Terminal-icon

Netstat es una herramienta que permite identificar las conexiones TCP que están activas en la máquina en la que se ejecuta el comando. A su vez, esta herramienta crea una lista con todos los puertos TCP y UDP que están abiertos en el ordenador.

El comando “netstat” también permite a su vez obtener estadísticas de numerosos protocolos (Ethernet, IPv4, TCP, UDP, ICMP y IPv6).

Instalación

yum install net-tools [On CentOS/RHEL]
apt install net-tools [On Debian/Ubuntu]
zypper install net-tools [On OpenSuse]
pacman -S netstat-nat [On Arch Linux]

Version Netstat

$ netstat -V
net-tools 2.10-alpha
Fred Baumgarten, Alan Cox, Bernd Eckenfels, Phil Blundell, Tuan Hoang, Brian Micek and others
+NEW_ADDRT +RTF_IRTT +RTF_REJECT +FW_MASQUERADE +I18N +SELINUX
AF: (inet) +UNIX +INET +INET6 +IPX +AX25 +NETROM +X25 +ATALK +ECONET +ROSE -BLUETOOTH
HW: +ETHER +ARC +SLIP +PPP +TUNNEL -TR +AX25 +NETROM +X25 +FR +ROSE +ASH +SIT +FDDI +HIPPI +HDLC/LAPB +EUI64

man Netstat
[Netstat(8) – Linux man page]

Usando Netstat
Ruta de tablas del kernel

$ netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default gateway 0.0.0.0 UG 0 0 0 wlan0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0

Estadísticas de red

$ netstat -ai
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 0 0 0 0 0 0 0 BMU
lo 65536 788 0 0 0 788 0 0 0 LRU
wlan0 1500 1530768 0 0 0 868838 0 0 0 BMRU

Ver Conexiones de Redes

$ netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:4456 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:34349 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:51413 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:37013 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:39191 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:7070 0.0.0.0:* LISTEN
tcp 0 0 192.168.1.7:48252 172.217.3.66:443 ESTABLISHED
tcp 0 0 192.168.1.7:47776 149.154.175.52:80 ESTABLISHED
tcp 0 0 192.168.1.7:43394 149.154.175.52:443 ESTABLISHED
tcp 0 0 192.168.1.7:46938 168.167.90.251:80 ESTABLISHED
tcp 0 1 192.168.1.7:34829 37.145.53.6:51413 SYN_SENT
tcp 0 0 192.168.1.7:39826 149.154.175.52:443 ESTABLISHED
tcp 0 0 192.168.1.7:57526 172.217.8.142:80 ESTABLISHED
tcp 0 0 192.168.1.7:43594 104.27.142.36:80 ESTABLISHED
tcp 0 0 192.168.1.7:46207 209.222.97.121:80 ESTABLISHED
tcp 273680 0 192.168.1.7:36223 81.171.17.23:48188 ESTABLISHED
tcp 366878 0 192.168.1.7:46277 37.48.111.139:51833 ESTABLISHED
tcp 0 0 192.168.1.7:45454 35.166.120.204:443 ESTABLISHED
tcp 518239 0 192.168.1.7:40101 50.243.181.173:50329 ESTABLISHED
tcp6 0 0 :::4456 :::* LISTEN
tcp6 0 0 :::139 :::* LISTEN
tcp6 0 0 :::111 :::* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::51413 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
tcp6 0 0 :::445 :::* LISTEN
tcp6 0 0 :::42691 :::* LISTEN
tcp6 1 0 ::1:46008 ::1:631 CLOSE_WAIT
tcp6 1 0 ::1:46006 ::1:631 CLOSE_WAIT

Ver conexiones de servicios

$ sudo netstat -pnltu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:4456 0.0.0.0:* LISTEN 3836/sshd
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 3190/smbd
tcp 0 0 0.0.0.0:34349 0.0.0.0:* LISTEN 1849/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1792/rpcbind
tcp 0 0 0.0.0.0:51413 0.0.0.0:* LISTEN 7315/transmission-g
tcp 0 0 0.0.0.0:37013 0.0.0.0:* LISTEN 2433/anydesk
tcp 0 0 127.0.0.1:39191 0.0.0.0:* LISTEN 13945/haroopad
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2712/cupsd
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 3190/smbd
tcp 0 0 0.0.0.0:7070 0.0.0.0:* LISTEN 2433/anydesk
tcp6 0 0 :::4456 :::* LISTEN 3836/sshd
tcp6 0 0 :::139 :::* LISTEN 3190/smbd
tcp6 0 0 :::111 :::* LISTEN 1792/rpcbind
tcp6 0 0 :::80 :::* LISTEN 2529/apache2
tcp6 0 0 :::51413 :::* LISTEN 7315/transmission-g
tcp6 0 0 ::1:631 :::* LISTEN 2712/cupsd
tcp6 0 0 :::445 :::* LISTEN 3190/smbd
tcp6 0 0 :::42691 :::* LISTEN 1849/rpc.statd
udp 0 0 0.0.0.0:51659 0.0.0.0:* 2825/avahi-daemon:
udp 0 0 0.0.0.0:46610 0.0.0.0:* 7315/transmission-g
udp 0 0 0.0.0.0:68 0.0.0.0:* 3448/dhclient
udp 0 0 0.0.0.0:111 0.0.0.0:* 1792/rpcbind
udp 0 0 0.0.0.0:631 0.0.0.0:* 2593/cups-browsed
udp 0 0 192.168.1.7:123 0.0.0.0:* 2775/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 2775/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 2775/ntpd
udp 0 0 192.168.1.255:137 0.0.0.0:* 2474/nmbd
udp 0 0 192.168.1.7:137 0.0.0.0:* 2474/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:* 2474/nmbd
udp 0 0 192.168.1.255:138 0.0.0.0:* 2474/nmbd
udp 0 0 192.168.1.7:138 0.0.0.0:* 2474/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:* 2474/nmbd
udp 0 0 0.0.0.0:661 0.0.0.0:* 1792/rpcbind
udp 0 0 0.0.0.0:46777 0.0.0.0:* 1849/rpc.statd
udp 0 0 0.0.0.0:51413 0.0.0.0:* 7315/transmission-g
udp 0 0 0.0.0.0:5353 0.0.0.0:* 2825/avahi-daemon:
udp 0 0 127.0.0.1:753 0.0.0.0:* 1849/rpc.statd
udp 0 0 0.0.0.0:40194 0.0.0.0:* 7315/transmission-g
udp 0 0 0.0.0.0:50001 0.0.0.0:* 2433/anydesk
udp6 0 0 :::37966 :::* 1849/rpc.statd
udp6 0 0 :::111 :::* 1792/rpcbind
udp6 0 0 fe80::da68:c52a:abd:123 :::* 2775/ntpd
udp6 0 0 ::1:123 :::* 2775/ntpd
udp6 0 0 :::123 :::* 2775/ntpd
udp6 0 0 :::661 :::* 1792/rpcbind
udp6 0 0 :::5353 :::* 2825/avahi-daemon:
udp6 0 0 :::50489 :::* 2825/avahi-daemon:

Espero que les haya servido, how to cortesía de M3rsy, que lo pueden encontrar en Telegram.