Linux provides a lot of tools for network management and visibility. netstat
is another popular and useful tool used by a lot of systems and network administrators. In this tutorial, we will look at usage examples of netstat.
Syntax
We will use the following syntax for the netstat
command.
netstat [address_family_options] [options]

List All Connections
A typical Linux system will have a lot of different connections. These connection types can be Unix Sockets, IPX Sockets, IPv4, IPv6, etc. All connections about these can be listed with -a
parameter.
$ netstat -a

List Only TCP Connections
While listing connection only TCP connections may be needed. Only TCP connections can be listed with -t
parameter. All listening and established TCP connections will be listed here. Keep in mind this will list IPv6 too.
$ netstat -at

List Only UDP Connections
Another useful feature is listing only UDP connections. Keep in mind this will list IPv6 too.
$ netstat -au

List Both TCP and UDP Connections
TCP and UDP connections and ports can be listed in a single shot. Just provide both UDP and TCP parameters previously examined like below.
$ netstat -a -t -u

List Only Listening Ports
While listing all connections and ports will be listed by default. There is -l
option which will list all LISTEN
interfaces which means the port is listening for new connections.
$ netstat -l

You may notice that TCP protocol ports provide state as LISTEN
but UDP ports do not have any state information. Because UDP is a connectionless protocol.
List Only Unix Sockets/Ports
Netstat has the ability to list operating system level Unix or Linux sockets those used locally by applications. While listing Unix sockets information like Reference count, flags, type, state, i-node provided.
$ netstat -x

Print Ports Numerically
While printing information about the ports and protocols by default text presentation is printed. For example to list an ssh protocol ssh
is used not 22
. This can be changed with --numeric-ports
option.
$ netstat -l --numeric-ports

Disable DNS Lookup
While listing existing connections the DNS names will be printed to screen. To get DNS information about IP addresses the DNS resolution must be made. This can be a time-wasting operation if we do not need them. Or we need only the IP address.
$ netstat -n -a

Get Listening Process Owner User Id
All listening ports have some process-related. These processes will open the port for listening or connecting. These processes have associated users. This user information can get with -e
. This feature requires root privileges. So we will provide sudo
or run this command as directly root user. There is also inode information available.
$ sudo netstat -l -e

Get Listening Process Id
As we have listed in the previous example the user-id also process id can be listed. The parameter used for this operation is -p
and this feature needs root privileges too.
$ sudo netstat -l -p

Print Network Statistics
Linux network stack has support for different types of protocols. While using these protocols a lot of traffic is generated. This traffic information and statistics can be listed with -s
parameter. This will print all statistics like TCP, UDP, ICMP
$ netstat -s

Print Statistics of TCP
Only statistics about TCP protocol stack can be listed by providing the TCP filter parameter.
$ netstat -s -t

Print Statistics of UDP
Only statistics about TCP protocol stack can be listed by providing the TCP filter parameter.
$ netstat -s -u

Print Route Table
The routing table can be printing different tools. Netstat also provides routing table information too.
$ netstat -r

Print Network Interfaces
For information purposes, network interfaces can be printed like below. There will be information about MTU, RX, TX Errors
$ netstat -i

Print Stats Continuously
Normally running command will generate output and send it to the terminal only once. If we need to send output of the same command continuously we should provide -c
parameter.
$ netstat -t -c

Print Active TCP Connections
There is a lot of information while printing. This information can overwhelm us when we need only active connections which is already established. This can be done with the help of grep
command.
$ netstat -a | grep 'EST\|TIM'
