Netstat is a command line utility that can be used to list out all the network (socket
Let us review 10 practical unix netstat command examples.
1List All Ports (both listening and non listening ports)
List all ports using netstat -a
[root@yum ~]# netstat -a | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN
tcp 0 0 yum.c.kubernetes-:50122 metadata.google.in:http ESTABLISHED
tcp 0 0 yum.c.kubernetes-:50124 metadata.google.in:http ESTABLISHED
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 14601 /var/run/NetworkManager/private-dhcp
unix 2 [ ] DGRAM 6738 /run/systemd/notify
List all tcp ports using netstat -at
[root@yum ~]# netstat -at Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN tcp 0 0 yum.c.kubernetes-:50128 metadata.google.in:http ESTABLISHED tcp 0 0 yum.c.kubernetes-:50130 metadata.google.in:http ESTABLISHED tcp 0 0 yum.c.kubernetes-:50124 metadata.google.in:http ESTABLISHED
List all udp ports using netstat -au
[root@yum ~]# netstat -au Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 0.0.0.0:bootpc 0.0.0.0:* udp 0 0 0.0.0.0:59548 0.0.0.0:* udp 0 0 localhost:323 0.0.0.0:* udp6 0 0 [::]:40312 [::]:* udp6 0 0 localhost:323 [::]:*
2List Sockets which are in Listening State
List only listening ports using netstat -l
[root@yum ~]# netstat -l Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN tcp6 0 0 [::]:ssh [::]:* LISTEN tcp6 0 0 localhost:smtp [::]:* LISTEN
List only listening TCP Ports using netstat -lt
[root@yum ~]# netstat -lt Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN tcp6 0 0 [::]:ssh [::]:* LISTEN tcp6 0 0 localhost:smtp [::]:* LISTEN
List only listening UDP Ports using netstat -lu
[root@yum ~]# netstat -lu Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 0.0.0.0:bootpc 0.0.0.0:* udp 0 0 0.0.0.0:59548 0.0.0.0:* udp 0 0 localhost:323 0.0.0.0:* udp6 0 0 [::]:40312 [::]:* udp6 0 0 localhost:323 [::]:*
List only the listening UNIX Ports using netstat -lx
[root@yum ~]# netstat -lx Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 14601 /var/run/NetworkManager/private-dhcp unix 2 [ ACC ] STREAM LISTENING 12639 /var/run/acpid.socket unix 2 [ ACC ] STREAM LISTENING 16373 private/tlsmgr unix 2 [ ACC ] STREAM LISTENING 16376 private/rewrite unix 2 [ ACC ] STREAM LISTENING 16379 private/bounce unix 2 [ ACC ] STREAM LISTENING 16415 private/discard unix 2 [ ACC ] STREAM LISTENING 6758 /run/systemd/journal/stdout unix 2 [ ACC ] STREAM LISTENING 16418 private/local unix 2 [ ACC ] STREAM LISTENING 17901 /tmp/ssh-OJV7T4xGPg/agent.1315
3Show the statistics for each protocol
Show statistics for all ports using netstat -s
[root@yum ~]# netstat -s
Ip:
12753 total packets received
0 forwarded
Icmp:
5 ICMP messages received
1 input ICMP message failed.
ICMP input histogram:
destination unreachable: 2
Tcp:
774 active connections openings
5 passive connection openings
2 failed connection attempts
0 connection resets received
Udp:
192 packets received
0 packets to unknown port received.
0 packet receive errors
Show statistics for TCP (or) UDP ports using netstat -st (or) -su
# netstat -st # netstat -su
4Display PID and program names in netstat output using netstat -p
netstat -p option can be combined with any other netstat option. This will add the “PID/Program Name” to the netstat output. This is very useful while debugging to identify which program is running on a particular port.
[root@yum ~]# netstat -pt Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 yum.c.kubernetes-:50358 metadata.google.in:http ESTABLISHED 1139/python tcp 0 0 yum.c.kubernetes-:50360 metadata.google.in:http ESTABLISHED 1138/python tcp 0 0 yum.c.kubernetes-:50362 metadata.google.in:http ESTABLISHED 1136/python tcp 0 0 yum.c.kubernetes-:50356 metadata.google.in:http CLOSE_WAIT 1138/python tcp 0 64 yum.c.kubernetes-19:ssh 74.125.73.99:33114 ESTABLISHED 1312/sshd: mazhochi
5Don’t resolve host, port and user name in netstat output
When you don’t want the name of the host, port or user to be displayed, use netstat -n option. This will display in numbers, instead of resolving the host name, port name, user name.
This also speeds up the output, as netstat is not performing any look-up.
# netstat -an
If you don’t want only any one of those three items ( ports, or hosts, or users ) to be resolved, use following commands.
# netsat -a --numeric-ports # netsat -a --numeric-hosts # netsat -a --numeric-users
6Print netstat information continuously
netstat will print information continuously every few seconds.
[root@yum ~]# netstat -c Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 yum.c.kubernetes-19:ssh cst2-44-46.cust.v:23831 SYN_RECV tcp 0 0 yum.c.kubernetes-:50406 metadata.google.in:http ESTABLISHED tcp 0 0 yum.c.kubernetes-:50410 metadata.google.in:http ESTABLISHED tcp 0 0 yum.c.kubernetes-:50408 metadata.google.in:http ESTABLISHED tcp 0 0 yum.c.kubernetes-:50402 metadata.google.in:http CLOSE_WAIT tcp 0 64 yum.c.kubernetes-19:ssh 74.125.73.99:33114 ESTABLISHED Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ] DGRAM 6738 /run/systemd/notify unix 2 [ ] DGRAM 6740 /run/systemd/cgroups-agen
7Find the non supportive Address families in your system
netstat --verbose
At the end, you will have something like this.
netstat: no support for `AF IPX' on this system. netstat: no support for `AF AX25' on this system. netstat: no support for `AF X25' on this system. netstat: no support for `AF NETROM' on this system.
8Display the kernel routing information using netstat -r
[root@yum ~]# netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface default gateway 0.0.0.0 UG 0 0 0 eth0 gateway 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 yum.c.kubernete 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 Note: Use netstat -rn to display routes in numeric format without resolving for host-names.
9Find out on which port a program is running
[root@yum ~]# netstat -ap | grep ssh tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 1132/sshd tcp 0 64 yum.c.kubernetes-19:ssh 74.125.73.99:33114 ESTABLISHED 1312/sshd: emre tcp6 0 0 [::]:ssh [::]:* LISTEN 1132/sshd unix 2 [ ACC ] STREAM LISTENING 17901 1315/sshd: emre /tmp/ssh-OJV7T4xGPg/agent.1315 unix 2 [ ] DGRAM 17885 1312/sshd: emre unix 3 [ ] STREAM CONNECTED 17888 1315/sshd: emre unix 3 [ ] STREAM CONNECTED 17889 1312/sshd: emre unix 3 [ ] STREAM CONNECTED 16721 1132/sshd
Find out which process is using a particular port:
# netstat -an | grep ':80'
10Show the list of network interfaces
[root@yum ~]# netstat -i Kernel Interface table Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1460 14179 0 0 0 10914 0 0 0 BMRU lo 65536 0 0 0 0 0 0 0 0 LRU Display extended information on the interfaces (similar to ifconfig) using netstat -ie:
[root@yum ~]# netstat -ie
Kernel Interface table
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1460
inet 10.142.0.2 netmask 255.255.255.255 broadcast 10.142.0.2
inet6 fe80::4001:aff:fe8e:2 prefixlen 64 scopeid 0x20<link>
ether 42:01:0a:8e:00:02 txqueuelen 1000 (Ethernet)
RX packets 14216 bytes 83668327 (79.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10939 bytes 1234390 (1.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
How to check if the port is enabled on AIX host?