Linux provides a lot of tools for network management and visibility. netstat is another popular and useful tool used by a lot of system and network administrators. In this tutorial we will look usage examples of netstat.

Syntax

We will use following syntax for the netstat command.

List All Connections

A typical Linux system will have a lot of different connections. These connection types can be Unix Sockets, IPX Sockets, IPv4, IPv6 etc. All connections about these can be listed with -a parameter.

List Only TCP Connections

While listing connection only TCP connections may be needed. Only TCP connections can be listed with -t parameter. All listening and established TCP connections will be listed here. Keep in mind this will list IPv6 too.

List Only UDP Connections

Another useful feature is listing only UDP connections. Keep in mind this will list IPv6 too.

List Both TCP and UDP Connections

TCP and UDP connections and ports can be listed in a single shot. Just provide both UDP and TCP parameter previously examined like below.

List Only Listening Ports

While listing all connections and ports will be listed by default. There is -l option which will list all LISTEN interfaces which means port is listening for new connections.

You may notice that TCP protocol ports provide state as LISTEN but UDP ports do not have any state information. Because UDP is connectionless protocol.

List Only Unix Sockets/Ports

Netstat have the ability to list operating system level Unix or Linux sockets those used for locally by applications. While listing Unix sockets information like Reference count, flags, type, state, i-node provided.

Print Ports Numerically

While printing information about the ports and protocols by default text presentation is printed. For example to list an ssh protocol ssh is used not 22 . This can be changed with --numeric-ports option.

Disable DNS Lookup

While listing existing connections the DNS names will be printed to screen. To get DNS information about IP addresses the DNS resolution must be made. This can be time wasting operation if we do not need them. Or we need only IP address.

Get Listening Process Owner User Id

All listening ports have some process related. These process will open the port for listening or connecting. These process have associated users. These user information can be get with -e . This feature requires root privileges. So we will provide sudo or run this command as directly root user. There is also inode information available.

Get Listening Process Id

As we have listed previous example the user id also process id can be listed. The parameter used for this operation is -p and this feature needs root privileges too.

Print Network Statistics

Linux network stack have support for different type of protocols. While using these protocols a lot of traffic is generated. This traffic information and statistics can be listed with -s parameter. This will print all statistics like TCP, UDP, ICMP

Print Statistics of TCP

Only statistics about TCP protocol stack can be listed by providing TCP filter parameter.

Print Statistics of UDP

Only statistics about TCP protocol stack can be listed by providing TCP filter parameter.

Print Route Table

Routing table can be printing different tools. Netstat also provides routing table information too.

Print Network Interfaces

For information purposes network interfaces can be printed like below. There will be information about MTU, RX, TX Errors

Print Stats Continuously

Normally running command will generate output and send to the terminal only once. If we need to send output of same command continuously we should provide -c parameter.

Print Active TCP Connections

There is a lot of information while printing. This information can overwhelm us when we need only active connections which is already established. This can be done with the help of grep command.