netstat: Network Statistics Tool
Summary
netstat is a command-line utility for displaying network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. It provides valuable insights into the network activity of a system.
Introduction
netstat (network statistics) is a powerful command-line tool used to examine various aspects of network configuration and activity on a Linux system. While it's being superseded by ss in many modern distributions, netstat remains a widely recognized and understood command. It can display active TCP connections, listening ports, Ethernet statistics, the IP routing table, and more. Understanding netstat is essential for network troubleshooting and monitoring.
Use case and Examples
Display all active TCP connections
This command shows all active TCP connections, including those that are in a listening state. The-a flag displays all sockets (listening and non-listening), and the -t flag specifies that we only want to see TCP connections. Display all active UDP connections
This command displays all active UDP connections. Similar to the previous example,-a displays all sockets, and -u focuses on UDP connections. Display listening ports
This command shows only listening sockets. This is useful for identifying which services are actively listening for incoming connections.Display routing table
This command shows the kernel's IP routing table. This table is used to determine the path that network packets will take to reach their destination.Display Ethernet statistics
This command displays a table of network interface statistics. It shows information such as the number of packets transmitted and received, errors, and collisions.Display the PID and program name associated with each socket
This command requires root privileges. It displays the process ID (PID) and program name associated with each socket. This is useful for identifying which processes are using which network connections.Combine options for more detailed output
This command combines several options:-a for all sockets, -n to display numerical addresses instead of resolving hostnames and service names, -p to show the PID and program name, and grep :80 to filter the output to only show connections on port 80 (usually HTTP). Commonly used flags
| Flag | Description | Example |
|---|---|---|
-a | Displays all sockets (listening and non-listening). | netstat -a (shows all sockets) |
-t | Shows TCP connections. | netstat -at (shows all TCP connections) |
-u | Shows UDP connections. | netstat -au (shows all UDP connections) |
-l | Displays listening sockets only. | netstat -l (shows listening ports) |
-r | Displays the routing table. | netstat -r (shows routing table) |
-i | Displays interface statistics. | netstat -i (shows interface statistics) |
-n | Displays numerical addresses instead of hostnames and service names. | netstat -an (shows numerical addresses) |
-p | Shows the PID and program name for each socket. Requires root privileges. | sudo netstat -ap (shows PID and program name) |
-e | Displays extended information. | netstat -ie (shows extended interface statistics) |
-s | Displays summary statistics for each protocol. | netstat -s (shows summary statistics) |