netstat command is a CLI tool for network statistics. It gives an overview of network activities and displays which ports are open or have established connections. The netstat tool is essential for discovering network problems.
This article shows 28
netstat commands for displaying port and internet statistics data on Linux.
- Access to the terminal
- Installed net-tools software package
Note: Though still widely used, netstat command is considered obsolete. Instead, the ss command is recommended as a faster and simpler tool. Learn more about the Linux ss command.
How to Use netstat Command in Linux
The primary usage of
netstat is without any parameters:
The first list in the output displays active established internet connections on the computer. The following details are in the columns:
- Proto – Protocol of the connection (TCP, UDP).
- Recv-Q – Receive queue of bytes received or ready to be received.
- Send-Q – Send queue of bytes ready to be sent.
- Local address – Address details and port of the local connection. An asterisk (*) in the host indicates that the server is listening and if a port is not yet established.
- Foreign address– Address details and port of the remote end of the connection. An asterisk (*) appears if a port is not yet established.
- State – State of the local socket, most commonly ESTABLISHED, LISTENING, CLOSED or blank.
The second list shows all the active “Unix Domain” open sockets with the following details:
- Proto – Protocol used by the socket (always unix).
- RefCnt – Reference count of the number of attached processes to this socket.
- Flags – Usually ACC or blank.
- Type – The socket type.
- State – State of the socket, most often CONNECTED, LISTENING or blank.
- I-Node – File system inode (index node) associated with this socket.
- Path – System path to the socket.
For advanced usage, expand the
netstat command with options:
Or list the options one by one:
netstat <option 1> <option 2> <option 3>
netstat options enable filtering of network information.
Note: If the network is slow, test the network speed.
List All Ports and Connections
To list all ports and connections regardless of their state or protocol, use:
The output lists established connections along with servers which are open or listening.
List All TCP Ports
List all TCP ports by running:
List All UDP Ports
List all UDP ports with:
List Only Listening Ports
To return a list of only listening ports for all protocols, use:
List TCP Listening Ports
List all listening TCP ports with:
List UDP Listening Ports
Return only listening UDP ports by running:
List UNIX Listening Ports
To list UNIX listening ports, use:
Note: Scan for open ports with nmap as an alternative.
Display Statistics by Protocol
Display statistics for all ports regardless of the protocol with:
Statistics are also filterable by protocol.
List Statistics for TCP Ports
List statistics for TCP ports only with:
List Statistics for UDP Ports
To list statistics for UDP ports only, use:
List Network Interface Transactions
To see transactions of MTU, receiving and transferring packets in the kernel interface table, use:
Display Extended Kernel Interface Table
Add the option
netstat -i to extend the details of the kernel interface table:
Display Masqueraded Connections
For displaying masqueraded connections, use:
Display the PID/Program name related to a specific connection by adding the
-p option to
netstat. For example, to view the TCP connections with the PID/Program name listed, use:
Find Listening Programs
Find all listening programs with:
Display Kernel IP Routing Table
Display the kernel IP routing table with:
Display IPv4 and IPv6 Group Membership
Display group membership for IPv6/IPv4 with:
Print netstat Info Continuously
-c option to the
netstat command to print information every second:
For example, to print the kernel interface table continuously, run:
Find Unconfigured Address Families
List addresses without support on the system with:
The information is found at the end of the output:
Display Numerical Addresses, Host Addresses, Port Numbers, and User IDs
By default, addresses, port numbers, and user IDs are resolved into human-readable names when possible. Knowing the unresolved port number is important for tasks such as SSH port forwarding.
Display Numerical Addresses
Show numerical addresses with:
Display Numerical Host Addresses
To show only host addresses as numerical, run:
Display Numerical Port Numbers
Show only ports as numerical with:
Display Numerical User Ids
To display numerical user IDs, use:
Find a Process That Is Using a Particular Port
Make use of the grep command to filter the data from
netstat. To find a process that is using a particular port number, run:
netstat -an | grep ‘:<port number>’
netstat -an | grep ‘:80’
List All netstat Commands
There are many
netstat options available. Access the list of all the available commands and a short description using:
Note: Check out the Linux commands cheat sheet, which features the
Netstat is an essential tool for network engineers, system administrators, and developers. Troubleshooting network problems and having an overview of all the network activities and port availability are just some use cases of this tool.
For further reading, find out about the best network security tools.