Different approaches to list open network connnections on your Linux server

Often we have good reasons to ask, who is connecting to our server or what process is using which port? There are some simple ways to verify that. A good start is always the NETSTAT command.

With the option ‘t’ we only display TCP connection and ‘n’ is for numeric only – avoid name resolution. We can make this of course easier to read and just use some of the Linux shell goodies:

Here we see only connections to port 80, all unwanted information stripped off and even the number of active connection in front of every IP.

Another good thing to know, which process is listening on which port. Especially when a host is under suspicion to have been hacked:

The ‘a’ shows all network connections, the parameter ‘t’ limits it to TCP only . With the ‘n’ parameter we are avoiding the known ports to be translated into text (e.g. 22 to SSH). Finally the ‘GREP LISTEN’ makes sure to only show the interesting part of the whole output – which processes are listening to a port.

Another approach would be to use LSOF, it can also show open network connections:

I prefer netstat, as you can find it on all systems. Same does not necessarily apply for lsof.


Leave a Reply