Linux provides a lot of tools for network management and visibility. netstat is another popular and useful tool used by a lot of systems and network administrators. In this tutorial, we will look at usage examples of netstat.

Syntax

We will use the following syntax for the netstat command.

netstat [address_family_options] [options]

List All Connections

A typical Linux system will have a lot of different connections. These connection types can be Unix Sockets, IPX Sockets, IPv4, IPv6, etc. All connections about these can be listed with -a parameter.

$ netstat -a

List Only TCP Connections

While listing connection only TCP connections may be needed. Only TCP connections can be listed with -t parameter. All listening and established TCP connections will be listed here. Keep in mind this will list IPv6 too.

$ netstat -at

List Only UDP Connections

Another useful feature is listing only UDP connections. Keep in mind this will list IPv6 too.

$ netstat -au

List Both TCP and UDP Connections

TCP and UDP connections and ports can be listed in a single shot. Just provide both UDP and TCP parameters previously examined like below.

$ netstat -a -t -u

List Only Listening Ports

While listing all connections and ports will be listed by default. There is -l option which will list all LISTEN interfaces which means the port is listening for new connections.

$ netstat -l

You may notice that TCP protocol ports provide state as LISTEN but UDP ports do not have any state information. Because UDP is a connectionless protocol.

List Only Unix Sockets/Ports

Netstat has the ability to list operating system level Unix or Linux sockets those used locally by applications. While listing Unix sockets information like Reference count, flags, type, state, i-node provided.

$ netstat -x

Print Ports Numerically

While printing information about the ports and protocols by default text presentation is printed. For example to list an ssh protocol ssh is used not 22 . This can be changed with --numeric-ports option.

$ netstat -l --numeric-ports

Disable DNS Lookup

While listing existing connections the DNS names will be printed to screen. To get DNS information about IP addresses the DNS resolution must be made. This can be a time-wasting operation if we do not need them. Or we need only the IP address.

$ netstat -n -a

Get Listening Process Owner User Id

All listening ports have some process-related. These processes will open the port for listening or connecting. These processes have associated users. This user information can get with -e . This feature requires root privileges. So we will provide sudo or run this command as directly root user. There is also inode information available.

$ sudo netstat -l -e

Get Listening Process Id

As we have listed in the previous example the user-id also process id can be listed. The parameter used for this operation is -p and this feature needs root privileges too.

$ sudo netstat -l -p

Print Network Statistics

Linux network stack has support for different types of protocols. While using these protocols a lot of traffic is generated. This traffic information and statistics can be listed with -s parameter. This will print all statistics like TCP, UDP, ICMP

$ netstat -s

Print Statistics of TCP

Only statistics about TCP protocol stack can be listed by providing the TCP filter parameter.

$ netstat -s -t

Print Statistics of UDP

Only statistics about TCP protocol stack can be listed by providing the TCP filter parameter.

$ netstat -s -u

Print Route Table

The routing table can be printing different tools. Netstat also provides routing table information too.

$ netstat -r

Print Network Interfaces

For information purposes, network interfaces can be printed like below. There will be information about MTU, RX, TX Errors

$ netstat -i

Print Stats Continuously

Normally running command will generate output and send it to the terminal only once. If we need to send output of the same command continuously we should provide -c parameter.

$ netstat -t -c

Print Active TCP Connections

There is a lot of information while printing. This information can overwhelm us when we need only active connections which is already established. This can be done with the help of grep command.

$ netstat -a | grep 'EST\|TIM'