Scribd
Upload
19 views

Learning Linux Commands - Netstat

This document discusses the Linux netstat command which is used to display network connections, routing tables, interface statistics, and more. It provides descriptions of common netstat options like -i, -a, -l, -t, -n, -r, and -s and provides examples of how to use them to view listening ports, active connections, routing tables, and more.

Uploaded by

mancangkul
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
19 views

Learning Linux Commands - Netstat

This document discusses the Linux netstat command which is used to display network connections, routing tables, interface statistics, and more. It provides descriptions of common netstat options like -i, -a, -l, -t, -n, -r, and -s and provides examples of how to use them to view listening ports, active connections, routing tables, and more.

Uploaded by

mancangkul
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

Menu

Learning Linux Commands: netstat


8 February 2017 by Lubos Rendek

Introduction
netstat command is a useful command to reveal a network status of your system. It
allows a system administrator to keep track of any network connections by querying
their status, origin and destination.

Furthermore, netstat is the all-in-one networking monitoring tool as it can also be


used to display route tables, interface statistics, masquerade connections, as well as
multicast memberships. ss command is a future successor of the netstat command.

Frequently used options


Option Description

-i Display table of network interfaces

-a Show both listening and non-listening sockets

-e Display additional information

-l Show only listening sockets.

-s Display summary statistics for each protocol.


Option Description

-t Display TCP connections only

Show numerical addresses instead of trying to determine symbolic host,


-n
port or user names.

Usage
The following lines will get you up the speed with some most popular netstat’s
command line options.

For most of the functions an administrative privileges are required to execute the
netstat command:

$ su
Password:
# netstat

Execution of the netstat command without any options or arguments displays all
existing connections including their state, source address and local address.
Additionally, active UNIX domain sockets and relevant information such as inode
number and full path are part of the netstat’s default network reports.

The netstat’s -i option brings up a table listing all configured network interfaces on
the system:

# netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR
docker0 1500 0 0 0 0 0 0 0 0
enp0s25 1500 148 0 0 0 1 0 0 0
lo 65536 4752 0 0 0 4752 0 0 0
wlp3s0 1500 148377 0 1 0 135793 0 0 0
In case you prefer ifconfig’s format to provide you with a list all active network
interfaces, # netstat -ei can accommodate your needs with an identical output.

Another useful netstat’s command line options are -l and -t which are used displays
all currently listening TCP sockets, that is to show all connections with LISTEN . This
options might prove useful when performing a server hardening or firewall
configuration. Alternatively add -u option to also include UDP connections:

# netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ftp-data 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:ipp 0.0.0.0:* LISTEN
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:https 0.0.0.0:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 localhost:ipp [::]:* LISTEN
tcp6 0 0 localhost:smtp [::]:* LISTEN

The above command showed local sockets eg. localhost:smtp with a human readable
host name and service names. Using -n option this information is suppressed while
numeric information is shown instead. Compare the below netstat’s output with the
one above:

# netstat -ltn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:20 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
As already mentioned above the -l option only shows connections with the status
“LISTEN”. The following netstat command shows all active TCP connections
regardless of their status. To further enhance the above netstat command output, -p
option can be used to show a program bind to any particular socket. This information
may be useful to further harden your server and disable any unnecessary service. To
demonstrate what -p option is capable of first open eg. port 20 for listing with netcat
and list all connections with the “LISTEN” state and their relevant programs:

# netcat -l -p 20 &
[1] 8941
# netstat -tlnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:20 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN

Note that on the second line with socket 0.0.0.0:20 the netstat command also
revealed a program and PID bind to that this socket, which in this case is netcat with
PID 2891 .

Using the -a option one could possibly monitor the entire TCP network connection
handshake especially when coupled with -c option for a continuous listening.

# netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:20 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
tcp 1 0 10.1.1.8:36576 10.1.1.45:443 CLOSE_WAIT
tcp 0 0 10.1.1.8:60186 10.1.1.11:443 ESTABLI
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN

netstat command has a high number of options available to you disposal. Last two
common options covered by in this guide are -r and -s . The first option -r is used
to display a current system’s routing table.

# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt If
default gateway 0.0.0.0 UG 0 0 0 wl
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 wl
link-local 0.0.0.0 255.255.0.0 U 0 0 0 do
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 do

Once again the above output can be modified to suit your needs by -e and -n
command line options. The last -s option is used to show detailed statistics :

# netstat -s

Examples
Command Description

# netstat -st Show a TCP protocol specific summary

# netstat -r Display routing table

The equivalent to default ifconfig command to list all


# netstat -ie
active network interfaces

# netstat -antc Continuously monitor all TCP connection. use -u for UDP.

# netstat -ltp Display all open TCP ports along with PID and program.
Command Description

Show all SSH connection along with user name, program


# netstat -atep | grep ssh
and corresponding PID.

# netstat -atnep | grep Show all connection on port 443 along with user ID,
443 program and corresponding PID.

# netstat -s -w Display raw network statistics

Related Linux Tutorials:


How to add route on AlmaLinux
Best System Monitoring tool for Linux
Ubuntu 22.04 System Monitoring with Conky widgets
Linux basic health check commands
Linux Performance Optimization: Tools and Techniques
How to manipulate partition tables with fdisk, cfdisk and…
How to add static route with netplan on Ubuntu 22.04 Jammy…
Linux commands: Top 20 most important commands you need to…
An Introduction to Linux Automation, Tools and Techniques
How to manipulate gpt partition tables with gdisk and sgdisk…

System Administration
Hosting Django With Nginx and Gunicorn on Linux
How to mount USB drive on Kali Linux

Comments and Discussions


Start Discussion 0 replies

NEWSLETTER
Subscribe to Linux Career Newsletter to receive latest news, jobs, career advice and featured
configuration tutorials.

SUBSCRIBE

WRITE FOR US
LinuxConfig is looking for a technical writer(s) geared towards GNU/Linux and FLOSS
technologies. Your articles will feature various GNU/Linux configuration tutorials and FLOSS
technologies used in combination with GNU/Linux operating system.

When writing your articles you will be expected to be able to keep up with a technological
advancement regarding the above mentioned technical area of expertise. You will work
independently and be able to produce at minimum 2 technical articles a month.

APPLY NOW

TAGS

18.04 administration apache applications backup bash beginner browser centos

centos8 commands database debian desktop development docker error fedora

filesystem firewall gaming gnome Hardware installation java kali multimedia


networking nvidia programming python raspberrypi redhat rhel8 scripting security
server ssh storage terminal ubuntu ubuntu 20.04 virtualization webapp webserver

ABOUT US

FEATURED TUTORIALS
VIM tutorial for beginners

How to install the NVIDIA drivers on Ubuntu 20.04 Focal Fossa Linux

Bash Scripting Tutorial for Beginners

How to check CentOS version

How to find my IP address on Ubuntu 20.04 Focal Fossa Linux

Ubuntu 20.04 Remote Desktop Access from Windows 10

Howto mount USB drive in Linux

How to install missing ifconfig command on Debian Linux

AMD Radeon Ubuntu 20.04 Driver Installation

Ubuntu Static IP configuration

How to use bash array in a shell script

Linux IP forwarding – How to Disable/Enable

How to install Tweak Tool on Ubuntu 20.04 LTS Focal Fossa Linux

How to enable/disable firewall on Ubuntu 18.04 Bionic Beaver Linux

Netplan static IP on Ubuntu configuration

How to change from default to alternative Python version on Debian Linux

Set Kali root password and enable root login

How to Install Adobe Acrobat Reader on Ubuntu 20.04 Focal Fossa Linux

How to install the NVIDIA drivers on Ubuntu 18.04 Bionic Beaver Linux

How to check NVIDIA driver version on your Linux system

Nvidia RTX 3080 Ethereum Hashrate and Mining Overclock settings on HiveOS Linux
LATEST TUTORIALS
Setting Up Virtual Machines with QEMU, KVM, and Virt-Manager on Debian/Ubuntu

Ubuntu 24.04: Change timezone

Raspberry Pi Kali Linux headless setup

How to change username on Linux

Raspberry Pi as Minecraft Server

Setting Up GPT4All on Ubuntu/Debian Linux

Setting the Root Password on Ubuntu 24.04 Linux

Cloud Gaming with GeForce NOW on Ubuntu / Debian Linux

Setting the Hostname on Ubuntu 24.04

Setting a Static IP Address in Ubuntu 24.04 via the Command Line

Quick Guide to Enabling SSH on Ubuntu 24.04

Running Ubuntu 24.04 LTS on Docker

How to set battery charge thresholds on Linux

How to disable IPv6 on Linux

KDE Desktop installation on Ubuntu 24.04

Introduction to LVM thin provisioning

Ubuntu 24.04 LTS vs 22.04 LTS: A Comparison Guide and What’s New

Setting Up a LAMP Server on Ubuntu 24.04

How to create a backup with Proxmox backup client

Customizing and Utilizing History in the Shell

© 2024 TOSID Group Pty Ltd - LinuxConfig.org

You might also like