Netstat Command in Linux - 25 Commands with Examples

Introduction

The netstat command is a command-line tool for retrieving network statistics. It provides an overview of network activity and displays which ports are open or have established connections. netstat is essential for diagnosing network issues.

Learn key netstat commands to display port and internet stats in Linux.

Netstat commands in Linux.

Prerequisites

  • Access to the terminal.
  • Installed net-tools software package.

Note: Though still widely used, the netstat command is considered obsolete. Instead, the Linux ss command is recommended as a faster and simpler solution.

netstat Command Syntax

The netstat command can be used without parameters to display active network connections:

netstat
Terminal output of the netstat

The output displays details of active internet connections across six columns:

  • Proto. Protocol of the connection (e.g., TCP, UDP).
  • Recv-Q. Number of bytes received and waiting in the queue to be processed.
  • Send-Q. Number of bytes waiting in the queue to be sent.
  • Local address. Local address and port of the connection. An asterisk (*) in the host indicates that the server is listening on all available interfaces, and a port may not yet be established.
  • Foreign address. Remote address and port of the connection. An asterisk (*) appears if a connection is not yet established.
  • State. State of the local socket. Values include ESTABLISHED, LISTENING, CLOSED, or blank.

The second list shows all active Unix Domain open sockets with the following details:

  • Proto. Protocol used by the socket (always unix).
  • RefCnt. Reference count of the number of processes attached to this socket.
  • Flags. Flags associated with the socket, usually ACC or blank.
  • Type. The socket type.
  • State. State of the socket, most often CONNECTED, LISTENING, or blank.
  • I-Node. File system inode (index node) associated with this socket.
  • Path. File system path to the socket.

You can expand the netstat command with options to filter or customize output:

netstat [option]

Or, you can combine multiple options in one command for a more detailed overview of network stats:

netstat [option 1] [option 2] [option 3]

Note: While netstat is a powerful tool for monitoring network connections, Linux offers many other CLI and GUI tools for analyzing network traffic and bandwidth usage.

netstat Command Options

The following table lists the most commonly used netstat options:

OPTIONDESCRIPTION
-aDisplay all active TCP and UDP connections and listening ports.
-tDisplay only TCP connections.
-uDisplay only UDP connections.
-lShow only sockets that are actively listening for incoming connections.
-pDisplay the Process ID (PID) and program name associated with each socket.
-nDisplay addresses and port numbers in numeric format without resolving names.
-rDisplay the kernel routing table.
-sProvide summary statistics for each protocol.
-cContinuously update the output every second.
-eDisplay extended information, including timers and user IDs.

netstat Command Examples

This section contains practical examples of netstat command usage with one or more options.

List All Ports and Connections

To list all ports and connections regardless of their state or protocol, use:

netstat -a
Terminal output of the command netstat -a

The output lists established connections along with servers that are open or listening.

List All TCP Ports

List all TCP ports by running:

netstat -at
Terminal output of the command netstat -at

List All UDP Ports

To list all UDP ports, use the following command:

netstat -au
Terminal output of the command netstat -au

List Only Listening Ports

To return a list of only listening ports for all protocols, use:

netstat -l
Terminal output of the command netstat -l

List TCP Listening Ports

List all listening TCP ports by entering:

netstat -lt
Terminal output of the command netstat -lt

List UDP Listening Ports

Return only listening UDP ports by running:

netstat -lu
Terminal output of the command netstat -lu

List UNIX Listening Ports

To list UNIX listening ports, use:

netstat -lx
Terminal output of the command netstat -lx

Note: As an alternative, use nmap to scan for open ports.

Display Statistics by Protocol

Display statistics for all ports regardless of the protocol with:

netstat -s
Terminal output of the command netstat -s

Statistics are also filterable by protocol.

List Statistics for TCP Ports

List statistics for TCP ports only with:

netstat -st
Terminal output of the command netstat -st

List Statistics for UDP Ports

To list statistics for UDP ports only, use:

netstat -su
Terminal output of the command netstat -su

Monitor Network Interfaces

To see the maximum transmission unit (MTU) size, as well as received and transmitted packets, in the kernel interface table, enter:

netstat -i
Terminal output of the command netstat -i

Display Extended Kernel Interface Table

To include additional network interface details, such as error counts and extended statistics, add the -e option to netstat -i:

netstat -ie
Terminal output of the command netstat -ie

Display Masqueraded Connections

To display network connections translated by NAT (masqueraded connections), enter:

netstat -M

Display PID

Display the PID and program name related to a specific connection by adding the -p option to netstat. For example, to view TCP connections with their associated PID and program name, type:

netstat -tp
Terminal output of the command netstat -tp

Root privileges may be required to view TCP connections with their PIDs.

Find Listening Programs

Find all listening programs with:

netstat -lp
Terminal output of the command netstat -lp

The list of programs appears on the right side of the output.

Display Kernel IP Routing Table

Display the kernel IP routing table with:

netstat -r
Terminal output of the command netstat -r

Display IPv4 and IPv6 Group Membership

Display group membership for IPv6/IPv4 with:

netstat -g
Terminal output of the command netstat -g

Print netstat Info Continuously

Add the -c option to the netstat command to print information every second:

netstat -c

For example, to print the kernel interface table continuously, run:

netstat -ic
Terminal output of the command netstat -ic

Find Unconfigured Address Families

List addresses without support on the system with:

netstat --verbose
Terminal output of the command netstat --verbose

The information is found at the end of the output:

Display Numerical Addresses

Show numerical addresses with:

netstat -n

Note: By default, addresses, port numbers, and user IDs are resolved into human-readable format when possible. Knowing the unresolved port number is important for tasks such as SSH port forwarding.

Display Numerical Host Addresses

To show only host addresses as numerical, run:

netstat --numeric-hosts

Display Numerical Port Numbers

Show only ports as numerical with:

netstat --numeric-ports

Display Numerical User IDs

To display numerical user IDs, use:

netstat --numeric-users

Find a Process That Is Using a Particular Port

Use the grep command to filter the data from netstat. To find a process that uses a particular port number, enter:

netstat -an | grep ':[port number]'

For example:

netstat -an | grep ':80'
Terminal output of the command netstat -an | grep

List All netstat Commands

There are many netstat options. Access the list of all the available commands and a short description using:

netstat -h
Terminal output of the command netstat -h

Note: Check out the Linux commands cheat sheet, which features the netstat command.

Conclusion

You know how the netstat command works and its syntax and options. Use netstat to get an overview of network activities and port availability and troubleshoot network issues in Linux.

If you are a network engineer or system administrator, explore the best network security tools to protect your system more efficiently.

Was this article helpful?
YesNo
Vladimir Kaplarevic
Vladimir is a resident Tech Writer at phoenixNAP. He has more than 7 years of experience in implementing e-commerce and online payment solutions with various global IT services providers. His articles aim to instill a passion for innovative technologies in others by providing practical advice and using an engaging writing style.
Next you should read
Networking SysAdmin
Linux Network Commands Cheat Sheet
September 13, 2023
Master Linux networking commands! This article provides an overview of 20 Linux network commands, and features a free downloadable PDF cheat sheet.
Read more
Networking SysAdmin
How to Test Network Speed in Linux via CLI
November 25, 2020
This article shows you numerous ways to test network speed in Linux via CLI. Learn how to install and use 9 online tools to test internet speed from the command prompt window.
Read more
Networking Security Web Servers
Nmap Commands - 17 Basic Commands for Linux Network
May 14, 2019
The NMAP command line tool can audit and discover local and remote open ports, as well as network information and hosts. Here are some of the most useful Nmap commands with examples.
Read more
Networking Security Web Servers
What Is Load Balancing? Definition and How It Works
September 19, 2024
Load balancing is a method for distributing network traffic across multiple servers in a pool, that way improving performance and preventing bottlenecks. Learn about the different types of load balancing in this article.
Read more