Netstat Command in Linux - 28 Commands with Examples

Introduction

The netstat command is a CLI tool for network statistics. It gives an overview of network activities and displays which ports are open or have established connections. The netstat tool is essential for discovering network problems.

This article shows 28 netstat commands for displaying port and internet statistics data on Linux.

28 netstat Linux Commands

Prerequisites

  • Access to the terminal
  • Installed net-tools software package

Note: Though still widely used, netstat command is considered obsolete. Instead, the ss command is recommended as a faster and simpler tool. Learn more about the Linux ss command.

How to Use netstat Command in Linux

The primary usage of netstat is without any parameters:

netstat
Terminal output of the netstat

The first list in the output displays active established internet connections on the computer. The following details are in the columns:

  • Proto – Protocol of the connection (TCP, UDP).
  • Recv-Q – Receive queue  of bytes received or ready to be received.
  • Send-Q – Send queue of bytes ready to be sent.
  • Local address – Address details and port of the local connection. An asterisk (*) in the host indicates that the server is listening and if a port is not yet established.
  • Foreign address– Address details and port of the remote end of the connection. An asterisk (*) appears if a port is not yet established.
  • State – State of the local socket, most commonly ESTABLISHED, LISTENING, CLOSED or blank.

The second list shows all the active "Unix Domain" open sockets with the following details:

  • Proto – Protocol used by the socket (always unix).
  • RefCnt – Reference count of the number of attached processes to this socket.
  • Flags – Usually ACC or blank.
  • Type – The socket type.
  • State – State of the socket, most often CONNECTED, LISTENING or blank.
  • I-Node – File system inode (index node) associated with this socket.
  • Path – System path to the socket.

For advanced usage, expand the netstat command with options:

netstat [options]

Or list the options one by one:

netstat [option 1] [option 2] [option 3]

The netstat options enable filtering of network information.

Note: If the network is slow, test the network speed.

List All Ports and Connections

To list all ports and connections regardless of their state or protocol, use:

netstat -a
Terminal output of the command netstat -a


The output lists established connections along with servers which are open or listening.

List All TCP Ports

List all TCP ports by running:

netstat -at
Terminal output of the command netstat -at

List All UDP Ports

List all UDP ports with:

netstat -au
Terminal output of the command netstat -au

List Only Listening Ports

To return a list of only listening ports for all protocols, use:

netstat -l
Terminal output of the command netstat -l


List TCP Listening Ports

List all listening TCP ports with:

netstat -lt
Terminal output of the command netstat -lt


List UDP Listening Ports

Return only listening UDP ports by running:

netstat -lu
Terminal output of the command netstat -lu


List UNIX Listening Ports

To list UNIX listening ports, use:

netstat -lx
Terminal output of the command netstat -lx

Note: Scan for open ports with nmap as an alternative.

Display Statistics by Protocol

Display statistics for all ports regardless of the protocol with:

netstat -s
Terminal output of the command netstat -s

Statistics are also filterable by protocol.

List Statistics for TCP Ports

List statistics for TCP ports only with:

netstat -st
Terminal output of the command netstat -st

List Statistics for UDP Ports

To list statistics for UDP ports only, use:

netstat -su
Terminal output of the command netstat -su

List Network Interface Transactions

To see transactions of MTU, receiving and transferring packets in the kernel interface table, use:

netstat -i
Terminal output of the command netstat -i

Display Extended Kernel Interface Table

Add the option -e to netstat -i to extend the details of the kernel interface table:

netstat -ie
Terminal output of the command netstat -ie

Display Masqueraded Connections

For displaying masqueraded connections, use:

netstat -M

Display PID

Display the PID/Program name related to a specific connection by adding the -p option to netstat. For example, to view the TCP connections with the PID/Program name listed, use:

netstat -tp
Terminal output of the command netstat -tp

Find Listening Programs

Find all listening programs with:

netstat -lp
Terminal output of the command netstat -lp

Display Kernel IP Routing Table

Display the kernel IP routing table with:

netstat -r
Terminal output of the command netstat -r

Display IPv4 and IPv6 Group Membership

Display group membership for IPv6/IPv4 with:

netstat -g
Terminal output of the command netstat -g

Print netstat Info Continuously

Add the -c option to the netstat command to print information every second:

netstat -c

For example, to print the kernel interface table continuously, run:

netstat -ic
Terminal output of the command netstat -ic

Find Unconfigured Address Families

List addresses without support on the system with:

netstat --verbose

The information is found at the end of the output:

Terminal output of the command netstat --verbose

Display Numerical Addresses, Host Addresses, Port Numbers, and User IDs

By default, addresses, port numbers, and user IDs are resolved into human-readable names when possible. Knowing the unresolved port number is important for tasks such as SSH port forwarding.

Display Numerical Addresses
Show numerical addresses with:

netstat -n

Display Numerical Host Addresses
To show only host addresses as numerical, run:

netstat --numeric-hosts

Display Numerical Port Numbers
Show only ports as numerical with:

netstat --numeric-ports

Display Numerical User Ids
To display numerical user IDs, use:

netstat --numeric-users

Find a Process That Is Using a Particular Port

Make use of the grep command to filter the data from netstat. To find a process that is using a particular port number, run:

netstat -an | grep ':[port number]'

For example:

netstat -an | grep ':80'
Terminal output of the command netstat -an | grep

List All netstat Commands

There are many netstat options available. Access the list of all the available commands and a short description using:

netstat -h
Terminal output of the command netstat -h

Note: Check out the Linux commands cheat sheet, which features the netstat command.

Conclusion

Netstat is an essential tool for network engineers, system administrators, and developers. Troubleshooting network problems and having an overview of all the network activities and port availability are just some use cases of this tool.

For further reading, find out about the best network security tools.

Was this article helpful?
YesNo
Milica Dancuk
Milica Dancuk is a technical writer at phoenixNAP with a passion for programming. With a background in Electrical Engineering and Computing, coupled with her teaching experience, she excels at simplifying complex technical concepts in her writing.
Next you should read
How to Test Network Speed in Linux via CLI
November 25, 2020

This article shows you numerous ways to test network speed in Linux via CLI. Learn how to install and use...
Read more
How to Configure CentOS Network Settings
March 25, 2020

Configure CentOS network settings using the command line or the Network Manager TUI. This guide shows you how...
Read more
Nmap Commands - 17 Basic Commands for Linux Network
May 14, 2019

Nmap stands for Network Mapper. It is an open source tool for network exploration and security auditing...
Read more
Best Tools to Monitor Network Bandwidth on a Linux Server
September 19, 2024

There are many different tools for monitoring network traffic on a Linux server. Each option has...
Read more