Introduction
The netstat command is a command-line tool for retrieving network statistics. It provides an overview of network activity and displays which ports are open or have established connections. netstat is essential for diagnosing network issues.
Learn key netstat commands to display port and internet stats in Linux.
Prerequisites
- Access to the terminal.
- Installed net-tools software package.
Note: Though still widely used, the netstat command is considered obsolete. Instead, the Linux ss command is recommended as a faster and simpler solution.
netstat Command Syntax
The netstat command can be used without parameters to display active network connections:
netstat
The output displays details of active internet connections across six columns:
- Proto. Protocol of the connection (e.g., TCP, UDP).
- Recv-Q. Number of bytes received and waiting in the queue to be processed.
- Send-Q. Number of bytes waiting in the queue to be sent.
- Local address. Local address and port of the connection. An asterisk (*) in the host indicates that the server is listening on all available interfaces, and a port may not yet be established.
- Foreign address. Remote address and port of the connection. An asterisk (*) appears if a connection is not yet established.
- State. State of the local socket. Values include
ESTABLISHED,LISTENING,CLOSED, or blank.
The second list shows all active Unix Domain open sockets with the following details:
- Proto. Protocol used by the socket (always
unix). - RefCnt. Reference count of the number of processes attached to this socket.
- Flags. Flags associated with the socket, usually
ACCor blank. - Type. The socket type.
- State. State of the socket, most often
CONNECTED,LISTENING, or blank. - I-Node. File system inode (index node) associated with this socket.
- Path. File system path to the socket.
You can expand the netstat command with options to filter or customize output:
netstat [option]Or, you can combine multiple options in one command for a more detailed overview of network stats:
netstat [option 1] [option 2] [option 3]Note: While netstat is a powerful tool for monitoring network connections, Linux offers many other CLI and GUI tools for analyzing network traffic and bandwidth usage.
netstat Command Options
The following table lists the most commonly used netstat options:
| OPTION | DESCRIPTION |
|---|---|
-a | Display all active TCP and UDP connections and listening ports. |
-t | Display only TCP connections. |
-u | Display only UDP connections. |
-l | Show only sockets that are actively listening for incoming connections. |
-p | Display the Process ID (PID) and program name associated with each socket. |
-n | Display addresses and port numbers in numeric format without resolving names. |
-r | Display the kernel routing table. |
-s | Provide summary statistics for each protocol. |
-c | Continuously update the output every second. |
-e | Display extended information, including timers and user IDs. |
netstat Command Examples
This section contains practical examples of netstat command usage with one or more options.
List All Ports and Connections
To list all ports and connections regardless of their state or protocol, use:
netstat -a
The output lists established connections along with servers that are open or listening.
List All TCP Ports
List all TCP ports by running:
netstat -at
List All UDP Ports
To list all UDP ports, use the following command:
netstat -au
List Only Listening Ports
To return a list of only listening ports for all protocols, use:
netstat -l
List TCP Listening Ports
List all listening TCP ports by entering:
netstat -lt
List UDP Listening Ports
Return only listening UDP ports by running:
netstat -lu
List UNIX Listening Ports
To list UNIX listening ports, use:
netstat -lx
Note: As an alternative, use nmap to scan for open ports.
Display Statistics by Protocol
Display statistics for all ports regardless of the protocol with:
netstat -s
Statistics are also filterable by protocol.
List Statistics for TCP Ports
List statistics for TCP ports only with:
netstat -st
List Statistics for UDP Ports
To list statistics for UDP ports only, use:
netstat -su
Monitor Network Interfaces
To see the maximum transmission unit (MTU) size, as well as received and transmitted packets, in the kernel interface table, enter:
netstat -i
Display Extended Kernel Interface Table
To include additional network interface details, such as error counts and extended statistics, add the -e option to netstat -i:
netstat -ie
Display Masqueraded Connections
To display network connections translated by NAT (masqueraded connections), enter:
netstat -MDisplay PID
Display the PID and program name related to a specific connection by adding the -p option to netstat. For example, to view TCP connections with their associated PID and program name, type:
netstat -tp
Root privileges may be required to view TCP connections with their PIDs.
Find Listening Programs
Find all listening programs with:
netstat -lp
The list of programs appears on the right side of the output.
Display Kernel IP Routing Table
Display the kernel IP routing table with:
netstat -r
Display IPv4 and IPv6 Group Membership
Display group membership for IPv6/IPv4 with:
netstat -g
Print netstat Info Continuously
Add the -c option to the netstat command to print information every second:
netstat -cFor example, to print the kernel interface table continuously, run:
netstat -ic
Find Unconfigured Address Families
List addresses without support on the system with:
netstat --verbose
The information is found at the end of the output:
Display Numerical Addresses
Show numerical addresses with:
netstat -nNote: By default, addresses, port numbers, and user IDs are resolved into human-readable format when possible. Knowing the unresolved port number is important for tasks such as SSH port forwarding.
Display Numerical Host Addresses
To show only host addresses as numerical, run:
netstat --numeric-hostsDisplay Numerical Port Numbers
Show only ports as numerical with:
netstat --numeric-portsDisplay Numerical User IDs
To display numerical user IDs, use:
netstat --numeric-usersFind a Process That Is Using a Particular Port
Use the grep command to filter the data from netstat. To find a process that uses a particular port number, enter:
netstat -an | grep ':[port number]'For example:
netstat -an | grep ':80'
List All netstat Commands
There are many netstat options. Access the list of all the available commands and a short description using:
netstat -h
Note: Check out the Linux commands cheat sheet, which features the netstat command.
Conclusion
You know how the netstat command works and its syntax and options. Use netstat to get an overview of network activities and port availability and troubleshoot network issues in Linux.
If you are a network engineer or system administrator, explore the best network security tools to protect your system more efficiently.
