The command /bin/netstat is a generic, all-purpose network information tool. It will give you information about network connections, routing tables, interface statistics, and many other low-level details of your current network configuration. From a security standpoint, one of the most useful options of netstat is its ability to tell you what network ports are currently “open” on your system, what network connections exist, and what state those connections are in. netstat was defined, with examples, in Chapter 21. Here are few more examples, focusing on the security-related information provided by netstat.
Show protocol statistics. This is an example from a moderately busy public web server that has been up for 41 days:
netstat -sIp: 996714394 total packets received 0 forwarded 0 incoming packets discarded 996354233 incoming packets delivered 743668424 requests sent out Icmp: 308127 ICMP messages received 488 input ICMP message failed. ICMP input histogram: destination unreachable: 669 timeout in transit: 2 redirects: 277573 echo requests: 29877 echo replies: 6 48625 ICMP messages sent 0 ICMP messages failed ICMP output histogram: destination unreachable: 18748 echo replies: 29877 Tcp: 4092366 active connection openings 6613024 passive connection openings 28785 failed connection attempts 479914 connection resets received 46 connections established 995776060 segments received 742269993 segments send out 1026415 segments retransmitted 7056 bad segments ...