Logo

The netstat Command in Linux Explained With 17 Examples

Try this guide with our instant dedicated server for as low as 40 Euros

netstat command in linux

Internet connectivity is critical to the operations of Linux servers, especially those hosting business or user-facing applications. 

Linus offers several utilities to monitor and examine network and Internet connectivity so that admins and users can pick the best fit for their specific requirements. 

netstat (Network Statistics) is a popular utility that admins use to examine and verify several aspects of your computer’s internet connection. It can provide information about the incoming connections, the communication channels in use, and even technical specifics like the quantity of data packets being delivered and received. 

In this tutorial, we will start with an overview of the netstat utility and then illustrate with examples that show the capabilities of the utility in practical scenarios. 

Table Of Contents

  1. An Overview of the netstat Command
  2. Examples of Using netstat for Network and Traffic Analysis
    1. Prerequisites
    2. Example #1: List Every Port and Connection
    3. Example #2: List Every TCP Port
    4. Example #3: List Every UDP Port
    5. Example #4: List Only the Listening Ports
    6. Example #5: Show Statistics For Each Protocol
    7. Example #6: List Transactions using Network Interfaces
    8. Example #7: Display the Extended Kernel Interface Table
    9. Example #8: Show Masqueraded Connections
    10. Example #9: Display PID/Application Mapped to Connections
    11. Example #10: List all Listening Programs
    12. Example #11: Display Kernel IP Routing Table
    13. Example #12: Show Membership in IPv4 and IPv6 Groups
    14. Example #13: Print the netstat Information Regularly
    15. Example #14: List Critical Details
    16. Example #15: Show User IDs, Port Numbers, Host Addresses, and Numerical Addresses
    17. Example #16: Locate a Process Using a Specific Port
    18. Example #17: List Every Option for Netstat
  3. Conclusion
  4. FAQs

An Overview of the netstat Command

Initially introduced in 1983, netstat has been a popular choice for monitoring network traffic and connectivity. It is mainly used without any parameters in the following format:

# netstat

netstat

The output’s first list shows the computer’s active, established internet connections. The columns include the following information:

  • Proto – The connection’s protocol (TCP or UDP).
  • Recv-Q – Presents the queue of received or pending bytes.
  • Send-Q – Presents the ready-to-be-sent bytes in a queue.
  • Local address – Details on the local connection’s port and address. If a port hasn’t been set yet, an asterisk (*) in the host indicates that the server is listening.
  • Foreign address—the port and address data for the connection’s remote server end. If a port is not yet established, you will see an asterisk (*).
  • State – The local socket’s state, which is often blank, closed, listening, or established.

In addition, you can see a second list of the currently open sockets. This list provides the following information about the sockets:

  • Proto – The socket’s protocol, which is always unix.
  • RefCnt – The number of processes connected to this socket.
  • Flags – Blank or ACC are typical values.
  • Type – The socket type.
  • State – The socket’s state can be blank, LISTENING, CONNECTED, or other.
  • I-Node – This socket’s file system inode is the index node.
  • Path – Systems path to the socket.

Examples of Using netstat for Network and Traffic Analysis

Now that you have a good idea of the fundamentals, let’s see the utility in action. But before that, let’s take a quick look at the prerequisites.

Prerequisites

  • You have a system running a mainstream Linux distribution.
  • A user account with root or sudo privileges.

Example #1: List Every Port and Connection

A common use case of the netstat command is to get a list of all ports and connections, separated by their protocol or state. For this, use the following command:

# netstat -a

netstat -a

The output shows the open or listening servers, along with the current connections.

Example #2: List Every TCP Port

You can list only the TCP ports with the following command:

# netstat -at

netstat -at

Example #3: List Every UDP Port

Alternatively, you can list every UDP port on the system with the following command:

# netstat -au

netstat -au

Example #4: List Only the Listening Ports

Use the following command to get a list of all protocols’ listening ports:

# netstat -l

netstat -l

Next, we will see how you can drill down to the listening ports mapped to specific protocols. 

List TCP Listening Ports

You can list all system ports mapped to the TCP protocol with this command: 

# netstat -lt

netstat -lt

List UDP Listening Ports

Similarly, you can list only the UDP ports that are listening for incoming connections by running the following command in the terminal:

# netstat -lu

netstat -lu

List the UNIX Listening Ports

Use the following command to get a list of UNIX listening ports:

# netstat -lx

netstat -lx

Example #5: Show Statistics For Each Protocol

You can format the output to show ports mapped to a specific protocol. This allows you to quickly view all the ports for a protocol. 

# netstat -s

netstat -s

You can further filter down this data for specific protocols.

List Statistics for TCP Ports

You can list only the TCP port statistics with the following command:

# netstat -st

netstat -st

List UDP Port Statistics

Use the following command to display statistics for UDP ports:

# netstat -su

netstat -su

Example #6: List Transactions using Network Interfaces

Use the following command to view MTU transactions in the kernel interface table, including packet transfers and receipts:

netstat -i

netstat -i

Example #7: Display the Extended Kernel Interface Table

You can list more details about the kernel interface table’s details by adding the -e option to the netstat -i command. The command, in this case, would be as follows:

# netstat -ie

netstat -ie

Example #8: Show Masqueraded Connections

You can see the masquerade connections on your system by running the following command in the terminal: 

# netstat -M

Example #9: Display PID/Application Mapped to Connections

You can see the process (process ID, to be precise) or the application connected to connections. This information can help you understand which application or process is using a specific connection. 

We recommend the -p option for the netstat command to add this information to the output. For instance, the following command shows the PID and applications connected to the TCP connections:

# netstat -tp

netstat -tp

Example #10: List all Listening Programs

You can list all applications that are currently listening for incoming requests with the following command:

# netstat -lp

netstat -lp

Example #11: Display Kernel IP Routing Table

The system uses the kernel IP routing table as an important factor in the packet forwarding process. You can list down the details in this table with the following command:

# netstat -r

netstat -r

Example #12: Show Membership in IPv4 and IPv6 Groups

The following command shows the IPv6/IPv4 group membership:

# netstat -g

netstat -g

Example #13: Print the netstat Information Regularly

You can print the netstat data every second by adding the -c option to the command. The syntax in this case would be as follows:

# netstat -c

netstat -c

You can further combine other options to print other relevant information. For instance, the following simple command prints the kernel interface table continually.

# netstat -ic

netstat -ic

Example #14: List Critical Details 

You can list more information by running the following command in the terminal:

# netstat --verbose

netstat --verbose

Example #15: Show User IDs, Port Numbers, Host Addresses, and Numerical Addresses

When possible, the utility converts addresses, port numbers, and user IDs into human-readable names by default. We will now discuss several scenarios where you can use the netstat utility to print specific information.

Display addresses in numbers using:

# netstat -n

Run the following command to display host addresses as numbers:

# netstat --numeric-hosts

Run the following command to display ports as numbers:

# netstat --numeric-ports

You can use the following command to see user IDs as numbers:

# netstat --numeric-users

Example #16: Locate a Process Using a Specific Port

We recommend using the grep utility to filter the data presented by netstat. For instance, run the following command syntax to locate a process using a specific port number:

# netstat -an | grep ':[port number]'

For instance, consider the following command that extracts data about port 80:

# netstat -an | grep ':80'

Example #17: List Every Option for Netstat

netstat is a very versatile utility, mainly because it supports a huge range of options. We recommend the following command to list all supported commands: 

# netstat -h

netstat -h

Also Read: lsof Command in Linux with Examples

Conclusion

The Linux netstat command is an effective tool for network monitoring and troubleshooting, providing a large range of options and commands to collect comprehensive data about interface statistics, routing tables, network connections, and other topics. 

Users can get insights into the network activity of their system, diagnose connectivity problems, spot potential security risks, and improve network performance. Linux administrators can ensure seamless and successful system operation and effective network infrastructure management by becoming proficient with the Netstat tool.

Experience the power of seamless hosting with RedSwitches, your dedicated hosting provider globally. We empower your online presence with unparalleled reliability, security, and performance. If you’re looking for a robust server for your Linux projects, we offer the best dedicated server pricing and deliver instant dedicated servers, usually on the same day the order gets approved. Whether you need a dedicated servers, a traffic-friendly 10Gbps dedicated server, or a powerful bare metal server, we are your trusted hosting partner.

FAQs

Q. What is the Netstat command used for in Linux?

The Netstat command displays network-related information in Linux, such as active network connections, routing tables, interface statistics, and more.

Q. How do I display all active network connections using Netstat?

The command netstat—tuln displays all active TCP and UDP network connections, along with their associated port numbers and states.

Q. Can Netstat show listening ports on my Linux system?

Yes, you can use the command netstat -tuln to show all listening ports on your Linux system.

Q. How do I filter Netstat output to display TCP connections only?

You can use the command netstat -at to display TCP connections only.

Q. Is it possible to view UDP connections with Netstat?

Yes, you can use the command netstat -au to view UDP connections.

Q. How can I determine which process uses a specific port with Netstat?

You can use the command netstat -tulpn to display active TCP and UDP connections along with the process ID (PID) and program name.

Q. Can Netstat display the routing table information?

You can use the command netstat -r to display the routing table information.

Q. How do I continuously monitor network connections with Netstat?

You can use the command netstat -c to monitor network connections, continuously displaying updates every second.

Q. Can I use Netstat to detect network performance issues?

Yes, Netstat can help identify network performance issues by displaying network statistics such as packet counts, errors, and collisions.

Q. What are some advanced options and parameters available with the Netstat command?

Some advanced options include -s option for summary statistics, -p to show the PID and program name, and -i to display interface statistics.

Try this guide with our instant dedicated server for as low as 40 Euros