FreeBSD List / Display Open Ports With sockstat Command

in Categories FreeBSD, Hardware, Howto, Monitoring, Networking last updated February 8, 2008

You can use traditional netstat / lsof command to lists open Internet or UNIX domain sockets on FreeBSD. FreeBSD comes with a simple and easy to use command called sockstat.
The -4 option only displays IPv4 sockets.

The -6 option only displays IPv6 sockets.

The -c option only displays connected sockets.

The -l option only displays listening sockets (open port).

For example, display IPv4 related open ports, enter:
# sockstat -4 -l

root     sendmail   653   3  tcp4          *:*
root     sshd       647   3  tcp4        *:*
root     ntpd       616   4  udp4   *:123                 *:*

Here the equivalent of netstat:
$ netstat -nat | grep LISTEN
For information read sockstat command man page:
$ man sockstat

Get Information about All Running Services Remotely

in Categories Debian Linux, FreeBSD, Gentoo Linux, Hardware, Howto, Linux last updated January 29, 2008

From my mailbag the other day I received an interesting suggestion about obtaining information regarding all running process and network connections remotely using inetd / xinetd :

SSH client can be used to execute a command(s) on a remote UNIX box. Same technique can be used to get current network and system information using netstat information:
ssh you@remotebox netstat -a
ssh you@remotebox netstat -tulpn

He suggests that above command can be run via inetd / xinetd so that admin can connect easily and get information using telnet from 100s UNIX boxes. All you have to do is open /etc/inetd.conf under UNIX / Linux:
# vi /etc/inetd.conf
Append following line:
netstat stream tcp nowait root /bin/netstat netstat -a
Restart inetd:
# /etc/init.d/openbsd-inetd restart
Next, use telnet to connect to the netstat service (port 15) and get network connection information:
$ telnet server-name netstat
$ telnet 15


Connected to
Escape character is '^]'.
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 *:6881                  *:*                     LISTEN
tcp        0      0 *:6081                  *:*                     LISTEN
tcp        0      0 *:nfs                   *:*                     LISTEN
tcp        0      0 localhost:6082          *:*                     LISTEN
tcp        0      0 *:54053                 *:*                     LISTEN
tcp        0      0 *:59275                 *:*                     LISTEN
tcp        0      0 *:netstat               *:*                     LISTEN
tcp        0      0 *:sunrpc                *:*                     LISTEN
tcp        0      0 localhost:webcache      *:*                     LISTEN
tcp        0      0 *:43218                 *:*                     LISTEN
tcp        0      0 *:domain                *:*                     LISTEN
tcp        0      0 localhost:ipp           *:*                     LISTEN
tcp        0      0 *:telnet                *:*                     LISTEN
tcp        0      0 *:3128                  *:*                     LISTEN
tcp        0      0 localhost:smtp          *:*                     LISTEN
tcp        0      1 vivek-desktop.loc:48925 bas4-kitchener06-:56662 SYN_SENT
tcp        0      0 vivek-desktop.loc:54791 customer5673.pool:16273 ESTABLISHED
tcp        0      0 vivek-desktop.loc:38398 59.94.1xx.yy:45483      ESTABLISHED
tcp        0      0 vivek-desktop.loc:42048 60.21.zz.yyy:23235       ESTABLISHED
unix  3      [ ]         STREAM     CONNECTED     15973
unix  3      [ ]         STREAM     CONNECTED     15947    /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     15946
unix  3      [ ]         STREAM     CONNECTED     15936    /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     15935
unix  2      [ ]         DGRAM                    15931
unix  3      [ ]         STREAM     CONNECTED     15916
unix  3      [ ]         STREAM     CONNECTED     15915
unix  2      [ ]         DGRAM                    15906
Connection closed by foreign host.

There are few problems with this solution:
a] Unnecessary service running at port # 15

b] Telnet protocol is not secure

c] I strongly recommend using ssh and password-less login for scripts to obtain this kind of information:
ssh user@remote-box netstat -a
ssh user@remote-box df -H
ssh user@remote-box free -m
ssh user@remote-box /path/to/

Howto: Ubuntu Linux convert DHCP network configuration to static IP configuration

in Categories Ubuntu Linux last updated September 13, 2006

My friend wanted to know how to change or convert DHCP network configuration to static configuration. After initial installation, he wanted to change network settings. Further, his system is w/o GUI system aka X Windows. Here is quick way to accomplish the same:

Your main network configuration file is /etc/network/interfaces

Desired new sample settings:
=> Host IP address
=> Netmask:
=> Network ID:
=> Broadcast IP:
=> Gateway/Router IP:
=> DNS Server:

Open network configuration file
$ sudo vi /etc/network/interfacesOR$ sudo nano /etc/network/interfaces

Find and remove dhcp entry:
iface eth0 inet dhcp

Append new network settings:

iface eth0 inet static

Save and close the file. Restart the network:
$ sudo /etc/init.d/networking restart

Task: Define new DNS servers

Open /etc/resolv.conf file
$ sudo vi /etc/resolv.conf

You need to remove old DNS server assigned by DHCP server:

Save and close the file.

Task: Test DNS server

$ host

Network command line cheat sheet

You can also use commands to change settings. Please note that these settings are temporary and not the permanent. Use above method to make network changes permanent or GUI tool as described below.

Task: Display network interface information

$ ifconfig

Task: Take down network interface eth0 / take a network interface down

$ sudo ifconfig eth0 downOR $ sudo ifdown eth0

Task: Bring a network interface eth0 up

$ sudo ifconfig eth0 upOR$ sudo ifup eth0

Task: Change IP address and netmask from command line

Activate network interface eth0 with a new IP ( / netmask:
$ sudo ifconfig eth0 netmask up

Task: Display the routing table

$ /sbin/route OR$ /sbin/route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
localnet        *        U     0      0        0 ra0    *        U     0      0        0 eth0    *        U     0      0        0 eth1
default         UG    0      0        0 ra0

Task: Add a new gateway

$ sudo route add default gw

Task: Display current active Internet connections (servers and established connection)

$ netstat -nat

Task: Display open ports

$ sudo netstat -tulpOR$ sudo netstat -tulpn

Task: Display network interfaces stats (RX/TX etc)

$ netstat -i

Task: Display output for active/established connections only

$ netstat -e
$ netstat -te
$ netstat -tue


  • -t : TCP connections
  • -u : UDP connections
  • -e : Established

Task: Test network connectivity

Send ICMP ECHO_REQUEST to network hosts, routers, servers etc with ping command. This verifies connectivity exists between local host and remote network system:
$ ping router
$ ping
$ ping

See simple Linux system monitoring with ping command and scripts for more information.

Task: Use GUI (Graphical Configuration) network Tool

If you are new, use GUI configuration tool, type the following command at terminal:
$ network-admin &

Above command is Ubuntu’s GUI for configuring network connections tool.

Final tip – Learn how find out more information about commands

A man page is your best friend when you wanted to learn more about particular command or syntax. For example, read detailed information about ifconfig and netstat command:
$ man ifconfig
$ man netstat

Just get a short help with all command options by appending –help option to each command:
$ netstat --help

Find out what command is used for particular task by searching the short descriptions and manual page names for the keyword:
$ man -k 'delete directory'
$ apropos -s 1 remove

Display short descriptions of a command:
$ whatis rm
$ whatis netstat

Linux offers an excellent collection of utilities, which can be use to finding the files and executables, remember you cannot memorize all the commands and files 😉

How Do I Drop or Block Attackers IP Address With Null Routes On a Linux?

in Categories Iptables, Linux, Security last updated May 25, 2006

Someone might attack on your Linux based system. You can drop attacker IP using IPtables. However, you can use route or ip command to null route unwanted traffic. A null route (also called as blackhole route) is a network route or kernel routing table entry that goes nowhere. Matching packets are dropped (ignored) rather than forwarded, acting as a kind of very limited firewall. The act of using null routes is often called blackhole filtering.

You can nullroute (like some time ISP do prevent your network device from sending any data to a remote system) stopping various attacks coming from a single IP (read as spammers or hackers) using the following syntax on a Linux based system.

How to: Troubleshoot UNIX / Linux BIND DNS server problems

in Categories BIND Dns, CentOS, Debian Linux, FreeBSD, Gentoo Linux, GNU/Open source, Howto, Linux, OpenBSD, RedHat/Fedora Linux, Suse Linux, Sys admin, Troubleshooting, Tuning, UNIX last updated November 19, 2004

BIND is the Berkeley Internet Name Domain, DNS server. It is wildly used on UNIX and Linux like oses. You can use following tools to troubleshoot bind related problems under UNIX or Linux oses.

Task: Port 53 open and listing requests

By default BIND listen DNS queries on port 53. So make sure port 53 is open and listing user requests. by running any one of the following tests. See if you can telnet to port 53 from remote computer:
$ telnet remote-server-ip 53
telnet domain

Connected to
Escape character is '^]'.

If you cannot connect make sure firewall is not blocking your requests. Next use netstat command to list open and listing port 53 on server itself:
$ netstat -tulpn | grep :53
# netstat -atve

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode
tcp        0      0 *:*                     LISTEN      named      10386
tcp        0      0     *:*                     LISTEN      named      10384
tcp        0      0 *:ssh                   *:*                     LISTEN      root       1785
tcp        0      0       *:*                     LISTEN      named      10388
tcp        0      0       *:*                     LISTEN      root       1873
tcp        0      0   ESTABLISHED root       10501
tcp        0      0     TIME_WAIT   root       0
tcp        0      0 TIME_WAIT   root       0
tcp        0      0     TIME_WAIT   root       0

Make sure iptables firewall is not blocking request on server:
# iptables -L -n
# iptables -L -n | less
Make sure named is running:
# /etc/init.d/named status
If not start named:
# chkconfig named on
# service named start

Task: Use log files

You can use log files after starting/restarting bind to see error messages:
# tail –f /var/log/message

Nov 17 16:50:25 rhx named[3539]: listening on IPv4 interface lo,
Nov 17 16:50:25 rhx named[3539]: listening on IPv4 interface eth0,
Nov 17 16:50:25 rhx named[3539]: command channel listening on
Nov 17 16:50:25 rhx named[3539]: zone loaded serial 1997022700
Nov 17 16:50:25 rhx named[3539]: no TTL specified; using SOA MINTTL instead
Nov 17 16:50:25 rhx named[3539]: zone loaded serial 12
Nov 17 16:50:25 rhx named[3539]: zone localhost/IN: loaded serial 42
Nov 17 16:50:25 rhx named[3539]: zone loaded serial 12
Nov 17 16:50:25 rhx named[3539]: running

Task: Check zone file for errors

You can check zone file syntax and /etc/named.conf file using following utilities. named-checkconf command is named (BIND) configuration file syntax checking tool.
# named-checkconf /etc/named.conf

/etc/named.conf:32: missing ';' before 'zone'

Plesse note that if named-checkconf did not find any errors it will not display in output on screen.

Check zone file syntax for errors. named-checkzone is zone file validity checking tool. named-checkzone checks the syntax and integrity of a zone file. It performs the same checks as named does when loading a zone. This makes named checkzone useful for checking zone files before configuring them into a name server.
# named-checkzone localhost /var/named/
#named-checkzone /var/named/

zone loaded serial 12

Task: Testing BIND/DNS with utilities

You can use host and dig utilties to test your bind configuration.

  • host: host is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa.
  • dig: dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than dig.

List IP address associated with host names:
# host
# host www
Output: has address

Perform a zone transfer for zone name using -l option:
# host -l SOA 12 10800 900 604800 86400 name server mail is handled by 10 has address has address has address has address has address has address SOA 12 10800 900 604800 86400

Other examples
# dig
# dig