Network Connection Monitoring (Demo)
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Hello Cybrarians and welcome back to
00:00
the Linux plus course here at Cybrary.
00:00
I'm your instructor Rob Gill.
00:00
In today's lesson, we're going to be
00:00
discussing network connection monitoring.
00:00
Upon completion of today's lesson,
00:00
you're going to understand the purpose
00:00
of the ETC networks file.
00:00
We're also going to use the netstat and SS commands.
00:00
Let's go ahead and monitor the network
00:00
>> and do some demos.
00:00
>> In today's lesson, we're going to go ahead and get
00:00
started over here in CentOS,
00:00
and the first file that we're going to look
00:00
at is the ETC networks files.
00:00
Let's just do it less on ETC networks.
00:00
In this file we can see that we just
00:00
have network named IP address ranges.
00:00
Essentially, a little bit
00:00
backwards from what we saw in ETC host,
00:00
but nothing too crazy.
00:00
Why do we care about this?
00:00
You need to know about
00:00
the ETC networks file for the exam,
00:00
strictly because it's what's
00:00
going to be used by netstat and SS,
00:00
the two commands that we're going to look at next.
00:00
But as I said,
00:00
this file just holds network names to
00:00
IP addresses or IP address ranges.
00:00
For instance, our default,
00:00
the loop back and link local networks on this system.
00:00
Let's go ahead and get out of this very boring file.
00:00
Now let's look at the netstat command.
00:00
Now netstat can be used to monitor
00:00
network connections that are open on a Linux system.
00:00
We can just type in netstat and hit "Enter"
00:00
and we're going to see all stuff.
00:00
This is great, but it's a mess.
00:00
It's a lot of information.
00:00
It's very helpful and useful to use netstat options or
00:00
netstat flags to essentially
00:00
filter the output of netstat.
00:00
Some common netstat flags are netstat-A,
00:00
and this will display all the sockets.
00:00
We can use netstat-I,
00:00
and this will display statistics for the interfaces,
00:00
what's going on with each of
00:00
these interfaces on the system.
00:00
We can use netstat-t,
00:00
and this will display TCP connection.
00:00
We can use u to display
00:00
UDP connections that are on the system.
00:00
We could use dash n to
00:00
tell it to not resolve IP addresses,
00:00
just give us the numeric,
00:00
not resolve the [inaudible] to host names,
00:00
and then I'll just give us IPs for anything,
00:00
and we could use r if we wanted to
00:00
display the routing table on the system.
00:00
The nice thing about netstat is you can combine
00:00
these into like super powered options.
00:00
I like using netstat tuna.
00:00
[LAUGHTER] That's going to get us
00:00
a TCP, UDP connection,
00:00
is not going to resolve the IP addresses,
00:00
and it's going to give us all the sockets.
00:00
That gives us a pretty good output,
00:00
nice and clean and easy to read and
00:00
see what's going on on the system.
00:00
Let's go ahead and move over and take
00:00
a look at our next command.
00:00
We can take a look at the SS command,
00:00
which is short for show sockets.
00:00
Now show sockets SS is a replacement for netstat.
00:00
In fact, it's somewhat of a drop-in replacement.
00:00
A lot of the work that you can do with
00:00
SS is exactly the same as netstat.
00:00
If you display or provide no options to SS,
00:00
it will simply display all open sockets.
00:00
This is a mess just like we saw when we just
00:00
type netstat and hit Enter.
00:00
A couple of helpful options with SS you could use LT,
00:00
and what that will display is listening TCP sockets.
00:00
You can use UT,
00:00
and this will display listening UDB sockets,
00:00
and a will display all info,
00:00
all sockets, and again, there's the mess,
00:00
and we can also display a summary with just SS-S,
00:00
and that'll just give us a summary of
00:00
the various interfaces and TCP sockets,
00:00
UDP sockets on the system.
00:00
But with that, we've come to the end of today's lesson.
00:00
In this lesson we covered
00:00
the purpose and use of the ETC networks file,
00:00
which is basically used by netstat and SSS,
00:00
then we played around with netstat and SSS and we
00:00
learned how to use these two
00:00
commands and what their purposes.
00:00
Thank you so much for being here and I
00:00
look forward to seeing you in the next lesson.
Up Next
Instructed By
Similar Content
