Cara Menggunakan Netstat pada Linux

Posted by on Oktober 12, 2010 | 1 Comment

Netstat kependekan dari Network Statistik, adalah sebuah tool yang berfungsi untuk menampilkan informasi lalu lintas transfer data dalam sebuah jaringan komputer. Baik itu transfer data yang keluar masuk di dalam jaringan maupun informasi routing table dan informasi interface jaringan bisa di tampilkan menggunakan command netstat ini. Pada kesempatan ini saya akan berbagi beberapa command netstat yang bisa anda gunakan dan anda coba.

1. Menampilkan semua port yang sedang terbuka, baik itu both listening dan non listening ports
menampilkan semua port yang terbuka dengan netstat -a

root@smasa:~# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 *:3128                  *:*                     LISTEN
tcp        0      0 localhost:953           *:*                     LISTEN
tcp        0      0 *:221                   *:*                     LISTEN
tcp        0      0 localhost:mysql         *:*                     LISTEN
tcp        0      0 *:http-alt              *:*                     LISTEN
tcp        0      0 smasa:domain            *:*                     LISTEN
tcp        0      0 192.168.1.2:domain      *:*                     LISTEN
tcp        0      0 localhost:domain        *:*                     LISTEN
tcp        0      0 smasa:3128              192.168.0.121:2719      ESTABLISHED
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     5634     /var/run/clamav/clamd.ctl
unix  2      [ ACC ]     STREAM     LISTENING     4868     /var/run/mysqld/mysqld.sock
unix  2      [ ACC ]     STREAM     LISTENING     3114     @/com/ubuntu/upstart
unix  2      [ ]         DGRAM                    3172     @/org/kernel/udev/ude

Menampilkan semua TCP port yang terbuka dengan netstat -at

root@smasa:~# netstat -at

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address           Foreign Address         State

tcp        0      0 *:3128                  *:*                     LISTEN

tcp        0      0 localhost:953           *:*                     LISTEN

tcp        0      0 *:221                   *:*                     LISTEN

tcp        0      0 localhost:mysql         *:*                     LISTEN

tcp        0      0 *:http-alt              *:*                     LISTEN

tcp        0      0 smasa:domain            *:*                     LISTEN

tcp        0      0 192.168.1.2:domain      *:*                     LISTEN

tcp        0      0 localhost:domain        *:*                     LISTEN

tcp        0      0 localhost:41033         localhost:http-alt      ESTABLISHED

tcp        0      0 smasa:3128              192.168.0.121:2719      ESTABLISHED

tcp        0      0 smasa:3128              192.168.0.121:2722      ESTABLISHED

tcp        0      0 smasa:3128              192.168.0.138:1600      TIME_WAIT

tcp        0      0 localhost:http-alt      localhost:45605         TIME_WAIT

tcp        0      0 smasa:3128              192.168.0.138:1621      TIME_WAIT

tcp        0      0 smasa:3128              192.168.0.138:1609      TIME_WAIT

tcp        0      0 192.168.1.2:54349       www-12-02.snc5.face:www TIME_WAIT

tcp        0      0 192.168.1.2:52098       58.27.22.64:www         TIME_WAIT

tcp        0      0 smasa:3128              192.168.0.138:1605      TIME_WAIT

tcp        0      0 192.168.1.2:40230       upload-03-07-snc1.f:www TIME_WAIT

tcp        0      0 smasa:3128              192.168.0.121:2730      ESTABLISHED

tcp        0      0 smasa:3128              192.168.0.138:1602      TIME_WAIT

tcp        0      0 192.168.1.2:36686       www-11-03-ash2.face:www TIME_WAIT

tcp        0      0 localhost:http-alt      localhost:34051         TIME_WAIT

tcp        0      0 192.168.1.2:54348       www-12-02.snc5.face:www TIME_WAIT

tcp        0      0 192.168.1.2:47032       upload-01-01-snc4.f:www ESTABLISHED

tcp        0      0 smasa:3128              192.168.0.121:2716      ESTABLISHED

tcp        0      0 192.168.1.2:54351       www-12-02.snc5.face:www TIME_WAIT

tcp        0      0 192.168.1.2:49172       www-11-03-ash2.face:www ESTABLISHED

tcp        0      0 smasa:3128              192.168.0.121:2709      ESTABLISHED

tcp        0      0 smasa:221               192.168.0.138:1624      ESTABLISHED

tcp        0      0 192.168.1.2:54353       www-12-02.snc5.face:www TIME_WAIT

tcp        0      0 smasa:3128              192.168.0.138:1620      TIME_WAIT

tcp        0      0 smasa:3128              192.168.0.121:2737      ESTABLISHED

tcp        0      0 localhost:http-alt      localhost:56517         TIME_WAIT

tcp        0      0 smasa:3128              192.168.0.121:2711      ESTABLISHED

tcp        0      0 smasa:3128              192.168.0.121:2728      ESTABLISHED

tcp        0      0 smasa:3128              192.168.0.138:1592      TIME_WAIT

tcp        0      0 smasa:3128              192.168.0.121:2718      ESTABLISHED

tcp        0      0 smasa:3128              192.168.0.121:2723      ESTABLISHED

tcp        0      0 smasa:3128              192.168.0.121:2731      ESTABLISHED

tcp        0      0 smasa:3128              192.168.0.121:2732      ESTABLISHED

tcp        0      0 192.168.1.2:54983       58.27.22.90:www         TIME_WAIT

tcp        0      0 localhost:http-alt      localhost:47076         TIME_WAIT

tcp        0      0 smasa:3128              192.168.0.138:1603      TIME_WAIT

tcp        0      0 192.168.1.2:47471       www-12-02.snc5.face:www TIME_WAIT

tcp        0      0 192.168.1.2:53474       www-11-03-ash2.face:www ESTABLISHED

tcp        0      0 smasa:3128              192.168.0.121:2715      ESTABLISHED

tcp        0      0 192.168.1.2:54357       www-12-02.snc5.face:www TIME_WAIT

tcp        0      0 localhost:http-alt      localhost:54496         TIME_WAIT

tcp        0      0 localhost:http-alt      localhost:41033         ESTABLISHED

tcp        0      0 smasa:3128              192.168.0.121:2727      ESTABLISHED

tcp        0      0 smasa:3128              192.168.0.121:2729      ESTABLISHED

tcp        0      0 smasa:3128              192.168.0.138:1604      TIME_WAIT

tcp        0      0 192.168.1.2:54352       www-12-02.snc5.face:www TIME_WAIT

tcp        0      0 192.168.1.2:32774       58.27.22.51:www         TIME_WAIT

tcp        0      0 smasa:3128              192.168.0.121:2734      ESTABLISHED

tcp        0      0 smasa:3128              192.168.0.121:2720      ESTABLISHED

tcp        0      0 smasa:3128              192.168.0.121:2717      ESTABLISHED

tcp        0      0 192.168.1.2:54354       www-12-02.snc5.face:www TIME_WAIT

tcp        0      0 smasa:3128              192.168.0.121:2736      ESTABLISHED

tcp        0      0 smasa:3128              192.168.0.121:2735      ESTABLISHED

tcp6       0      0 localhost:953           [::]:*                  LISTEN

tcp6       0      0 [::]:221                [::]:*                  LISTEN

tcp6       0      0 [::]:www                [::]:*                  LISTEN

tcp6       0      0 [::]:domain             [::]:*                  LISTEN

Menampilkan semua UDP port yang terbuka dengan netstat -au

root@smasa:~# netstat -au

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address           Foreign Address         State

udp        0      0 *:37259                 *:*

udp        0      0 smasa:domain            *:*

udp        0      0 192.168.1.2:domain      *:*

udp        0      0 localhost:domain        *:*

udp        0      0 *:icpv2                 *:*

udp        0      0 *:bootps                *:*

udp        0      0 *:3401                  *:*

udp6       0      0 [::]:domain             [::]:*

2. Menampilkan socket yang terbuka dan sedang aktif
Menampilkan port yang aktif atau listening saja dengan netstat -l

root@smasa:~# netstat -l

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State

tcp        0      0 *:3128                  *:*                     LISTEN

tcp        0      0 localhost:953           *:*                     LISTEN

tcp        0      0 *:221                   *:*                     LISTEN

tcp        0      0 localhost:mysql         *:*                     LISTEN

tcp        0      0 *:http-alt              *:*                     LISTEN

tcp        0      0 smasa:domain            *:*                     LISTEN

tcp        0      0 192.168.1.2:domain      *:*                     LISTEN

tcp        0      0 localhost:domain        *:*                     LISTEN

tcp6       0      0 localhost:953           [::]:*                  LISTEN

tcp6       0      0 [::]:221                [::]:*                  LISTEN

tcp6       0      0 [::]:www                [::]:*                  LISTEN

tcp6       0      0 [::]:domain             [::]:*                  LISTEN

udp        0      0 *:37259                 *:*

udp        0      0 smasa:domain            *:*

udp        0      0 192.168.1.2:domain      *:*

udp        0      0 localhost:domain        *:*

udp        0      0 *:icpv2                 *:*

udp        0      0 *:bootps                *:*

udp        0      0 *:3401                  *:*

udp6       0      0 [::]:domain             [::]:*

raw        0      0 *:icmp                  *:*                     7

Active UNIX domain sockets (only servers)

Proto RefCnt Flags       Type       State         I-Node   Path

unix  2      [ ACC ]     STREAM     LISTENING     5634     /var/run/clamav/clamd.ctl

unix  2      [ ACC ]     STREAM     LISTENING     4868     /var/run/mysqld/mysqld.sock

unix  2      [ ACC ]     STREAM     LISTENING     3114     @/com/ubuntu/upstart

Jika hanya ingin menampilkan port TCP yang aktif gunakan perintah netstat -lt

root@smasa:~# netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 *:3128                  *:*                     LISTEN
tcp        0      0 localhost:953           *:*                     LISTEN
tcp        0      0 *:221                   *:*                     LISTEN
tcp        0      0 localhost:mysql         *:*                     LISTEN
tcp        0      0 *:http-alt              *:*                     LISTEN
tcp        0      0 smasa:domain            *:*                     LISTEN
tcp        0      0 192.168.1.2:domain      *:*                     LISTEN
tcp        0      0 localhost:domain        *:*                     LISTEN
tcp6       0      0 localhost:953           [::]:*                  LISTEN
tcp6       0      0 [::]:221                [::]:*                  LISTEN
tcp6       0      0 [::]:www                [::]:*                  LISTEN
tcp6       0      0 [::]:domain             [::]:*                  LISTEN

Jika hanya ingin menampilkan port UDP yang aktif gunakan perintah netstat -lu

root@smasa:~# netstat -lu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
udp        0      0 *:37259                 *:*
udp        0      0 smasa:domain            *:*
udp        0      0 192.168.1.2:domain      *:*
udp        0      0 localhost:domain        *:*
udp        0      0 *:icpv2                 *:*
udp        0      0 *:bootps                *:*
udp        0      0 *:3401                  *:*
udp6       0      0 [::]:domain             [::]:*

Jika hanya ingin menampilkan UNIX port yang aktif gunakan perintah netstat -lx

root@smasa:~# netstat -lx
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     5634     /var/run/clamav/clamd.ctl
unix  2      [ ACC ]     STREAM     LISTENING     4868     /var/run/mysqld/mysqld.sock
unix  2      [ ACC ]     STREAM     LISTENING     3114     @/com/ubuntu/upstart

3. Menampilkan Statistik Protokol yang digunakan
Gunakan netstat -s untuk menampilkan statistik protokol yang digunakan

root@smasa:~# netstat -s
Ip:
1889032 total packets received
48069 forwarded
0 incoming packets discarded
1840963 incoming packets delivered
2102145 requests sent out
Icmp:
742 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
destination unreachable: 734
echo requests: 7
echo replies: 1
2331 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 2301
echo request: 23
echo replies: 7
IcmpMsg:
InType0: 1
InType3: 734
InType8: 7
OutType0: 7
OutType3: 2301
OutType8: 23
Tcp:
69140 active connections openings
41775 passive connection openings
8 failed connection attempts
9199 connection resets received
1 connections estalished
1736445 segments received
1897301 segments send out
59257 segments retransmited
10 bad segments received.
10055 resets sent
Udp:
94756 packets received
2207 packets to unknown port received.
0 packet receive errors
95187 packets sent
UdpLite:
TcpExt:
2 invalid SYN cookies received
6 resets received for embryonic SYN_RECV sockets
59014 TCP sockets finished time wait in fast timer
740 time wait sockets recycled by time stamp
44 packets rejects in established connections because of timestamp
40769 delayed acks sent
2 delayed acks further delayed because of locked socket
Quick ack mode was activated 12326 times
798 times the listen queue of a socket overflowed
798 SYNs to LISTEN sockets dropped
5 packets directly queued to recvmsg prequeue.
11143 bytes directly in process context from backlog
9 bytes directly received in process context from prequeue
377195 packet headers predicted
9 packets header predicted and directly queued to user
345661 acknowledgments not containing data payload received
332325 predicted acknowledgments
17 times recovered from packet loss due to fast retransmit
12 times recovered from packet loss by selective acknowledgements
1 congestion windows recovered without slow start by DSACK
3932 congestion windows recovered without slow start after partial ack
116 TCP data loss events
TCPLostRetransmit: 7
2 timeouts after reno fast retransmit
24 timeouts after SACK recovery
76 timeouts in loss state
59 fast retransmits
4 forward retransmits
1210 retransmits in slow start
16596 other TCP timeouts
3 classic Reno fast retransmits failed
12147 DSACKs sent for old packets
419 DSACKs sent for out of order packets
278 DSACKs received
329 connections reset due to unexpected data
24 connections reset due to early user close
7137 connections aborted due to timeout
TCPDSACKIgnoredOld: 136
TCPDSACKIgnoredNoUndo: 20
TCPSackShiftFallback: 919
IpExt:
InBcastPkts: 6921
InOctets: 1299402395
OutOctets: 1443173077
InBcastOctets: 640866

Catatan: jika ingin menampilkan statistik protokol TCP saja gunakan netstat -st, jika protokol UDP saja netstat -su

4. Menampilkan PID dan nama program
Gunakan perintah netstat -pt

root@smasa:~# netstat -pt
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 localhost:35627         localhost:http-alt      ESTABLISHED 1688/(squid)
tcp        0      0 192.168.1.2:40176       sin01s04-in-f104.1e:www TIME_WAIT   -
tcp        0      0 smasa:221               192.168.0.138:1624      ESTABLISHED 4999/0
tcp        0      0 192.168.1.2:49304       www-10-01-ash2.face:www ESTABLISHED 27357/havp
tcp        0      0 localhost:http-alt      localhost:35627         ESTABLISHED 27357/havp
tcp        0      0 smasa:3128              192.168.0.129:2211      ESTABLISHED 1688/(squid)
tcp        0      0 smasa:3128              192.168.0.129:2210      ESTABLISHED 1688/(squid)

5. Menampilkan informasi kernel routing pada jaringan kita
Gunakan perintah netstat -r untuk menampilkan informasi kernel routing

root@smasa:~# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.1.0     *               255.255.255.0   U         0 0          0 eth0
192.168.0.0     *               255.255.255.0   U         0 0          0 eth1
default         192.168.1.1     0.0.0.0         UG        0 0          0 eth0

6. Menemukan port yang sedang digunakan oleh program tertentu
Misalkan saya ingin menampilkan port yang sedang digunakan oleh SSH, maka perintahnya adalah

root@smasa:~# netstat -ap | grep ssh
tcp        0      0 *:221                   *:*                     LISTEN      1034/sshd
tcp6       0      0 [::]:221                [::]:*                  LISTEN      1034/sshd

7. Menampilkan informasi dari interface yang kita gunakan
contoh ;

root@smasa:~# netstat -i
Kernel Interface table
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0    665297      0      0 0        822533      0      0      0 BMRU
eth1       1500 0    530249      0      0 0        808259      0      0      0 BMRU
lo        16436 0    707965      0      0 0        707965      0      0      0 LRU
root@smasa:~# netstat -ie
Kernel Interface table
eth0      Link encap:Ethernet  HWaddr 00:27:0e:07:b9:15
inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
inet6 addr: fe80::227:eff:fe07:b915/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:665297 errors:0 dropped:0 overruns:0 frame:0
TX packets:822533 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:652127492 (652.1 MB)  TX bytes:126842677 (126.8 MB)
Interrupt:27 Base address:0xc000
eth1      Link encap:Ethernet  HWaddr 00:21:91:17:52:ad
inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
inet6 addr: fe80::221:91ff:fe17:52ad/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:530255 errors:0 dropped:0 overruns:0 frame:0
TX packets:808265 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:105062029 (105.0 MB)  TX bytes:790343199 (790.3 MB)
Interrupt:16 Base address:0xd000
lo        Link encap:Local Loopback
inet addr:127.0.0.1  Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING  MTU:16436  Metric:1
RX packets:707995 errors:0 dropped:0 overruns:0 frame:0
TX packets:707995 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:561299423 (561.2 MB)  TX bytes:561299423 (561.2 MB)

Jika anda menemukan trik lain saat menggunakan netstat silahkan berbagi di kotak komentar di bawah ini

Kata kunci artikel ini adalah :

cara penggunaan netstat,cara menggunakan netstat,cara pemakaian Netstat,perintah netstat pada linux,cara kerja netstat,netstat on linux,netstat pada linux,netstat time_wait,perintah nestat-in pada jaringan linux,Bagaimana melihat port listening UDP di ubuntu.

Tags: , , ,

One Response to “Cara Menggunakan Netstat pada Linux”

  1. avatar Abdul Hakim mengatakan:
    17 Oktober 2010 pukul 17.19

    pusing gan, ga ngerti masalah linux….. :hammer

Leave a Reply

[+] kaskus emoticons nartzco