRAM 8735 1/systemd /dev/log unix 2 [ ] DGRAM 13608 1/systemd /run/systemd/shutdownd unix 3 [ ] STREAM CONNECTE 21287 1201/master unix 3 [ ] STREAM CONNECTE 21286 1201/master unix 3 [ ] STREAM CONNECTE 19431 762/NetworkManager unix 2 [ ] DGRAM 16912 692/auditd 11- Afficher directement les IP et pas de résolution de nom :
Pour afficher toutes les connexions et tous les ports en écoute mais n’affiche que les adresses IP sans la résolutions des noms. [root@server ~]# netstat -an Connexions Internet actives (serveurs et établies) Proto Recv-Q Send-Q Adresse locale Adresse distante Etat tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 192.168.162.131:22 192.168.162.1:60235 ESTABLISHED tcp 0 0 192.168.162.131:22 192.168.162.1:60234 ESTABLISHED tcp 0 36 192.168.162.131:22 192.168.162.1:64254 ESTABLISHED tcp 0 0 192.168.162.131:22 192.168.162.1:64255 ESTABLISHED tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 ::1:25 :::* LISTEN udp 0 0 0.0.0.0:68 0.0.0.0:* raw6 0 0 :::58 :::* 7 Sockets du domaine UNIX actives(serveurs et établies) Proto RefCnt Flags Type State I-Node Chemin
12-Affiche le numéro d’identification des processus (PID) associé à chaque connexion : [root@server ~]# netstat -o Connexions Internet actives (sans serveurs) Proto Recv-Q Send-Q Adresse locale Adresse distante Etat Timer tcp 0 0 server:ssh 192.168.162.1:60235 ESTABLISHED keepalive (3340,42/0/0) tcp 0 0 server:ssh 192.168.162.1:60234 ESTABLISHED keepalive (3340,42/0/0) tcp 0 36 server:ssh 192.168.162.1:64254 ESTABLISHED on (0,24/0/0) tcp 0 0 server:ssh 192.168.162.1:64255 ESTABLISHED keepalive (5109,89/0/0) Sockets du domaine UNIX actives(sans serveurs) Proto RefCnt Flags Type State I-Node Chemin unix 3 [ ] DGRAM 8710 /run/systemd/notify unix 2 [ ] DGRAM 8712 /run/systemd/cgroups-agent unix 5 [ ] DGRAM 8733 /run/systemd/journal/socket unix 17 [ ] DGRAM 8735 /dev/log unix 2 [ ] DGRAM 13608 /run/systemd/shutdownd 13- Afficher la table de routage IPV4 et IP6 : [root@server ~]# netstat -r Table de routage IP du noyau Destination Passerelle Genmask Indic MSS Fenêtre irtt Iface default gateway 0.0.0.0 UG 0 0 0 ens33 192.168.162.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33
Published @ October 30, 2021 1:05 pm