Lesson 82: netstat Command
In this lesson, you'll learn how to use the netstat command to monitor network connections, routing tables, and interface statistics in Linux.
netstat (network statistics) is a command-line tool for monitoring network connections, both incoming and outgoing, as well as viewing routing tables, interface statistics, etc.
It is available on all Unix-like operating systems and also available on Windows OS as well. It is very useful in terms of network troubleshooting and performance measurement.
It is one of the most basic network service debugging tools, telling you what ports are open and whether any programs are listening on ports.
netstat command is replaced by a new ss command, which is capable of displaying more information about network connections, and it is much faster than the older netstat command.Let's understand the usages of the netstat command with their examples, which may be useful in daily operations.
netstat Command Syntax
# netstat [OPTIONS]
netstat Command Options
| Option | Description |
|---|---|
-a |
List all listening and non-listening ports (TCP and UDP) |
-at |
List all TCP port connections |
-au |
List all UDP port connections |
-l |
List all active listening connections |
-lt |
List all listening TCP ports |
-lu |
List all listening UDP ports |
-lx |
List all listening UNIX ports |
-s |
Show statistics by protocol |
-st |
Show statistics for TCP protocol only |
-su |
Show statistics for UDP protocol only |
-tp |
Display service names with their PID number |
-ac N |
Refresh the output every N seconds |
-r |
Display the Kernel IP routing table |
-i |
Show network interface packet transactions |
-ie |
Show the Kernel interface table (similar to ifconfig) |
-g |
Display multicast group membership for IPv4 and IPv6 |
-c |
Print netstat information continuously |
--verbose |
Find unconfigured address families |
1. List All LISTENING Ports of TCP and UDP
Listing all ports (both TCP and UDP) using the netstat -a option.
# netstat -a | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 52 192.168.0.2:ssh 192.168.0.1:egs ESTABLISHED
tcp 1 0 192.168.0.2:59292 www.gov.com:http CLOSE_WAIT
tcp 0 0 localhost:smtp *:* LISTEN
tcp 0 0 *:59482 *:* LISTEN
udp 0 0 *:35036 *:*
udp 0 0 *:npmp-local *:*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 16972 /tmp/orbit-root/linc-76b-0-6fa08790553d6
unix 2 [ ACC ] STREAM LISTENING 17149 /tmp/orbit-root/linc-794-0-7058d584166d2
unix 2 [ ACC ] STREAM LISTENING 17161 /tmp/orbit-root/linc-792-0-546fe905321cc
unix 2 [ ACC ] STREAM LISTENING 15938 /tmp/orbit-root/linc-74b-0-415135cb6aeab
2. List TCP Port Connections
Listing only TCP (Transmission Control Protocol) port connections using the netstat -at command.
# netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost:ipp *:* LISTEN
tcp 0 0 localhost:smtp *:* LISTEN
tcp 0 52 192.168.0.2:ssh 192.168.0.1:egs ESTABLISHED
tcp 1 0 192.168.0.2:59292 www.gov.com:http CLOSE_WAIT