TCP monitoring on a server: comparing netstat vs lsof?

unix linux netstat tcp lsof

Solution 1:

I prefer lsof because it's output is consistent across all platforms on which it runs. You can pretty much get the same info from both programs, though. I think it comes down to personal preference.

Solution 2:

My first implication would be to use netstat -ptan which will give you all the information you are looking for. Probably pipe to sort and uniq. The following should give you a good number of socket status'.

netstat -ptan | awk '{print $6 " " $7 }' | sort | uniq -c

Solution 3:

Check out dstat and run with:

% sudo dstat --tcp

Even better, if you want to analyze the output, you can have it write to CSV with --output.

Related

Are Amazon EC2 Private IPs reachable from any instance running in EC2?
How does my DHCP server know my machine's hostname when I didn't define one in dhclient.conf?
Can't remotely connect through SQL Server Management Studio
Is there a difference between a self-signed certificate and one signed by your own CA?
SSH back to the local machine from a remote SSH session
Ubuntu dpkg, non interactive installation
Can Samba support full Windows-ACLs?
virsh console and tty size
How can I make WSUS less invasive for our users?
Performance Tuning a High-Load Apache Server
In chef, how do I access attributes within role files?
How are IP-based rules (eg, bans/filters) affected once IPv6 becomes the standard?