Recently, I came across an interesting topic on LinkedIn. The author suggested a Python script which helps you find the established TCP connections between your local host and the remote hosts, including the geo-location information of the remote IP addresses. You can read it here.
In this post, I would like to show you how to check the established connections on your Linux machine.
Table of Contents
Check if netstat command is installed on your Ubuntu machine
In order to verify which connections are established on your local machine, you can use the netstat command.
As you can see from the above output, the netstat command is missing on my Ubuntu machine. In order to install it, I need to run the suggested command.
sudo apt install net-tools
Check for TCP established connections
In order to find the TCP established connections, you can run a similar command:
netstat -na | grep -i established | head
As you can see, I have a couple of established TCP connections. I limited the output to 10 lines with the head command. If you want to see all the established connections, remove the | head from the command.
If you want to check how many connections are established, run the below command.
netstat -na | grep -i established | wc -l
Check for UDP established connections
You can use the same command to find the UDP established connections.
netstat -nu | grep -i established
Check for opened ports on your local machine
If you want to find which ports are opened on your machine, you can use a command similar to the below one. This time, I am checking both TCP and UDP ports.
If you want to identify which service has opened the port and which service is listening for incoming connections, you can add -p option. This way you will find the process ID for opened ports.
sudo netstat -ntulp | grep -i listen
Netstat is a versatile command. For more information about it, please check its man page.
Unfortunately, netstat is not installed by default on most Linux systems and you need to install it.
Check for established connections with the ss command
Fortunately, there is another command present on most Linux distributions, which is installed by default and with which we can achieve approximately the same results as with netstat.
ss -t | grep -i estab
In the above output, you can also spot the difference between running the command with -n and without -n option.
If you are looking for UDP connections, run this command:
To understand which services have opened ports and are listening for incoming connections (established connections), you can run a command similar to this one:
sudo ss -tupan | head
Use the Python script for checking the established connections
If you also want to find the geo-location information of the remote IP addresses with which your machine established the connections, you can download the Python script and run it.
The script generates a nice table with all the established connections. You can find the script here: https://github.com/lambinh/BL-useful-scripts-to-share/blob/main/check_tcp_established.py.
First, create a text file and copy the content from the above github page.
You can now run the script. Use a command similar to this one:
When you run the script for the first time, you can encounter a similar error. In order to address it, we need to install a module which is missing from our machine.
Run the below command:
sudo apt install python3-pip -y --fix-missing || pip3 install PrettyTable
Confirm that pip was installed successfully on your machine.
pip | head
Finally, you can run the Python script.
I hope you find this post useful. If you want to improve the script or want to thank its creator, you can go here.