Developer Forums | About Us | Site Map


Useful Lists

Web Host
site hosted by netplex

Online Manuals

Windows-to-Linux roadmap: Part 7. Networking
By Chris Walden - 2004-07-13 Page:  1 2 3 4

Tools to analyze and monitor

Linux comes with many tools to monitor networking tasks.

We used the ifconfig command above to see the status of the ethernet card. However, ifconfig can configure devices as well as report on them. Suppose you want to set up a temporary network configuration for testing. You could edit the configuration through the distribution tool, but you would need to note all of the settings to put it back when you're done. By using ifconfig, we can configure the card quickly without touching the saved settings:

ifconfig eth0 netmask up

The command above will set eth0 to the address with a Class C IP address and make sure that it is up.

ifconfig eth0 down

The command above will shut down the eth0 device. See the info ifconfig page for full details on using ifconfig.

To activate and deactivate network devices using their saved configurations, use ifup and ifdown, respectively.

# Bring up eth0 using the saved configuration
ifup eth0

# Shut down eth0
ifdown eth0

Use the netstat console command to print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. netstat has several command line switches to control its function. Here are some of the common ones:

Printing network status

netstat -pShows the PID and name of the program to which each socket belongs
netstat -aShows both listening and non-listening sockets
netstat -tShows TCP connections
netstat -uShows UDP connections
netstat -eDisplays additional information; use this option twice for maximum detail

Here's an example of netstat -tp:

Listing 2. Using netstat

[root@cmw-t30 root]# netstat -tp
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
PID/Program name
tcp        0      0 localhost.localdo:29000 *:*                     LISTEN
tcp        0      0 *:10000                 *:*                     LISTEN
tcp        0      0 *:x11                   *:*                     LISTEN
tcp        0      0 *:ftp                   *:*                     LISTEN
tcp        0      0 *:ssh                   *:*                     LISTEN
tcp        0      0 *:ipp                   *:*                     LISTEN
tcp        0      0 *:505                   *:*                     LISTEN
tcp        0      0 localhost.localdoma:ipp localhost.localdo:32772 ESTABLISHED
tcp        0      0 sig-9-65-39-140.m:44916 sdoprods2.austin.i:1352 TIME_WAIT
tcp        0      0       ESTABLISHED
tcp        0      0 localhost.localdo:44954 localhost.localdoma:ipp TIME_WAIT
tcp        0      0 localhost.localdo:44955 localhost.localdoma:ipp TIME_WAIT
tcp        0      0 localhost.localdo:44897 localhost.localdoma:ipp TIME_WAIT
tcp        0      0 localhost.localdo:44902 localhost.localdoma:ipp TIME_WAIT
tcp        0      0 localhost.localdo:44903 localhost.localdoma:ipp TIME_WAIT
tcp        0      0 localhost.localdo:44900 localhost.localdoma:ipp TIME_WAIT
tcp        0      0 localhost.localdo:44901 localhost.localdoma:ipp TIME_WAIT
tcp        0      0    cs9336-61.austin.r:pop3 TIME_WAIT
tcp        0      0 localhost.localdo:32772 localhost.localdoma:ipp ESTABLISHED
tcp        1      0 localhost.localdo:32774 localhost.localdoma:ipp CLOSE_WAIT
tcp        0      0 ESTABLISHED
tcp        0      0 sig-9-65-39-140.m:35061 d03nm119.boulder.i:1352 CLOSE_WAIT
tcp        0      0         ESTABLISHED

I use netstat most often to view connections that are in the LISTEN or ESTABLISHED states. LISTEN are the services on your system that are accepting connections from other machines. ESTABLISHED are the active connections between your machine and others. Make sure you know all of the LISTEN programs that are running. If you see something you don't recognize, it could be a security concern. netstat has many options. Type info netstat at the command line for details.

The route console command lets you show and manipulate the IP routing table.

Listing 3. Using route

[root@cmw-t30 plugins]# route|grep -v ipsec
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface UGH   0      0        0 eth1    *        U     0      0        0 eth1       *            U     0      0        0 lo
default         UG    0      0        0 eth1

Running route with no switches will show the current routing table. You can make very elaborate changes to the routing table using route.

route add default gw

The above command adds a default route (which will be used if no other route matches). All packets using this route will be gatewayed through "". The device that will actually be used for that route depends on how we can reach "" -- the static route to "" will have to be set up before.

route add -net netmask dev eth0

The above command adds a route to the network 192.56.76.x via "eth0." The Class C netmask modifier is not really necessary here because 192.* is a Class C IP address. The word "dev" can be omitted here.

Routing is a very deep subject. Full information about the route options is available with info route.


Linux was designed for networking from the start. It has built into it sophisticated functions that were previously found only on high-end enterprise offerings. However, even with all of this power, configuration of Linux networking is no more complex than configuration in Windows. Tools such as Webmin, redhat-config-network, and YAST allow graphical configuration. Tools such as ifconfig and route allow viewing and modification of network parameters from the console or scripts. Tools such as netstat allow viewing of individual network connections and show their relationships to running processes.

View Windows-to-Linux roadmap: Part 7. Networking Discussion

Page:  1 2 3 4 Next Page: Resources

First published by IBM developerWorks

Copyright 2004-2017 All rights reserved.
Article copyright and all rights retained by the author.