Netstat is a really handy tool that comes packaged with Microsoft Windows, Linux and Unix. There is a version for each type of operating system, the command syntax may differ but the result is the same.
There are many a times when I need to find out what ports are open and listening on my server. It could be after I had installed a new software that listens on a TCP port, for example SMTP is tcp port 25. I then need to confirm if the software is actually listening on that port by executing the Netstat command from the command line.
Here is an example of the Linux version of Netstat command with the output redirected to a file. You can then read the file at your leisure.
$ netstat -ta > results.file
The options -t, -u -w and -x shows active TCP, UDP, RAW, or UNIX socket connections respectively. The -a flag displays the listening socket or ports that are waiting for a connection. The output is then stored in a file called results.file.
You can view the contents of results.file by issuing the cat command.
$ cat results.file
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:32769 *:* LISTEN
tcp 0 0 *:mysql *:* LISTEN
tcp 0 0 *:netbios-ssn *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 10.0.0.10:http 194.246.124.67:47616 SYN_RECV
tcp 0 0 *:ftp *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
tcp 0 0 *:microsoft-ds *:* LISTEN
tcp 0 0 10.0.0.10:smtp segment-124-30.sify.n:62876 ESTABLISHED
tcp 0 0 10.0.0.10:smtp 187-26-172-177.3g.clar:3258 ESTABLISHED
tcp 0 0 *:imaps *:* LISTEN
tcp 0 0 *:pop3s *:* LISTEN
tcp 0 0 *:pop3 *:* LISTEN
tcp 0 0 *:imap *:* LISTEN
tcp 0 0 *:http *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:https *:* LISTEN
tcp 0 0 ::ffff:10.0.0.10:http crawl-66-249-73-83.go:50152 ESTABLISHED
tcp 0 0 ::ffff:10.0.0.10:http p3251-ipad313sasajima.:1887 ESTABLISHED
tcp 0 0 ::ffff:10.0.0.10:http p3251-ipad313sasajima.:1888 ESTABLISHED
tcp 0 12920 ::ffff:10.0.0.10:http ::ffff:213.163.65.177:44628 ESTABLISHED
tcp 0 0 ::ffff:10.0.0.10:http DS28589.clientshostna:39831 TIME_WAIT
tcp 0 0 ::ffff:10.0.0.10:http llf520046.crawl.yahoo:60010 TIME_WAIT
Below is the help file for the Windows version of Netstat.
C:\>netstat ?
Displays protocol statistics and current TCP/IP network connections.
NETSTAT [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval]
-a Displays all connections and listening ports.
-b Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient
permissions.
-e Displays Ethernet statistics. This may be combined with the -s
option.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each connection.
-p proto Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s
option to display per-protocol statistics, proto may be any of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
the -p option may be used to specify a subset of the default.
-v When used in conjunction with -b, will display sequence of
components involved in creating the connection or listening
port for all executables.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.
1 comment for “How to check for open ports on your server using Netstat.”