netstat Command Tutorial In Linux with Example

netstat Command Tutorial In Linux with Example

by

The netstat command is used to display network connections for network protocols like TCP and UDP. The netstat can display routing tables, network interfaces, network protocol statistics, open ports, etc. Both Linux distributions and Windows operating systems provide the netstat command. In this tutorial, we examine different usage examples for the netstat command.

netstat Command Syntax

The netstat command has the following simple syntax. All options are provided after the netstat command. The netstat command may work without or single or multiple options.

netstat OPTION
  • OPTION is used to specify different single or more options for specific netstat behaivour. OPTION is optional.

List All Ports and Connections

The netstat can list all listening network ports and sockets. The -a option is used to list all listening network ports and operating system sockets. This lists all ports related to the TCP and UDP protocols.

$ netstat -a
List All Ports and Connections

List All TCP Ports

The netstat can be also used to list all TCP port which are listening or established. Established means a TCP connection is established and data is transmitted. The -a and -t option is used to list all listening and connected TCP ports.

$ netstat -a -t
List All TCP Ports

List All UDP Ports

We can also use netstat command in order to list all listening UDP ports by using the -a and -u options like below.

netstat -au

List Only Listening Ports

Up to now, we have listed all ports which are listening and connected. But we can also list only listening ports. The -l option is used to list only listening ports. Both TCP and UDP listening ports and sockets are displayed.

$ netstat -l
List Only Listening Ports

List Only Listening TCP Ports

Only listening TCP ports can be listed with the -l and -t options.

$ netstat -lt
List Only Listening TCP Ports

List Only Listening UDP Ports

Only UDP listening ports can be listed with the -l and -u options like below.

$ netstat -lu
List Only Listening UDP Ports

List Unix Sockets

The netstat command also lists the Linux or Unix sockets. The -l and -x options can be used to list listening Unix sockets.

$ netstat -lx
List Unix Sockets

Display Protocol Statistics (IP, ICMP,TCP, UDP,…)

The netstat command can be also used to display statistics about different protocols like IP, ICMP, TCP, UDP, etc. These statistics provide information like incoming packet count, outgoing packet count, dropped packet count, etc. The -s option is used to display protocols statistical information.

$ netstat -s
Display Protocol Statistics (IP, ICMP,TCP, UDP,…)

Display TCP Protocol Statistics

Only TCP protocol-related statistics can be displayed with the -s and -t options. This lists active connections openings, passive connection openings, failed connection openings, connection resets received, connections established, etc. information.

$ netstat -st
Display TCP Protocol Statistics

Display UDP Protocol Statistics

UDP related statistics can be displayed by using the -s and -u options.

$ netstat -su

Display Network Interface Statistics

The netstat can be used to displayed network interface statistics like MTU, RX, TX, Error, etc. The -i is used to list network interfaces with their statistics.

$ netstat -i
Display Network Interface Statistics

Display Network Interface Information

Network interfaces or network adapters can be displayed with their network-related information like IP address, IPv6 address, netmask, broadcast address, and packet-related statistics.

$ netstat -ie
Display Network Interface Information

Display Network Port/Socket and Related Process ID (PID)

Current established or listening ports can be displayed with their related process ID and executable. This is very useful to find out which application listening to which port or which application is connected to which remote port. The -t and -p options are used to displayed network port/socket and related process ID.

$ netstat -tp
Display Network Port/Socket and Related Process ID (PID)

Display Listening Processes/Programs

Different services and programs listen for different ports. SSH, FTP, HTTP, etc. listen to related network ports to provides services. The listening port and related process or program can be listed with the -l and -p options.

$ netstat -lp
Display Listening Processes/Programs

Display Routing Table

The routing table is used to set the next hop for each packet processed. Generally, the default gateway record of the routing table is used. The routing table can be displayed with the -r option.

$ netstat -r
Display Routing Table

Display Continuously At Specified Interval

By default, the netstat command displays single output after execution. If we require to run specified options regularly and displayed output at the specified interval the -c option can be used. In the following example, we display the network interface statistics continuously.

$ netstat -i -c
Display Continuously At Specified Interval

Display Values Numerically (IP Address, Port Number, User ID)

The netstat command displays different values like Hostname, Port Protocol, User ID as text. They can be also displayed numerically like IP Address instead of hostname, port number instead of port protocol, user ID instead of the username. The -n option is used to display these values numerically.

$ netstat -tl -n
Display Values Numerically (IP Address, Port Number, User ID)

Display IP Address Values Numerically

The hostname can be displayed as an IP address numerically by using the --numeric-hosts option like below.

$ netstat -tl --numeric-hosts

Display Port Numbers Numerically

The port protocol can be displayed as a port number numerically by using the --numeric-ports option like below. 

$ netstat -tl --numeric-ports

Display User ID Numerically

The username can be displayed as a user ID numerically by using the --numeric-users option like below. 

$ netstat -tl --numeric-users

Find Process Port Usage

Leave a Comment