netstat vs lsof

 
######################### 
###   /bin/netstat    ### 
######################### 
 
 
netstat shows NW connections (udp/tcp ports), routing tables, interface, multi-cast membership, etc. 
the output is connection based: protocol (tcp/udp/unix sockets, etc), receive/send queue bytes, local & foreign address (IP:port) and connection state/type (datagram, stream, other kinds of socket conn, etc) 
 
 
-t # tcp 
-u # udp 
-n # number (no DNS-IP conversion) 
-p # shows program PID/names 
-e # ethernet-lvl info 
-a # all conn 
-l # show only listening socket 
 
e.g. 
 
$ netstat -planet 
Active Internet connections (servers and established) 
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode       PID/Program name 
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      0          225365      - 
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      0          8429        - 
tcp        0      0 0.0.0.0:55936           0.0.0.0:*               LISTEN      109        27922       - 
tcp        0      0 0.0.0.0:39276           0.0.0.0:*               LISTEN      0          10093       - 
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      0          10029       - 
tcp        0      0 0.0.0.0:59248           0.0.0.0:*               LISTEN      0          27039       - 
tcp        0      0 203.178.142.142:22      122.21.246.149:59049    ESTABLISHED 0          6965230     - 
tcp        0      0 203.178.142.142:53505   203.178.142.144:636     ESTABLISHED 0          5670379     - 
tcp        0      0 203.178.142.142:52483   124.241.66.6:1935       ESTABLISHED 9407       7213590     - 
tcp        0      0 203.178.142.142:57301   203.178.142.144:636     ESTABLISHED 0          7027766     - 
 
 
$ netstat 
Active Internet connections (w/o servers) 
Proto Recv-Q Send-Q Local Address           Foreign Address         State 
tcp        0      0 cpu.sfc.wide.ad.jp:ssh  p3149-ipbf2708mar:59049 ESTABLISHED 
tcp        0      0 cpu.sfc.wide.ad.j:53505 ldap1.sfc.wide.ad:ldaps ESTABLISHED 
tcp        0      0 cpu.sfc.wide.ad.j:52483 124.241.66.6:1935       ESTABLISHED 
tcp        0      0 cpu.sfc.wide.ad.j:57301 ldap1.sfc.wide.ad:ldaps ESTABLISHED 
tcp        0      0 cpu.sfc.wide.ad.jp:ssh  p3149-ipbf2708mar:63666 ESTABLISHED 
tcp        0      0 192.168.1.2:1020        192.168.1.1:nfs         ESTABLISHED 
tcp        0      0 cpu.sfc.wide.ad.j:60887 ldap1.sfc.wide.ad:ldaps ESTABLISHED 
tcp        0      0 cpu.sfc.wide.ad.jp:724  www.sfc.wide.ad.jp:nfs  ESTABLISHED 
tcp        0      0 cpu.sfc.wide.ad.jp:738  mail.sfc.wide.ad.jp:nfs ESTABLISHED 
tcp        0    660 cpu.sfc.wide.ad.jp:ssh  s31.GtokyoFL17.vec:7792 ESTABLISHED   # this is my ssh conn 
tcp        0      0 cpu.sfc.wide.ad.j:36777 ldap1.sfc.wide.ad:ldaps ESTABLISHED 
tcp        0      0 cpu.sfc.wide.ad.j:60881 ldap1.sfc.wide.ad:ldaps ESTABLISHED 
tcp        0      0 cpu.sfc.wide.ad.j:36570 ldap1.sfc.wide.ad:ldaps ESTABLISHED 
tcp        0      0 cpu.sfc.wide.ad.j:53506 ldap1.sfc.wide.ad:ldaps ESTABLISHED 
tcp        0      0 cpu.sfc.wide.ad.j:57126 ldap1.sfc.wide.ad:ldaps ESTABLISHED 
tcp        0      0 cpu.sfc.wide.ad.j:57452 ldap1.sfc.wide.ad:ldaps ESTABLISHED 
tcp        0      0 cpu.sfc.wide.ad.j:58703 ldap1.sfc.wide.ad:ldaps ESTABLISHED 
tcp        0      0 cpu.sfc.wide.ad.jp:ssh  45-0-252-155.inte:56545 ESTABLISHED 
tcp        0      0 cpu.sfc.wide.ad.j:53917 ldap1.sfc.wide.ad:ldaps ESTABLISHED 
tcp        0      0 cpu.sfc.wide.ad.j:36815 ldap1.sfc.wide.ad:ldaps ESTABLISHED 
tcp        0      0 cpu.sfc.wide.ad.j:60886 ldap1.sfc.wide.ad:ldaps ESTABLISHED 
tcp6       0      0 cpu.sfc.wide.ad.j:43248 2001:200:dff:fff1:c:ssh ESTABLISHED 
tcp6       0      0 cpu.sfc.wide.ad.jp:ssh  2001:200:0:8802:9:65105 ESTABLISHED 
tcp6       0      0 cpu.sfc.wide.ad.jp:ssh  2001:200:0:8802:9:57438 ESTABLISHED 
tcp6       0      0 cpu.sfc.wide.ad.j:40460 2001:200:dff:fff1:c:ssh ESTABLISHED 
tcp6       0      0 cpu.sfc.wide.ad.jp:ssh  2001:200:0:8802:9:65107 ESTABLISHED 
tcp6       0      0 cpu.sfc.wide.ad.j:60625 2001:200:dff:fff1:c:ssh ESTABLISHED 
Active UNIX domain sockets (w/o servers) 
Proto RefCnt Flags       Type       State         I-Node   Path 
unix  21     [ ]         DGRAM                    7769     /dev/log 
unix  2      [ ]         DGRAM                    7772     /var/spool/postfix/dev/log 
unix  3      [ ]         STREAM     CONNECTED     7248200 
unix  3      [ ]         STREAM     CONNECTED     7110587 
unix  3      [ ]         STREAM     CONNECTED     7886 
unix  3      [ ]         STREAM     CONNECTED     7874 
 
 
 
 
######################### 
###   /usr/bin/lsof   ### 
######################### 
 
list of open files (=lsof). this is kind of like netstat + ps combined. 
the output is application based: there you can see all accessed ports, NW connections, etc. 
but lsof includes stuff like my local emacs window terminal session (tty dev/pts/n) which is not part of netstat 
 
 
e.g. 
 
$ lsof -i 4tcp -a -c process_name 
-i [46][protocol][@hostname|hostaddr][:service:port] 
-c <cmd>  ## grep for the "cmd" 
-a        ## makes the other options AND conditioned. 
          ## For example, specifying -a, -U, and -ufoo produces a listing of only UNIX socket files that belong to processes owned by user "foo". 
 

  1. 2014-06-19 18:18:24 |
  2. Category : unix
  3. Page View:

Google Ads