014.01.42.4. How can you identify and view the open TCP connections on a Linux machine using the netstat command? Provide an example of interpreting netstat output related to TCP connections.
TCP connections can be identified by using the pair of IP addresses and port numbers. To view the connections currently open on the machine, we use the netstat command. Here's how the output looks like:-
netstat -nt Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 192.168.28.106:59322 128.199.210.88:443 ESTABLISHED tcp 0 0 192.168.28.106:37968 34.107.243.93:443 ESTABLISHED tcp 0 0 192.168.28.106:34726 13.35.191.69:443 ESTABLISHED tcp 0 0 192.168.28.106:47420 52.7.132.175:443 ESTABLISHED tcp 0 0 192.168.28.106:45616 54.237.141.212:443 ESTABLISHED tcp 0 0 192.168.28.106:45489 208.115.231.82:80 ESTABLISHED
Here, the local address is the address from the machine's point of view, and the foreign address is the address from where the machine is connected. Hre
To identify and view open TCP connections on a Linux machine using the netstat command, one can follow these steps:
Use the following netstat command to display open TCP connections:
netstat -nt
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.1.38:42714 52.111.244.0:443 ESTABLISHED
tcp 0 0 192.168.1.38:55830 52.108.8.12:443 ESTABLISHED
tcp 0 0 192.168.1.38:46872 172.67.176.240:443 ESTABLISHED
tcp 0 0 192.168.1.38:56348 199.232.254.133:443 ESTABLISHED
tcp 0 0 192.168.1.38:53714 34.235.253.207:443 ESTABLISHED
tcp 0 0 192.168.1.38:39102 13.35.191.26:443 ESTABLISHED
tcp 0 0 192.168.1.38:43724 13.107.42.12:443 ESTABLISHED
Proto: The protocol used (in this case, TCP).
Recv-Q and Send-Q: Receive and send queue sizes (usually 0 for established connections).
Local Address: The local IP address and port number.
Foreign Address: The remote IP address and port number.
State: The current state of the connection (e.g., ESTABLISHED, CLOSE_WAIT, etc.).
In this case, the machine has several established TCP connections, each showing the local and foreign addresses as well as the connection state (ESTABLISHED).
