Linux provides a lot of tools for network management and visibility. netstat is another popular and useful tool used by a lot of system and network administrators. In this tutorial we will look usage examples of netstat.
Syntax
1 | netstat [address_family_options] [options] |
List All Connections
A typical Linux system will have a lot of different connections. These connection types can be Unix Sockets, IPX Sockets, IPv4, IPv6 etc. All connections about these can be listed with -a parameter.
1 | $ netstat -a |
List Only TCP Connections
While listing connection only TCP connections may be needed. Only TCP connections can be listed with -t parameter. All listening and established TCP connections will be listed here. Keep in mind this will list IPv6 too.
1 | $ netstat -at |
List Only UDP Connections
Another useful feature is listing only UDP connections. Keep in mind this will list IPv6 too.
1 | $ netstat -au |
List Both TCP and UDP Connections
TCP and UDP connections and ports can be listed in a single shot. Just provide both UDP and TCP parameter previously examined like below.
1 | $ netstat -a -t -u |
List Only Listening Ports
While listing all connections and ports will be listed by default. There is -l option which will list all LISTEN interfaces which means port is listening for new connections.
1 | $ netstat -l |
You may notice that TCP protocol ports provide state as LISTEN but UDP ports do not have any state information. Because UDP is connectionless protocol.
List Only Unix Sockets/Ports
Netstat have the ability to list operating system level Unix or Linux sockets those used for locally by applications. While listing Unix sockets information like Reference count, flags, type, state, i-node provided.
1 | $ netstat -x |
Print Ports Numerically
While printing information about the ports and protocols by default text presentation is printed. For example to list an ssh protocol ssh is used not 22 . This can be changed with --numeric-ports option.
1 | $ netstat -l --numeric-ports |
Disable DNS Lookup
While listing existing connections the DNS names will be printed to screen. To get DNS information about IP addresses the DNS resolution must be made. This can be time wasting operation if we do not need them. Or we need only IP address.
1 | $ netstat -n -a |
Get Listening Process Owner User Id
All listening ports have some process related. These process will open the port for listening or connecting. These process have associated users. These user information can be get with -e . This feature requires root privileges. So we will provide sudo or run this command as directly root user. There is also inode information available.
1 | $ sudo netstat -l -e |
Get Listening Process Id
As we have listed previous example the user id also process id can be listed. The parameter used for this operation is -p and this feature needs root privileges too.
1 | $ sudo netstat -l -p |
Print Network Statistics
Linux network stack have support for different type of protocols. While using these protocols a lot of traffic is generated. This traffic information and statistics can be listed with -s parameter. This will print all statistics like TCP, UDP, ICMP
1 | $ netstat -s |
Print Statistics of TCP
Only statistics about TCP protocol stack can be listed by providing TCP filter parameter.
1 | $ netstat -s -t |
Print Statistics of UDP
Only statistics about TCP protocol stack can be listed by providing TCP filter parameter.
1 | $ netstat -s -u |
Print Route Table
Routing table can be printing different tools. Netstat also provides routing table information too.
1 | $ netstat -r |
Print Network Interfaces
For information purposes network interfaces can be printed like below. There will be information about MTU, RX, TX Errors
1 | $ netstat -i |
Print Stats Continuously
Normally running command will generate output and send to the terminal only once. If we need to send output of same command continuously we should provide -c parameter.
1 | $ netstat -t -c |
Print Active TCP Connections
There is a lot of information while printing. This information can overwhelm us when we need only active connections which is already established. This can be done with the help of grep command.
1 | $ netstat -a | grep 'EST\|TIM' |
