netstat command is used to display network connections for network protocols like TCP and UDP. The netstat can display routing tables, network interfaces, network protocol statistics, open ports, etc. Both Linux distributions and Windows operating systems provide the netstat command. In this tutorial, we examine different usage examples for the netstat command.
netstat Command Syntax
The netstat command has the following simple syntax. All options are provided after the netstat command. The netstat command may work without or single or multiple options.
- OPTION is used to specify different single or more options for specific netstat behaivour. OPTION is optional.
List All Ports and Connections
The netstat can list all listening network ports and sockets. The
-a option is used to list all listening network ports and operating system sockets. This lists all ports related to the TCP and UDP protocols.
$ netstat -a
List All TCP Ports
The netstat can be also used to list all TCP port which are listening or established. Established means a TCP connection is established and data is transmitted. The
-t option is used to list all listening and connected TCP ports.
$ netstat -a -t
List All UDP Ports
We can also use netstat command in order to list all listening UDP ports by using the
-u options like below.
List Only Listening Ports
Up to now, we have listed all ports which are listening and connected. But we can also list only listening ports. The
-l option is used to list only listening ports. Both TCP and UDP listening ports and sockets are displayed.
$ netstat -l
List Only Listening TCP Ports
Only listening TCP ports can be listed with the
$ netstat -lt
List Only Listening UDP Ports
Only UDP listening ports can be listed with the
-u options like below.
$ netstat -lu
List Unix Sockets
The netstat command also lists the Linux or Unix sockets. The
-x options can be used to list listening Unix sockets.
$ netstat -lx
Display Protocol Statistics (IP, ICMP,TCP, UDP,…)
The netstat command can be also used to display statistics about different protocols like IP, ICMP, TCP, UDP, etc. These statistics provide information like incoming packet count, outgoing packet count, dropped packet count, etc. The
-s option is used to display protocols statistical information.
$ netstat -s
Display TCP Protocol Statistics
Only TCP protocol-related statistics can be displayed with the -s and -t options. This lists active connections openings, passive connection openings, failed connection openings, connection resets received, connections established, etc. information.
$ netstat -st
Display UDP Protocol Statistics
UDP related statistics can be displayed by using the
$ netstat -su
Display Network Interface Statistics
The netstat can be used to displayed network interface statistics like MTU, RX, TX, Error, etc. The
-i is used to list network interfaces with their statistics.
$ netstat -i
Display Network Interface Information
Network interfaces or network adapters can be displayed with their network-related information like IP address, IPv6 address, netmask, broadcast address, and packet-related statistics.
$ netstat -ie
Display Network Port/Socket and Related Process ID (PID)
Current established or listening ports can be displayed with their related process ID and executable. This is very useful to find out which application listening to which port or which application is connected to which remote port. The
-p options are used to displayed network port/socket and related process ID.
$ netstat -tp
Display Listening Processes/Programs
Different services and programs listen for different ports. SSH, FTP, HTTP, etc. listen to related network ports to provides services. The listening port and related process or program can be listed with the
$ netstat -lp
Display Routing Table
The routing table is used to set the next hop for each packet processed. Generally, the default gateway record of the routing table is used. The routing table can be displayed with the
$ netstat -r
Display Continuously At Specified Interval
By default, the netstat command displays single output after execution. If we require to run specified options regularly and displayed output at the specified interval the
-c option can be used. In the following example, we display the network interface statistics continuously.
$ netstat -i -c
Display Values Numerically (IP Address, Port Number, User ID)
The netstat command displays different values like Hostname, Port Protocol, User ID as text. They can be also displayed numerically like IP Address instead of hostname, port number instead of port protocol, user ID instead of the username. The
-n option is used to display these values numerically.
$ netstat -tl -n
Display IP Address Values Numerically
The hostname can be displayed as an IP address numerically by using the
--numeric-hosts option like below.
$ netstat -tl --numeric-hosts
Display Port Numbers Numerically
The port protocol can be displayed as a port number numerically by using the
--numeric-ports option like below.
$ netstat -tl --numeric-ports
Display User ID Numerically
The username can be displayed as a user ID numerically by using the
--numeric-users option like below.
$ netstat -tl --numeric-users