X
Home & Office

Administer service auditing with netstat

As a Linux administrator, your first line of defense is to know what services are running on your system. It's your responsibility to check whether or not services are authorized, as well as to identify active services that aren't being used.
Written by ZDNet Staff, Contributor
As a Linux administrator, your first line of defense is to know what services are running on your system. It's your responsibility to check whether or not services are authorized, as well as to identify active services that aren't being used.

The netstat utility, which ships with every Linux distribution, can help. This simple little tool tells you what programs are listening to what ports, and it can even tell you if programs are listening on UNIX domain sockets. To get an overview of everything running on your system, use this basic invocation:

# netstat -l

Since domain sockets are not remotely accessible, you can omit that from the listing and achieve more interesting information by using the following command:

# netstat -l -p --tcp --udp

Not only does this command display all listening TCP and UDP sockets, but it also displays what program is doing the listening, as well as its process ID number (PID) via the "-p" switch.

However, if you want a list of all active TCP and UDP connections, use the -a switch instead:

# netstat -a -p --tcp --udp

The -a switch command shows you every active connection, including those that are listening and the ones that are connected.

This information is useful for determining what programs are listening for connections. It also allows you to see what outbound and inbound connections are currently established on the system.

Editorial standards