Linux Tutorials - Herong's Tutorial Examples - v5.45, by Herong Yang
Monitor Network Services on CentOS
This section provides a tutorial example on how to use different tools, netstat (Network Status), lsof (List of Open Files), ss (Socket Statistics), to monitor network services on CentOS systems.
With network firewall configured, the next task is to monitor network services. Here are the tools you can use on CentOS 8 systems:
1. /etc/services - Network service list file which contains service names and their default IP ports.
herong$ sudo cat /etc/services | more # Network services, Internet style # IANA services version: last updated 2016-07-08 # The Well Known Ports are those from 0 through 1023. # The Registered Ports are those from 1024 through 49151 # The Dynamic and/or Private Ports are those from 49152 through 65535 tcpmux 1/tcp # TCP port service multiplexer tcpmux 1/udp # TCP port service multiplexer rje 5/tcp # Remote Job Entry rje 5/udp # Remote Job Entry echo 7/tcp echo 7/udp discard 9/tcp sink null discard 9/udp sink null systat 11/tcp users systat 11/udp users daytime 13/tcp daytime 13/udp qotd 17/tcp quote qotd 17/udp quote chargen 19/tcp ttytst source chargen 19/udp ttytst source ftp-data 20/tcp ftp-data 20/udp ftp 21/tcp ftp 21/udp fsp fspd ssh 22/tcp # The Secure Shell (SSH) Protocol ssh 22/udp # The Secure Shell (SSH) Protocol telnet 23/tcp telnet 23/udp ...
2. List currently active Internet connections with the "netstat (Network Status)" command:
herong$ netstat -atu Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN tcp 0 0 localhost.locald:domain 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN tcp 0 0 localhost:ipp 0.0.0.0:* LISTEN tcp 0 208 localhost.localdoma:ssh 192.168.1.11:49256 ESTABLISHED tcp 0 0 localhost.localdoma:ssh 192.168.1.11:49600 ESTABLISHED tcp6 0 0 [::]:sunrpc [::]:* LISTEN tcp6 0 0 [::]:http [::]:* LISTEN tcp6 0 0 [::]:ssh [::]:* LISTEN tcp6 0 0 localhost:ipp [::]:* LISTEN tcp6 0 0 [::]:mysqlx [::]:* LISTEN tcp6 0 0 [::]:mysql [::]:* LISTEN udp 0 0 localhost.locald:domain 0.0.0.0:* udp 0 0 0.0.0.0:bootps 0.0.0.0:* udp 0 0 localhost.locald:bootpc 0.0.0.0:* udp 0 0 0.0.0.0:sunrpc 0.0.0.0:* udp 0 0 0.0.0.0:37044 0.0.0.0:* udp 0 0 localhost:323 0.0.0.0:* udp 0 0 0.0.0.0:mdns 0.0.0.0:* udp6 0 0 [::]:sunrpc [::]:* udp6 0 0 localhost:323 [::]:* udp6 0 0 [::]:45574 [::]:* udp6 0 0 [::]:mdns [::]:*
3. List Of Open Files (lsof) related to IP connections with the "lsof" command:
herong$ sudo lsof -i COMMAND PID USER FD TYPE DEVICE NODE NAME systemd 1 root 436u IPv4 16254 TCP *:sunrpc (LISTEN) systemd 1 root 437u IPv4 16255 UDP *:sunrpc systemd 1 root 438u IPv6 16256 TCP *:sunrpc (LISTEN) systemd 1 root 439u IPv6 16257 UDP *:sunrpc rpcbind 1206 rpc 4u IPv4 16254 TCP *:sunrpc (LISTEN) rpcbind 1206 rpc 5u IPv4 16255 UDP *:sunrpc rpcbind 1206 rpc 6u IPv6 16256 TCP *:sunrpc (LISTEN) rpcbind 1206 rpc 7u IPv6 16257 UDP *:sunrpc avahi-dae 1248 avahi 12u IPv4 29292 UDP *:mdns avahi-dae 1248 avahi 13u IPv6 29293 UDP *:mdns avahi-dae 1248 avahi 14u IPv4 29294 UDP *:37044 avahi-dae 1248 avahi 15u IPv6 29295 UDP *:45574 chronyd 1251 chrony 5u IPv4 26492 UDP localhost:323 chronyd 1251 chrony 6u IPv6 26493 UDP localhost:323 NetworkMa 1451 root 22u IPv4 994410 UDP localhost.localdomain:bootpc sshd 1483 root 5u IPv4 32847 TCP *:ssh (LISTEN) sshd 1483 root 7u IPv6 32849 TCP *:ssh (LISTEN) dnsmasq 2174 dnsmasq 3u IPv4 34607 UDP *:bootps dnsmasq 2174 dnsmasq 5u IPv4 34610 UDP localhost.localdomain:domain dnsmasq 2174 dnsmasq 6u IPv4 34611 TCP localhost.localdomain:domain (LISTEN) sshd 2941 root 5u IPv4 1007861 TCP localhost.localdomain:ssh ->192.168.1.11:49600 (ESTABLISHED) sshd 2945 herong 5u IPv4 1007861 TCP localhost.localdomain:ssh ->192.168.1.11:49600 (ESTABLISHED) mysqld 3392 mysql 32u IPv6 557420 TCP *:mysql (LISTEN) mysqld 3392 mysql 34u IPv6 556565 TCP *:mysqlx (LISTEN) cupsd 6882 root 9u IPv6 59565 TCP localhost:ipp (LISTEN) cupsd 6882 root 10u IPv4 59566 TCP localhost:ipp (LISTEN) httpd 14246 apache 4u IPv6 291420 TCP *:http (LISTEN) httpd 14247 apache 4u IPv6 291420 TCP *:http (LISTEN) httpd 14248 apache 4u IPv6 291420 TCP *:http (LISTEN) httpd 19007 root 4u IPv6 291420 TCP *:http (LISTEN)
4. Dump socket statistics with the "ss" command:
herong$ sudo ss -lntu Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port udp UNCONN 0 0 192.168.122.1:53 0.0.0.0:* udp UNCONN 0 0 0.0.0.0%virbr0:67 0.0.0.0:* udp UNCONN 0 0 192.168.1.100%eno1:68 0.0.0.0:* udp UNCONN 0 0 0.0.0.0:111 0.0.0.0:* udp UNCONN 0 0 0.0.0.0:37044 0.0.0.0:* udp UNCONN 0 0 127.0.0.1:323 0.0.0.0:* udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:* udp UNCONN 0 0 [::]:111 [::]:* udp UNCONN 0 0 [::1]:323 [::]:* udp UNCONN 0 0 [::]:45574 [::]:* udp UNCONN 0 0 [::]:5353 [::]:* tcp LISTEN 0 128 0.0.0.0:111 0.0.0.0:* tcp LISTEN 0 32 192.168.122.1:53 0.0.0.0:* tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* tcp LISTEN 0 5 127.0.0.1:631 0.0.0.0:* tcp LISTEN 0 128 [::]:111 [::]:* tcp LISTEN 0 128 *:80 *:* tcp LISTEN 0 128 [::]:22 [::]:* tcp LISTEN 0 5 [::1]:631 [::]:* tcp LISTEN 0 70 *:33060 *:* tcp LISTEN 0 128 *:3306 *:*
Table of Contents
Cockpit - Web Portal for Administrator
SELinux - Security-Enhanced Linux
Setup Ethernet Connection on CentOS
Network Firewall Tools on CentOS
"firewalld" and "firewall-cmd" on CentOS
Manage Multiple Firewall Zones
"nftables" and "nft" on CentOS
"nmap" - Network Mapper on CentOS
►Monitor Network Services on CentOS
"ifconfig" - Trace Routes to Remote Host
"traceroute" - Trace Routes to Remote Host
"netstat" - Display Network Statistics
SSH Protocol and ssh/scp Commands
Software Package Manager on CentOS - DNF and YUM
vsftpd - Very Secure FTP Daemon