Netstat is a command line utility that can be used to list out all the network (socket) connections on a system.

Let us review 10 practical unix netstat command examples.

1List All Ports (both listening and non listening ports)

List all ports using netstat -a
[root@yum ~]# netstat -a | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN     
tcp        0      0 localhost:smtp          0.0.0.0:*               LISTEN     
tcp        0      0 yum.c.kubernetes-:50122 metadata.google.in:http ESTABLISHED
tcp        0      0 yum.c.kubernetes-:50124 metadata.google.in:http ESTABLISHED
                            
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     14601    /var/run/NetworkManager/private-dhcp
unix  2      [ ]         DGRAM                    6738     /run/systemd/notify
List all tcp ports using netstat -at
[root@yum ~]# netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN     
tcp        0      0 localhost:smtp          0.0.0.0:*               LISTEN     
tcp        0      0 yum.c.kubernetes-:50128 metadata.google.in:http ESTABLISHED
tcp        0      0 yum.c.kubernetes-:50130 metadata.google.in:http ESTABLISHED
tcp        0      0 yum.c.kubernetes-:50124 metadata.google.in:http ESTABLISHED
List all udp ports using netstat -au
[root@yum ~]# netstat -au
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
udp        0      0 0.0.0.0:bootpc          0.0.0.0:*                          
udp        0      0 0.0.0.0:59548           0.0.0.0:*                          
udp        0      0 localhost:323           0.0.0.0:*                          
udp6       0      0 [::]:40312              [::]:*                             
udp6       0      0 localhost:323           [::]:*

2List Sockets which are in Listening State

List only listening ports using netstat -l
[root@yum ~]# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN     
tcp        0      0 localhost:smtp          0.0.0.0:*               LISTEN     
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN     
tcp6       0      0 localhost:smtp          [::]:*                  LISTEN
List only listening TCP Ports using netstat -lt
[root@yum ~]# netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN     
tcp        0      0 localhost:smtp          0.0.0.0:*               LISTEN     
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN     
tcp6       0      0 localhost:smtp          [::]:*                  LISTEN
List only listening UDP Ports using netstat -lu
[root@yum ~]# netstat -lu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
udp        0      0 0.0.0.0:bootpc          0.0.0.0:*                          
udp        0      0 0.0.0.0:59548           0.0.0.0:*                          
udp        0      0 localhost:323           0.0.0.0:*                          
udp6       0      0 [::]:40312              [::]:*                             
udp6       0      0 localhost:323           [::]:*
List only the listening UNIX Ports using netstat -lx
[root@yum ~]# netstat -lx
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     14601    /var/run/NetworkManager/private-dhcp
unix  2      [ ACC ]     STREAM     LISTENING     12639    /var/run/acpid.socket
unix  2      [ ACC ]     STREAM     LISTENING     16373    private/tlsmgr
unix  2      [ ACC ]     STREAM     LISTENING     16376    private/rewrite
unix  2      [ ACC ]     STREAM     LISTENING     16379    private/bounce
unix  2      [ ACC ]     STREAM     LISTENING     16415    private/discard
unix  2      [ ACC ]     STREAM     LISTENING     6758     /run/systemd/journal/stdout
unix  2      [ ACC ]     STREAM     LISTENING     16418    private/local
unix  2      [ ACC ]     STREAM     LISTENING     17901    /tmp/ssh-OJV7T4xGPg/agent.1315

3Show the statistics for each protocol

Show statistics for all ports using netstat -s
[root@yum ~]# netstat -s
Ip:
    12753 total packets received
    0 forwarded

Icmp:
    5 ICMP messages received
    1 input ICMP message failed.
    ICMP input histogram:
        destination unreachable: 2
Tcp:
    774 active connections openings
    5 passive connection openings
    2 failed connection attempts
    0 connection resets received
Udp:
    192 packets received
    0 packets to unknown port received.
    0 packet receive errors
Show statistics for TCP (or) UDP ports using netstat -st (or) -su
# netstat -st

# netstat -su

4Display PID and program names in netstat output using netstat -p

netstat -p option can be combined with any other netstat option. This will add the “PID/Program Name” to the netstat output. This is very useful while debugging to identify which program is running on a particular port.

[root@yum ~]# netstat -pt
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 yum.c.kubernetes-:50358 metadata.google.in:http ESTABLISHED 1139/python         
tcp        0      0 yum.c.kubernetes-:50360 metadata.google.in:http ESTABLISHED 1138/python         
tcp        0      0 yum.c.kubernetes-:50362 metadata.google.in:http ESTABLISHED 1136/python         
tcp        0      0 yum.c.kubernetes-:50356 metadata.google.in:http CLOSE_WAIT  1138/python         
tcp        0     64 yum.c.kubernetes-19:ssh 74.125.73.99:33114      ESTABLISHED 1312/sshd: mazhochi

5Don’t resolve host, port and user name in netstat output

When you don’t want the name of the host, port or user to be displayed, use netstat -n option. This will display in numbers, instead of resolving the host name, port name, user name.

This also speeds up the output, as netstat is not performing any look-up.

# netstat -an

If you don’t want only any one of those three items ( ports, or hosts, or users ) to be resolved, use following commands.

# netsat -a --numeric-ports

# netsat -a --numeric-hosts

# netsat -a --numeric-users

6Print netstat information continuously

netstat will print information continuously every few seconds.

[root@yum ~]# netstat -c
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 yum.c.kubernetes-19:ssh cst2-44-46.cust.v:23831 SYN_RECV   
tcp        0      0 yum.c.kubernetes-:50406 metadata.google.in:http ESTABLISHED
tcp        0      0 yum.c.kubernetes-:50410 metadata.google.in:http ESTABLISHED
tcp        0      0 yum.c.kubernetes-:50408 metadata.google.in:http ESTABLISHED
tcp        0      0 yum.c.kubernetes-:50402 metadata.google.in:http CLOSE_WAIT 
tcp        0     64 yum.c.kubernetes-19:ssh 74.125.73.99:33114      ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ]         DGRAM                    6738     /run/systemd/notify
unix  2      [ ]         DGRAM                    6740     /run/systemd/cgroups-agen

7Find the non supportive Address families in your system

netstat --verbose

At the end, you will have something like this.

	netstat: no support for `AF IPX' on this system.
	netstat: no support for `AF AX25' on this system.
	netstat: no support for `AF X25' on this system.
	netstat: no support for `AF NETROM' on this system.

8Display the kernel routing information using netstat -r

[root@yum ~]# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         gateway         0.0.0.0         UG        0 0          0 eth0
gateway         0.0.0.0         255.255.255.255 UH        0 0          0 eth0
yum.c.kubernete 0.0.0.0         255.255.255.255 UH        0 0          0 eth0
Note: Use netstat -rn to display routes in numeric format without resolving for host-names.

9Find out on which port a program is running

[root@yum ~]# netstat -ap | grep ssh
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN      1132/sshd           
tcp        0     64 yum.c.kubernetes-19:ssh 74.125.73.99:33114      ESTABLISHED 1312/sshd: emre
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      1132/sshd           
unix  2      [ ACC ]     STREAM     LISTENING     17901    1315/sshd: emre  /tmp/ssh-OJV7T4xGPg/agent.1315
unix  2      [ ]         DGRAM                    17885    1312/sshd: emre  
unix  3      [ ]         STREAM     CONNECTED     17888    1315/sshd: emre  
unix  3      [ ]         STREAM     CONNECTED     17889    1312/sshd: emre  
unix  3      [ ]         STREAM     CONNECTED     16721    1132/sshd

Find out which process is using a particular port:

# netstat -an | grep ':80'

10Show the list of network interfaces

[root@yum ~]# netstat -i
Kernel Interface table
Iface      MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0      1460    14179      0      0 0         10914      0      0      0 BMRU
lo       65536        0      0      0 0             0      0      0      0 LRU
Display extended information on the interfaces (similar to ifconfig) using netstat -ie:
[root@yum ~]# netstat -ie
Kernel Interface table
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1460
        inet 10.142.0.2  netmask 255.255.255.255  broadcast 10.142.0.2
        inet6 fe80::4001:aff:fe8e:2  prefixlen 64  scopeid 0x20<link>
        ether 42:01:0a:8e:00:02  txqueuelen 1000  (Ethernet)
        RX packets 14216  bytes 83668327 (79.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 10939  bytes 1234390 (1.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

LEAVE A REPLY

Please enter your comment!
Please enter your name here