Monitor Network Services on CentOS

Provides a tutorial example on how to use different tools, netstat (Network Status), lsof (List of Open Files), ss (Socket Statistics), to monitor network services on CentOS systems.

With network firewall configured, the next task is to monitor network services. Here are the tools you can use on CentOS 8 systems:

1. /etc/services - Network service list file which contains service names and their default IP ports.

herong$ sudo cat /etc/services | more

# Network services, Internet style
# IANA services version: last updated 2016-07-08
# The Well Known Ports are those from 0 through 1023.
# The Registered Ports are those from 1024 through 49151
# The Dynamic and/or Private Ports are those from 49152 through 65535

tcpmux          1/tcp                           # TCP port service multiplexer
tcpmux          1/udp                           # TCP port service multiplexer
rje             5/tcp                           # Remote Job Entry
rje             5/udp                           # Remote Job Entry
echo            7/tcp
echo            7/udp
discard         9/tcp           sink null
discard         9/udp           sink null
systat          11/tcp          users
systat          11/udp          users
daytime         13/tcp
daytime         13/udp
qotd            17/tcp          quote
qotd            17/udp          quote
chargen         19/tcp          ttytst source
chargen         19/udp          ttytst source
ftp-data        20/tcp
ftp-data        20/udp
ftp             21/tcp
ftp             21/udp          fsp fspd
ssh             22/tcp                          # The Secure Shell (SSH) Protocol
ssh             22/udp                          # The Secure Shell (SSH) Protocol
telnet          23/tcp
telnet          23/udp
...

2. List currently active Internet connections with the "netstat (Network Status)" command:

herong$ netstat -atu

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:sunrpc          0.0.0.0:*               LISTEN
tcp        0      0 localhost.locald:domain 0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN
tcp        0      0 localhost:ipp           0.0.0.0:*               LISTEN
tcp        0    208 localhost.localdoma:ssh 192.168.1.11:49256      ESTABLISHED
tcp        0      0 localhost.localdoma:ssh 192.168.1.11:49600      ESTABLISHED
tcp6       0      0 [::]:sunrpc             [::]:*                  LISTEN
tcp6       0      0 [::]:http               [::]:*                  LISTEN
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN
tcp6       0      0 localhost:ipp           [::]:*                  LISTEN
tcp6       0      0 [::]:mysqlx             [::]:*                  LISTEN
tcp6       0      0 [::]:mysql              [::]:*                  LISTEN
udp        0      0 localhost.locald:domain 0.0.0.0:*
udp        0      0 0.0.0.0:bootps          0.0.0.0:*
udp        0      0 localhost.locald:bootpc 0.0.0.0:*
udp        0      0 0.0.0.0:sunrpc          0.0.0.0:*
udp        0      0 0.0.0.0:37044           0.0.0.0:*
udp        0      0 localhost:323           0.0.0.0:*
udp        0      0 0.0.0.0:mdns            0.0.0.0:*
udp6       0      0 [::]:sunrpc             [::]:*
udp6       0      0 localhost:323           [::]:*
udp6       0      0 [::]:45574              [::]:*
udp6       0      0 [::]:mdns               [::]:*

3. List Of Open Files (lsof) related to IP connections with the "lsof" command:

herong$ sudo lsof -i

COMMAND     PID    USER   FD   TYPE  DEVICE NODE NAME
systemd       1    root  436u  IPv4   16254  TCP *:sunrpc (LISTEN)
systemd       1    root  437u  IPv4   16255  UDP *:sunrpc
systemd       1    root  438u  IPv6   16256  TCP *:sunrpc (LISTEN)
systemd       1    root  439u  IPv6   16257  UDP *:sunrpc
rpcbind    1206     rpc    4u  IPv4   16254  TCP *:sunrpc (LISTEN)
rpcbind    1206     rpc    5u  IPv4   16255  UDP *:sunrpc
rpcbind    1206     rpc    6u  IPv6   16256  TCP *:sunrpc (LISTEN)
rpcbind    1206     rpc    7u  IPv6   16257  UDP *:sunrpc
avahi-dae  1248   avahi   12u  IPv4   29292  UDP *:mdns
avahi-dae  1248   avahi   13u  IPv6   29293  UDP *:mdns
avahi-dae  1248   avahi   14u  IPv4   29294  UDP *:37044
avahi-dae  1248   avahi   15u  IPv6   29295  UDP *:45574
chronyd    1251  chrony    5u  IPv4   26492  UDP localhost:323
chronyd    1251  chrony    6u  IPv6   26493  UDP localhost:323
NetworkMa  1451    root   22u  IPv4  994410  UDP localhost.localdomain:bootpc
sshd       1483    root    5u  IPv4   32847  TCP *:ssh (LISTEN)
sshd       1483    root    7u  IPv6   32849  TCP *:ssh (LISTEN)
dnsmasq    2174 dnsmasq    3u  IPv4   34607  UDP *:bootps
dnsmasq    2174 dnsmasq    5u  IPv4   34610  UDP localhost.localdomain:domain
dnsmasq    2174 dnsmasq    6u  IPv4   34611  TCP localhost.localdomain:domain (LISTEN)
sshd       2941    root    5u  IPv4 1007861  TCP localhost.localdomain:ssh
                                                 ->192.168.1.11:49600 (ESTABLISHED)
sshd       2945  herong    5u  IPv4 1007861  TCP localhost.localdomain:ssh
                                                 ->192.168.1.11:49600 (ESTABLISHED)
mysqld     3392   mysql   32u  IPv6  557420  TCP *:mysql (LISTEN)
mysqld     3392   mysql   34u  IPv6  556565  TCP *:mysqlx (LISTEN)
cupsd      6882    root    9u  IPv6   59565  TCP localhost:ipp (LISTEN)
cupsd      6882    root   10u  IPv4   59566  TCP localhost:ipp (LISTEN)
httpd     14246  apache    4u  IPv6  291420  TCP *:http (LISTEN)
httpd     14247  apache    4u  IPv6  291420  TCP *:http (LISTEN)
httpd     14248  apache    4u  IPv6  291420  TCP *:http (LISTEN)
httpd     19007    root    4u  IPv6  291420  TCP *:http (LISTEN)

4. Dump socket statistics with the "ss" command:

herong$ sudo ss -lntu

Netid State  Recv-Q Send-Q     Local Address:Port  Peer Address:Port
udp   UNCONN 0      0          192.168.122.1:53         0.0.0.0:*
udp   UNCONN 0      0         0.0.0.0%virbr0:67         0.0.0.0:*
udp   UNCONN 0      0     192.168.1.100%eno1:68         0.0.0.0:*
udp   UNCONN 0      0                0.0.0.0:111        0.0.0.0:*
udp   UNCONN 0      0                0.0.0.0:37044      0.0.0.0:*
udp   UNCONN 0      0              127.0.0.1:323        0.0.0.0:*
udp   UNCONN 0      0                0.0.0.0:5353       0.0.0.0:*
udp   UNCONN 0      0                   [::]:111         [::]:*
udp   UNCONN 0      0                  [::1]:323         [::]:*
udp   UNCONN 0      0                   [::]:45574       [::]:*
udp   UNCONN 0      0                   [::]:5353        [::]:*
tcp   LISTEN 0      128              0.0.0.0:111        0.0.0.0:*
tcp   LISTEN 0      32         192.168.122.1:53         0.0.0.0:*
tcp   LISTEN 0      128              0.0.0.0:22         0.0.0.0:*
tcp   LISTEN 0      5              127.0.0.1:631        0.0.0.0:*
tcp   LISTEN 0      128                 [::]:111         [::]:*
tcp   LISTEN 0      128                    *:80             *:*
tcp   LISTEN 0      128                 [::]:22          [::]:*
tcp   LISTEN 0      5                  [::1]:631         [::]:*
tcp   LISTEN 0      70                     *:33060          *:*
tcp   LISTEN 0      128                    *:3306           *:*

Table of Contents

 About This Book

 Introduction to Linux Systems

 Cockpit - Web Portal for Administrator

 Process Management

 Files and Directories

 Users and Groups

 File Systems

 Block Devices and Partitions

 LVM (Logical Volume Manager)

 Installing CentOS

 SELinux - Security-Enhanced Linux

Network Connection on CentOS

 Setup Ethernet Connection on CentOS

 Network Firewall Tools on CentOS

 "firewalld" and "firewall-cmd" on CentOS

 Manage Multiple Firewall Zones

 "nftables" and "nft" on CentOS

 "iptables" Command on CentOS

 "nmap" - Network Mapper on CentOS

Monitor Network Services on CentOS

 Software Package Manager on CentOS - DNF and YUM

 Running Apache Web Server (httpd) on Linux Systems

 Running PHP Scripts on Linux Systems

 Running MySQL Database Server on Linux Systems

 Running Python Scripts on Linux Systems

 vsftpd - Very Secure FTP Daemon

 Postfix - Mail Transport Agent (MTA)

 Dovecot - IMAP and POP3 Server

 Email Client Tools - Mail User Agents (MUA)

 LDAP (Lightweight Directory Access Protocol)

 GCC - C/C++ Compiler

 Conda - Environment and Package Manager

 Tools and Utilities

 Administrative Tasks

 References

 Full Version in PDF/EPUB