If you’re new to the Linux command line and are eager to delve into networking, it’s crucial to acquaint yourself with a variety of command-line utilities. One indispensable tool is netstat. In this article, we’ll explore how to use this command through straightforward examples.
Please note that all examples in this guide have been run on an Ubuntu system.
Understanding the Linux netstat Command
The netstat command is used to print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. The basic syntax is as follows:
netstat [OPTIONS]
As per the manual, here’s a brief on netstat’s functionality:
Netstat prints information about the Linux networking subsystem. The
type of information printed is controlled by the first argument, as follows:
(none)
By default, netstat displays a list of open sockets. If you don't
specify any address families, then the active sockets of all configured
address families will be printed.
--route , -r
Display the kernel routing tables. See the description in route(8) for
details. netstat -r and route -e produce the same output.
--groups , -g
Display multicast group membership information for IPv4 and IPv6.
--interfaces, -i
Display a table of all network interfaces.
--masquerade , -M
Display a list of masqueraded connections.
--statistics , -s
Display summary statistics for each protocol.
Below are some frequently asked questions with examples to help demonstrate how the netstat command works:
1. How do I use the netstat command?
Using the netstat command is quite straightforward — run it without any options.
netstat
The command provides a list of all open sockets by default:
Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 192.168.1.7:59510 mails11.telegram.:https ESTABLISHED tcp 0 0 192.168.1.7:57318 13.70.5.200:https ESTABLISHED tcp 0 1 192.168.1.7:51238 52.114.32.7:https SYN_SENT ...
2. How can I make netstat show numerical addresses?
To display numerical IP addresses rather than converting them to hostnames, use the -n option:
netstat -n
This command yields numeric output, providing quicker results as symbolic names are not resolved:
Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 192.168.1.7:59510 149.154.171.22:443 ESTABLISHED tcp 0 0 192.168.1.7:57318 13.70.5.200:443 ESTABLISHED ...
3. How can I display only TCP connections with netstat?
To filter and display only TCP connections, use the -t option:
netstat -t
This option shows active TCP connections:
Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 192.168.1.7:44236 152.195.11.6:https ESTABLISHED ...
4. How can I display only UDP connections?
To limit the output to UDP connections, use the -u option:
netstat -u
5. How do I show only listening sockets?
The -l option displays only listening sockets:
netstat -l
This produces output such as:
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 ansh:domain *:* LISTEN ...
6. How can I display process names and PIDs?
Use the -p option to show the process name and PID for each socket:
netstat -p
The additional information is displayed in the PID/Program name column:
Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 192.168.1.7:57318 13.70.5.200:https ESTABLISHED 3247/firefox ...
7. How do I print network statistics?
Display network statistics using the -s option:
netstat -s
This provides comprehensive protocol statistics:
Ip:
592215 total packets received
41 with invalid addresses
0 forwarded
...
8. How do I view the kernel routing table?
To display the kernel routing table, use the -r option:
netstat -r
This provides an output similar to:
Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface default 192.168.1.1 0.0.0.0 UG 0 0 0 wlx18a6f713679b ...
Note that netstat -r and route -e produce the same output.
Conclusion
The netstat command is a versatile and essential tool for networking tasks on Linux. Although we’ve covered many of its options, there’s more to explore in the netstat manual page.
FAQ
What is the netstat command used for?
The netstat command displays various network-related information such as open sockets, routing tables, and interface statistics.
Can I use netstat to display statistics?
Yes, by using the -s option, netstat can display statistics for each protocol.
How do I make netstat output numeric host addresses?
Use the -n option to display numeric host addresses rather than resolving them.
Is netstat available on systems other than Linux?
Yes, netstat is available on various Unix-like systems, but options and outputs can differ.