Menampilkan semua socket tcp :
$ ss -s
Contoh output :Total: 777 (kernel 783)Netstat command :
TCP: 40 (estab 17, closed 3, orphaned 1, synrecv 0, timewait 0/0), ports 0
Transport Total IP IPv6
* 783 - -
RAW 0 0 0
UDP 8 6 2
TCP 37 31 6
INET 45 37 8
$ netstat -s
Contoh output :Ip:Display semua Open Network Ports :
38667 total packets received
3 with invalid headers
321 with invalid addresses
0 forwarded
17 with unknown protocol
0 incoming packets discarded
38310 incoming packets delivered
9133 requests sent out
9 dropped because of missing route
10 fragments dropped after timeout
10 reassemblies required
10 packet reassembles failed
Icmp:
307 ICMP messages received
4 input ICMP message failed.
ICMP input histogram:
destination unreachable: 302
echo requests: 2
305 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 304
echo replies: 1
IcmpMsg:
InType3: 302
InType8: 2
InType10: 3
OutType0: 1
OutType3: 304
Tcp:
433 active connections openings
1 passive connection openings
6 failed connection attempts
7 connection resets received
16 connections established
6739 segments received
7219 segments send out
311 segments retransmited
0 bad segments received.
78 resets sent
Udp:
3233 packets received
304 packets to unknown port received.
0 packet receive errors
1290 packets sent
UdpLite:
TcpExt:
2 packets pruned from receive queue because of socket buffer overrun
137 TCP sockets finished time wait in fast timer
1 packets rejects in established connections because of timestamp
199 delayed acks sent
Quick ack mode was activated 181 times
2946 packet headers predicted
1032 acknowledgments not containing data payload received
64 predicted acknowledgments
155 congestion windows recovered without slow start after partial ack
24 timeouts in loss state
4 retransmits in slow start
234 other TCP timeouts
76 packets collapsed in receive queue due to low socket buffer
12 connections reset due to unexpected data
7 connections aborted due to timeout
IpExt:
InMcastPkts: 2367
OutMcastPkts: 26
InBcastPkts: 27760
OutBcastPkts: 104
InOctets: 14435248
OutOctets: 1791989
InMcastOctets: 321133
OutMcastOctets: 3191
InBcastOctets: 8113225
OutBcastOctets: 14456
$ ss -l
Contoh output :Recv-Q Send-Q Local Address:Port Peer Address:PortNetstat command :
0 128 *:webmin *:*
0 128 :::www :::*
0 16 127.0.0.1:28017 *:*
0 50 ::ffff:127.0.0.1:49330 :::*
0 128 *:ftp *:*
0 128 :::ssh :::*
0 128 *:ssh *:*
0 128 127.0.0.1:ipp *:*
0 128 ::1:ipp :::*
0 128 *:17500 *:*
0 128 *:9571 *:*
0 128 *:9572 *:*
0 128 127.0.0.1:27017 *:*
0 50 127.0.0.1:mysql *:*
$ netstat -tulpn
Contoh output :(Not all processes could be identified, non-owned process infoDisplay semua TCP Sockets :
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:28017 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:17500 0.0.0.0:* LISTEN 3380/dropbox
tcp 0 0 0.0.0.0:9571 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:9572 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 127.0.0.1:49330 :::* LISTEN 3431/symphony
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 ::1:631 :::* LISTEN -
udp 0 0 0.0.0.0:5353 0.0.0.0:* -
udp 0 0 0.0.0.0:10000 0.0.0.0:* -
udp 0 0 0.0.0.0:57886 0.0.0.0:* -
udp 0 0 0.0.0.0:68 0.0.0.0:* -
udp 0 0 0.0.0.0:69 0.0.0.0:* -
udp 4608 0 0.0.0.0:17500 0.0.0.0:* 3380/dropbox
udp6 0 0 :::5353 :::* -
udp6 0 0 :::40718 :::* -
$ ss -t -a
Contoh output :State Recv-Q Send-Q Local Address:Port Peer Address:PortNetstat command :
LISTEN 0 128 *:webmin *:*
LISTEN 0 128 :::www :::*
LISTEN 0 16 127.0.0.1:28017 *:*
LISTEN 0 50 ::ffff:127.0.0.1:49330 :::*
LISTEN 0 128 *:ftp *:*
LISTEN 0 128 :::ssh :::*
LISTEN 0 128 *:ssh *:*
LISTEN 0 128 127.0.0.1:ipp *:*
LISTEN 0 128 ::1:ipp :::*
LISTEN 0 128 *:17500 *:*
LISTEN 0 128 *:9571 *:*
LISTEN 0 128 *:9572 *:*
LISTEN 0 128 127.0.0.1:27017 *:*
LISTEN 0 50 127.0.0.1:mysql *:*
ESTAB 0 0 10.22.11.196:54881 180.235.151.23:www
ESTAB 0 0 10.22.11.196:53287 174.36.30.56:www
CLOSE-WAIT 38 0 10.22.11.196:56859 208.43.202.51:https
ESTAB 0 0 10.22.11.196:53816 69.63.181.11:www
ESTAB 0 0 10.22.11.196:54862 180.235.151.23:www
ESTAB 0 1054 10.22.11.196:54859 180.235.151.23:www
ESTAB 0 0 10.22.11.196:44691 64.233.183.100:www
CLOSE-WAIT 38 0 10.22.11.196:51552 75.126.115.38:https
FIN-WAIT-2 0 0 ::1:59119 ::1:45586
ESTAB 0 0 10.22.11.196:39054 96.17.159.27:www
CLOSE-WAIT 38 0 10.22.11.196:60850 208.43.202.50:https
ESTAB 0 0 10.22.11.196:43693 209.85.175.102:https
CLOSE-WAIT 1 0 ::1:45586 ::1:59119
ESTAB 0 0 10.22.11.196:44692 64.233.183.100:www
ESTAB 0 0 10.22.11.196:54882 180.235.151.23:www
ESTAB 0 0 10.22.11.196:54848 180.235.151.23:www
ESTAB 0 0 10.22.11.196:58219 202.187.31.12:www
ESTAB 0 1047 10.22.11.196:54835 180.235.151.23:www
ESTAB 0 0 10.22.11.196:53817 69.63.181.11:www
ESTAB 0 0 10.22.11.196:48452 209.85.175.106:www
$ netstat -nat
Contoh output :Active Internet connections (servers and established)Display semua UDP Sockets :
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:28017 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:17500 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9571 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9572 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
tcp 0 0 10.22.11.196:53287 174.36.30.56:80 ESTABLISHED
tcp 38 0 10.22.11.196:56859 208.43.202.51:443 CLOSE_WAIT
tcp 0 0 10.22.11.196:53816 69.63.181.11:80 ESTABLISHED
tcp 0 1058 10.22.11.196:54883 180.235.151.23:80 ESTABLISHED
tcp 0 0 10.22.11.196:54862 180.235.151.23:80 ESTABLISHED
tcp 0 1054 10.22.11.196:54859 180.235.151.23:80 ESTABLISHED
tcp 0 0 10.22.11.196:44691 64.233.183.100:80 ESTABLISHED
tcp 38 0 10.22.11.196:51552 75.126.115.38:443 CLOSE_WAIT
tcp 0 0 10.22.11.196:39054 96.17.159.27:80 ESTABLISHED
tcp 38 0 10.22.11.196:60850 208.43.202.50:443 CLOSE_WAIT
tcp 0 0 10.22.11.196:43693 209.85.175.102:443 ESTABLISHED
tcp 0 0 10.22.11.196:44692 64.233.183.100:80 ESTABLISHED
tcp 0 1055 10.22.11.196:54882 180.235.151.23:80 ESTABLISHED
tcp 0 0 10.22.11.196:54848 180.235.151.23:80 ESTABLISHED
tcp 0 0 10.22.11.196:58219 202.187.31.12:80 ESTABLISHED
tcp 0 1047 10.22.11.196:54835 180.235.151.23:80 ESTABLISHED
tcp 0 0 10.22.11.196:53817 69.63.181.11:80 ESTABLISHED
tcp 0 0 10.22.11.196:48452 209.85.175.106:80 ESTABLISHED
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 127.0.0.1:49330 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
tcp6 0 0 ::1:59119 ::1:45586 FIN_WAIT2
tcp6 1 0 ::1:45586 ::1:59119 CLOSE_WAIT
$ ss -u -a
Contoh output :State Recv-Q Send-Q Local Address:Port Peer Address:PortNetstat command :
UNCONN 0 0 *:mdns *:*
UNCONN 0 0 *:10000 *:*
UNCONN 0 0 *:57886 *:*
UNCONN 0 0 *:bootpc *:*
UNCONN 0 0 *:tftp *:*
UNCONN 6912 0 *:17500 *:*
UNCONN 0 0 :::mdns :::*
UNCONN 0 0 :::40718 :::*
$ netstat -nau
Contoh output :Active Internet connections (servers and established)lsof Command :
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 0.0.0.0:5353 0.0.0.0:*
udp 0 0 0.0.0.0:10000 0.0.0.0:*
udp 0 0 0.0.0.0:57886 0.0.0.0:*
udp 0 0 0.0.0.0:68 0.0.0.0:*
udp 0 0 0.0.0.0:69 0.0.0.0:*
udp 0 0 0.0.0.0:17500 0.0.0.0:*
udp6 0 0 :::5353 :::*
udp6 0 0 :::40718 :::*
$ lsof -i :portNumber
$ lsof -i tcp:portNumber
$ lsof -i udp:portNumber
$ lsof -i :80 | grep LISTEN
Hanya untuk Memunculkan Established Connections :
$ netstat -natu | grep 'ESTABLISHED'
Say Hello To tcptrack (memunculkan status koneksi TCP:
$ tcptrack -i eth0
* Klu belum d’install tcptrack, install dgn cara $ sudo apt-get install tcptrack…iftop command :
iftop comman mendengarkan traffic jaringan pada interface jaringan yang diberikan seperti eth0, dan menampilkan tabel penggunaan bandwidth saat ini oleh pasangan host :
$ iftop -i eth1
Menampilkan atau menganalisis paket yg masuk dan keluar dari jaringan 192.168.1.0/24 :
$ iftop -F 192.168.1.0/24
No comments:
Post a Comment