How to check if a network protocol is enabled in Linux

Introduction

In this lab, you will learn how to check if a network protocol is enabled and actively used in Linux. We will explore three different methods to achieve this.

First, you will use the netstat -s command to view detailed statistics for various network protocols like TCP, UDP, and ICMP, providing insights into their activity. Next, you will investigate the /proc/net directory, which exposes kernel network information, to verify the presence and status of protocols. Finally, you will utilize the ss -s command, a modern alternative to netstat, to inspect protocol usage and statistics. By the end of this lab, you will be equipped with practical skills to diagnose network protocol activity on your Linux system.

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL linux(("Linux")) -.-> linux/RemoteAccessandNetworkingGroup(["Remote Access and Networking"]) linux(("Linux")) -.-> linux/BasicFileOperationsGroup(["Basic File Operations"]) linux/BasicFileOperationsGroup -.-> linux/ls("Content Listing") linux/BasicFileOperationsGroup -.-> linux/cat("File Concatenating") linux/RemoteAccessandNetworkingGroup -.-> linux/netstat("Network Monitoring") subgraph Lab Skills linux/ls -.-> lab-558740{{"How to check if a network protocol is enabled in Linux"}} linux/cat -.-> lab-558740{{"How to check if a network protocol is enabled in Linux"}} linux/netstat -.-> lab-558740{{"How to check if a network protocol is enabled in Linux"}} end

Check protocol stats with netstat -s

In this step, we will explore how to check network protocol statistics using the netstat command. netstat is a command-line utility that displays network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.

The -s option with netstat shows per-protocol statistics. This can be very useful for understanding the network activity on your system and diagnosing potential network issues.

Open your terminal if it's not already open. You can do this by clicking the Xfce Terminal icon on the left side of your desktop.

Now, type the following command and press Enter:

netstat -s

You will see output similar to this (the exact numbers and protocols may vary depending on your system's activity):

Ip:
    Forwarding: 1
    ... (various IP statistics)
Icmp:
    ... (various ICMP statistics)
IcmpMsg:
    ... (various ICMP message statistics)
Tcp:
    Active connections openings: 123
    Passive connection openings: 45
    ... (various TCP statistics)
Udp:
    InDatagrams: 678
    OutDatagrams: 901
    ... (various UDP statistics)
UdpLite:
    ... (various UDPLite statistics)

This output provides a summary of statistics for various network protocols like IP, ICMP, TCP, and UDP. For example, under the Tcp: section, you can see the number of active and passive connection openings. Under Udp:, you can see the number of incoming and outgoing datagrams.

Understanding these statistics can help you identify if a particular protocol is experiencing high traffic or errors.

Take a moment to look through the output and see which protocols are listed and what kind of statistics are provided for each.

Click Continue to proceed to the next step.

Verify protocols in /proc/net

In the previous step, we used netstat -s to see protocol statistics. Now, let's look at where some of this information comes from in the Linux file system.

Linux provides a virtual file system called /proc that contains process information and system configuration details. Within /proc, the /proc/net directory holds information about the network stack.

We can use the ls command to list the contents of the /proc/net directory. Type the following command in your terminal and press Enter:

ls /proc/net

You will see a list of files and directories, which represent various network-related information. The output will look something like this:

arp         dev_mcast  ip_mr_vif  netlink  psched  tcp6   udp6
dev         if_inet6   ip_tables  netstat  rpc     udplite  unix
dev_snmp6   ip_mr_cache  ipv6_route  packet   route   udplite6

Many of these files contain detailed information about network protocols and connections. For example:

tcp: Contains information about active TCP connections.
udp: Contains information about active UDP connections.
netstat: Contains various network statistics, similar to what netstat -s displays.

Let's view the contents of the netstat file within /proc/net. We can use the cat command to display the content of a file.

Type the following command and press Enter:

cat /proc/net/netstat

The output will be a raw dump of network statistics. It might look a bit overwhelming at first, as it's not formatted for easy human reading like the netstat -s output.

TcpExt: SyncookiesSent SyncookiesRecv SyncookiesFailed EmbryonicRsts PruneCalled RcvPruned OfoPruned ...
IpExt: InNoRoutes InTruncatedPkts InEZHeadroomOutMcasts InBcastPktsOutBcastPkts InOctets OutOctets ...

This file contains the underlying data that tools like netstat -s process and format. Exploring files in /proc/net can be useful for advanced network troubleshooting and understanding the kernel's network state.

For now, just observing the presence and content of these files is sufficient to understand that network statistics are exposed through the /proc file system.

Click Continue to move on to the next step.

Inspect protocol usage with ss -s

In this step, we will use the ss command, which is a utility to investigate sockets. It is often considered a replacement for netstat as it can display more TCP and state information.

Similar to netstat, the ss command also has a -s option to display summary statistics for various socket types. This can give you a quick overview of the number of open connections and sockets for different protocols.

Open your terminal if it's not already open.

Type the following command and press Enter:

ss -s

You will see output that summarizes the number of sockets in different states and for different protocols. The output might look like this:

Total: 1234 (kernel 5678)
TCP:   90 (estab 50, closed 20, orphaned 5, synrecv 3, timewait 10, ...)
UDP:   15
RAW:   0
UNK:   0

TCP:
ESTAB      50
TIME-WAIT  10
... (other TCP states)

Let's break down the output:

Total: Shows the total number of sockets.
TCP: Provides a summary of TCP sockets, including the total number and counts for different states like estab (established), closed, timewait, etc.
UDP: Shows the total number of UDP sockets.
RAW: Shows the total number of raw sockets.
UNK: Shows the number of unknown socket types.

Below the summary lines, ss -s often provides a more detailed breakdown of TCP states.

Comparing the output of netstat -s and ss -s, you might notice that ss -s focuses more on socket states, which can be very helpful for diagnosing connection issues. For example, a large number of sockets in the TIME-WAIT state might indicate a problem with closing connections efficiently.

Using ss -s provides another perspective on network activity compared to netstat -s. Both commands are valuable tools for network monitoring and troubleshooting in Linux.

You have now learned how to use netstat -s, explore /proc/net, and use ss -s to inspect network protocol statistics. These are fundamental skills for understanding network activity on a Linux system.

Click Continue to complete this lab.

Summary

In this lab, we learned how to check if a network protocol is enabled in Linux by examining network statistics and system files. We started by using the netstat -s command to display per-protocol statistics for various network protocols like IP, ICMP, TCP, and UDP, which helps in understanding network activity and diagnosing issues. We then explored how to verify protocol information by inspecting files within the /proc/net directory, which provides a view into the kernel's network state. Finally, we utilized the ss -s command to inspect protocol usage, offering another way to view summarized statistics for different protocols. These methods provide valuable insights into the network protocols active on a Linux system.