How to check the established connections on your Linux host

Recently, I came across an interesting topic on LinkedIn. The author suggested a Python script which helps you find the established TCP connections between your local host and the remote hosts, including the geo-location information of the remote IP addresses. You can read it here.

In this post, I would like to show you how to check the established connections on your Linux machine.

Check if netstat command is installed on your Ubuntu machine

In order to verify which connections are established on your local machine, you can use the netstat command.

netstat
netstat missing
netstat missing

As you can see from the above output, the netstat command is missing on my Ubuntu machine. In order to install it, I need to run the suggested command.

sudo apt install net-tools
Install netstat
Install netstat

Check for TCP established connections

In order to find the TCP established connections, you can run a similar command:

netstat -na | grep -i established | head
Check for TCP established connections
Check for TCP established connections

As you can see, I have a couple of established TCP connections. I limited the output to 10 lines with the head command. If you want to see all the established connections, remove the | head from the command.

If you want to check how many connections are established, run the below command.

netstat -na | grep -i established | wc -l
Find the number of established TCP connections
Find the number of established TCP connections

Check for UDP established connections

You can use the same command to find the UDP established connections.

netstat -nu | grep -i established
Check UDP established connections
Check UDP established connections

Check for opened ports on your local machine

If you want to find which ports are opened on your machine, you can use a command similar to the below one. This time, I am checking both TCP and UDP ports.

netstat -ntul
Check for opened ports on your machine
Check for opened ports on your machine

If you want to identify which service has opened the port and which service is listening for incoming connections, you can add -p option. This way you will find the process ID for opened ports.

sudo netstat -ntulp | grep -i listen
Check for process id and opened ports on your machine
Check for process id and opened ports on your machine

Netstat is a versatile command. For more information about it, please check its man page.

man netstat

Unfortunately, netstat is not installed by default on most Linux systems and you need to install it.

Check for established connections with the ss command

Fortunately, there is another command present on most Linux distributions, which is installed by default and with which we can achieve approximately the same results as with netstat.

ss -t | grep -i estab
Check for established TCP connections
Check for established TCP connections

In the above output, you can also spot the difference between running the command with -n and without -n option.

If you are looking for UDP connections, run this command:

ss -nu
Check for UDP connections
Check for UDP connections

To understand which services have opened ports and are listening for incoming connections (established connections), you can run a command similar to this one:

sudo ss  -tupan | head
Check for process id and opened ports on your machine
Check for process id and opened ports on your machine

Use the Python script for checking the established connections

If you also want to find the geo-location information of the remote IP addresses with which your machine established the connections, you can download the Python script and run it.

The script generates a nice table with all the established connections. You can find the script here: https://github.com/lambinh/BL-useful-scripts-to-share/blob/main/check_tcp_established.py.

First, create a text file and copy the content from the above github page.

Create a text file and copy the content of the script in the local file
Create a text file and copy the content of the script in the local file

You can now run the script. Use a command similar to this one:

python3 check_tcp_established.py
Run the script

When you run the script for the first time, you can encounter a similar error. In order to address it, we need to install a module which is missing from our machine.

Run the below command:

sudo apt install python3-pip -y --fix-missing || pip3 install PrettyTable

Confirm that pip was installed successfully on your machine.

pip | head
Confirm that pip was installed successfully
Confirm that pip was installed successfully

Finally, you can run the Python script.

python3 check_tcp_established.py
Run the Python script
Run the Python script

I hope you find this post useful. If you want to improve the script or want to thank its creator, you can go here.

Processing…
Success! You're on the list.

Leave a Reply