Netstat
Netstat stands for network statistics. Network sockets can either be connected or waiting for a connection. The connections use networking protocols like Transport Control Protocol (TCP) or User Datagram Protocol UDP. They use Internet Protocol addresses and network ports to establish connections.
Sockets have two main states: They are either connected and facilitating an ongoing network communication, or they are waiting for an incoming connection to connect to them. There are other states, such as the state when a socket is midway through establishing a connection on a remote device, but putting transient states aside, you can think of a socket as either being connected or waiting (which is often called listening).
The listening socket is called the server, and the socket that requests a connection with the listening socket is called a client. These names have nothing to do with hardware or computer roles. They simply define the role of each socket at each end of the connection.
The netstat
command lets you discover which sockets are connected and which sockets are listening. Meaning, it tells you which ports are in use and which processes are using them. It can show you routing tables and statistics about your network interfaces and multicast connections.
The functionality of netstat
has been replicated over time in different Linux utilities, such as ip and ss. It’s still worth knowing this granddaddy of all network analysis commands, because it is available on all Linux and Unix-like operating systems, and even on Windows and Mac.
netstat -a
The ‘-a’ option is used to display all the existing connections.
netstat- a
netstat -at
To display only the TCP connection, execute the command with the ‘t’
netstat- at
netstat -au
To display only UDP connection, execute it with ‘u’ option
netstat -au
netstat -tnl
The listening connections are such connections that are available for connection requests. Any network process keeps an open port for the listening incoming connection requests.
netstat -tnl
netstat -rn
The ‘r’ option is used to display the kernel routing information. It will display the same output as route command.
netstat -rn
netstat -i
We can also display information about the network interfaces by using the netstat command. To display the network interfaces, execute the command with ‘i’ option
netstat -i
netstat -ct
To display the netstat output continuously, execute the command with the ‘c’ option
netstat -ct
nslookup
This command is also used to find DNS related query.
nslookup {domainName}
host
host command displays domain name for given IP address or vice-versa. It also performs DNS lookups related to the DNS query.
host {hostname}
host -t ns
The ‘ns’ option with ‘-t’ arguments are used to display the domain name servers.
host -t ns {hostname}
Curl
curl is a tool to transfer data from or to a server, using one of the supported protocols (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP). The command is designed to work without user interaction.
curl {option} {url}