I hadn’t heard about nstat before, glad I have now. The author also added some notes regarding the ss tool, which is also really useful.
All in all this post is a well-written must-read, for anyone who wants to learn about networking analysis with simple yet powerful CLIs.
I became used to using lsof when I want to see which services are listening for connections on which IPs:
lsof -wnP -iTCP -sTCP:LISTEN
Or which have open UDP sockets:
lsof -wnP -iUDP
(I use -w here to prevent it from spitting out warnings about e.g. missing UIDs, those warnings happen when using (LXC) containers.)
These commands are useful applications of lsof, especially for checking out if anything is listening on the wildcard address on multihomed hosts. My rule of thumb: if you are careful about binding your services only to the IPs they need to listen on, a firewall can quickly become unnecessary for blocking these services on the other IPs. Not letting things listen on the wildcard is a best practice in my book. Even more so with IPv6, because wildcard binding includes the link-local fe80:: addresses. (I’m eyeballing you, NFS, for not supporting anything else!)
But, all that being said, the man page for lsof is so dense that I find it too difficult to learn how to use it better. So, I’m happy to read about nstat; can’t wait to try it out.
I hadn’t heard about
nstatbefore, glad I have now. The author also added some notes regarding thesstool, which is also really useful.All in all this post is a well-written must-read, for anyone who wants to learn about networking analysis with simple yet powerful CLIs.
I became used to using
lsofwhen I want to see which services are listening for connections on which IPs:lsof -wnP -iTCP -sTCP:LISTENOr which have open UDP sockets:
lsof -wnP -iUDP(I use
-where to prevent it from spitting out warnings about e.g. missing UIDs, those warnings happen when using (LXC) containers.)These commands are useful applications of
lsof, especially for checking out if anything is listening on the wildcard address on multihomed hosts. My rule of thumb: if you are careful about binding your services only to the IPs they need to listen on, a firewall can quickly become unnecessary for blocking these services on the other IPs. Not letting things listen on the wildcard is a best practice in my book. Even more so with IPv6, because wildcard binding includes the link-local fe80:: addresses. (I’m eyeballing you, NFS, for not supporting anything else!)But, all that being said, the man page for
lsofis so dense that I find it too difficult to learn how to use it better. So, I’m happy to read aboutnstat; can’t wait to try it out.