netstat command

You can use the netstat command to display various information about the Linux networking subsystem. netstat provides information about network connections, routing tables, interface statistics, etc. This tool is often used to troubleshoot problems in a network and to determine the amount of traffic on the network.

netstat is most often used to display incoming and outgoing network connections. Used without any parameters, netstat returns information about open ports and the systems to which they connect:

linux netstat command

To display information about the ports that server programs open to listen for network connections and already-open connections, use the -a option:

linux netstat a option

To display only the TCP connections, use the -t option:

linux netstat tcp

To display only the UDP connections, use the -u option:

linux netstat udp

You can group multiple options together:

linux netstat tcp udp

To print information continuously every few seconds, use the -c option.

 

To display the statistics for each protocol (IP, TCP, UDP, ICMP), use the -s option:

linux netstat statistics

You can display the statistics for only TCP ports using the -st option:

linux netstat tcp statistics

To display the PID and program name, you can use the -p option:

linux netstat pid program name

To print information about your network interfaces, use the -i option:

linux netstat interfaces

To print the routing table, use the -r option:

linux netstat routing table

Here is an example netstat output. We will use the netstat command to display all TCP and UDP connections using numerical addresses:

linux netstat tuna

Here is a brief description of each field:

  • Proto – the name of the protocol (TCP or UDP).
  • Recv-Q – the bytes of data in the queue to be sent to the user program that established the connection. This value should be 0 or close to 0.
  • Send-Q – the bytes in the queue to be sent to the remote program. This value should also be 0 or close to 0.
  • Local Address – the IP address of the local computer and the port number being used. An asterisk (*) is shown for the host if the server is listening on all interfaces.
  • Foreign Address – the IP address and port number of the remote computer to which the socket is connected. If the port is not yet established, the port number is shown as an asterisk (*).
  • State – the state of a TCP connection. The possible states are: CLOSE_WAIT, CLOSED, ESTABLISHED, FIN_WAIT_1, FIN_WAIT_2, LAST_ACK, LISTEN, SYN_RECEIVED, SYN_SEND, and TIME_WAIT.

 

netstat is deprecated. You should use ss instead.
Geek University 2022