DistributedNetworks DistributedNetworks


Network Monitoring  «Prev  Next»
Lesson 4 Determining which servers are listening
ObjectiveUse netstat command to check what servers are listening for connection on machine.

Determining which Servers are listening

A second important application of the netstat command is to determine what servers are listening for connections on your machine. Of particular interest are TCP and UDP servers. You obtain this information using the -a option to netstat:
under Local Address refers to the local machine
  1. * under Local Address refers to the local machine.
  2. *.* under Foreign Address means that any incoming connection is acceptable.
  3. LISTEN means that the server indicated is waiting for a connection.
  4. This line means that the server is listening on the SMTP port. This is the email server (Mail Transfer Agent) awaiting incoming email.

netstat command a-option
For UDP servers, use the -u option. The -n option means to use numeric addresses:
host$ netstat –nua

Active Internet connections (including servers)

Proto Recv-Q Send-Q Local Address  Foreign Address

udp    0     0 0.0.0.0:753         0.0.0.0:*

udp    0     0 0.0.0.0:514         0.0.0.0:*

udp    0     0 0.0.0.0:111         0.0.0.0:*

udp    0     0 0.0.0.0:37          0.0.0.0:*

udp    0     0 127.0.0.1:53        0.0.0.0:*

udp    0     0 131.193.178.198:53  0.0.0.0:*

udp    0     0 0.0.0.0:53          0.0.0.0:*

udp    0     0 0.0.0.0:635         0.0.0.0:*

udp    0     0 0.0.0.0:2049        0.0.0.0:*

udp    0     0 0.0.0.0:137         0.0.0.0:*

udp    0     0 0.0.0.0:138         0.0.0.0:*


On Solaris, to view a report on active UDP connections, use netstat -P udp.
This output is similar to the TCP output, except that:
  1. The port numbers refer to UDP ports.
  2. It refers to the first interface on the local machine (by a standard convention).
  3. There is no state, because UDP carries no state.
Notice the UDP server listening on port 53; this is the DNS port (called domain in /etc/services), so this machine has a DNS server listening for UDP connections. The UDP server on port 111 is the portmapper process (rpcbind).
UDP: User Datagram Protocol: A connectionless datagram service in the Transport layer used by applications that typically transmit small quantities of data.