Skip to main content

Netstat Command & Examples : View Monitor Network Statistics and Configurations In Linux


Netstat is a command line tool that is used to view and monitor network statistics and configurations of a system. This tool is available on both Unix, Linux and Windows NT-based operating systems.
Below are some of the activities that can be carried out using this tool
  • View network connections
  • View routing tables
  • View network interface statistics
  • View masquerade connections
  • View multicast memberships
Netstat is a very powerful tool that can be used for network troubleshooting and network performance measuring purposes.

Below are some of the basic commands of netstat tool



1) Listing all the sockets

This displays details of all the sockets, including open and close sockets in the following format

Proto - Protocol
RefCnt - Reference Count : number of attached processes connected via this socket
Flags - Flag type
Type – Network socket type
State - State of the socket
I-Node - Inode of the socket
Path - Path of the socket

Command : netstat -a

Sample output :
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     15365    /var/run/docker.sock
unix  2      [ ACC ]     STREAM     LISTENING     22352    @/tmp/.ICE-unix/4060
unix  2      [ ACC ]     STREAM     LISTENING     10523    /var/run/acpid.socket
unix  2      [ ACC ]     STREAM     LISTENING     21843    /tmp/ssh-8rfNCLtCuWbJ/agent.4000
unix  2      [ ACC ]     STREAM     LISTENING     13073    /var/run/samba/winbindd/pipe

2) Listing all TCP port connections



This displays details of all the TCP sockets, including open and close sockets in the same format.

Command : netstat -at

Sample output :
Active Internet connections (servers and established)
Proto  Recv-Q    Send-Q    Local Address        Foreign Address              State
tcp          0           0         localhost:ipp            *:*                         LISTEN
tcp           0           0        *:microsoft-ds          *:*                         LISTEN
tcp          0           0         *:netbios-ssn           *:*                         LISTEN
tcp          0           0         ubuntu:domain         *:*                         LISTEN
tcp6        0           0         ip6-localhost:ipp       [::]:*                      LISTEN
tcp6        0           0        [::]:microsoft-ds        [::]:*                      LISTEN
tcp6        0           0        [::]:netbios-ssn         [::]:*                      LISTEN
tcp6         1           0       ip6-localhost:34871     ip6-localhost:ipp     CLOSE_WAIT

3) Listing all UDP port connections

This displays details of all the UDP sockets, including open and close sockets in the same format.

Command : netstat -au

Sample Output :
Active Internet connections (servers and established)
Proto    Recv-Q    Send-Q     Local Address                     Foreign Address     State
udp         0            0              *:59865                              *:*
udp         0            0              ubuntu:domain                    *:*
udp         0            0              *:bootpc                             *:*
udp         0            0              *:32333                              *:*
udp         0            0              *:ipp                                   *:*
udp         0            0              192.168.64.2:netbios-ns       *:*
udp         0            0              192.168.64.1:netbios-ns       *:*
udp         0            0              172.17.255.2:netbios-ns        *:*
udp         0           0              172.17.0.1:netbios-ns            *:*

4) Listing all connections in ‘LISTEN’ state

This displays details of all the listening sockets in the same format.

Command : netstat -l

Sample output : 
Proto  Recv-Q    Send-Q    Local Address              Foreign Address     State
tcp    0           0         localhost:ipp              *:*                 LISTEN
tcp            0           0           *:microsoft-ds            *:*                 LISTEN
tcp           0           0           *:netbios-ssn              *:*                 LISTEN
tcp           0           0           ubuntu:domain           *:*                 LISTEN
tcp6         0           0           ip6-localhost:ipp          [::]:*              LISTEN
tcp6         0           0           [::]:microsoft-ds          [::]:*              LISTEN
tcp6         0           0           [::]:netbios-ssn          [::]:*              LISTEN

5) Display the routing table



This prints out kernel routing information in below format
Destination - Destination Address
Gateway – Gateway Address
Genmask - Netmask corresponding to the network
Flag - To provide specific information about the route (U-route is up , G - Communication for this network should be sent via the gateway)
MSS – Maximum Segment size
Window – TCP Window size
Irtt – Initial round trip time
Iface – Interface

Command : netstat -r

Sample Output :
Kernel IP routing table
Destination    Gateway           Genmask          Flags    MSS     Window  irtt    Iface
default          192.168.64.2      0.0.0.0              UG       0           0         0       eth0
172.17.0.0          *                255.255.0.0        U        0           0         0       docker0
192.168.64.0    *                255.255.255.0     U        0           0         0       eth0

6) Display network interfaces

This prints out information about network interfaces in following format
Iface – Interface
MTU – Maximum Transmission Unit
Met – Metric value for the interface
RX-OK - Number of error free packets received
RX-ERR – Number of packets received with errors
RX-DRP – Number of dropped packets when receiving
RX-OVR – Number of packets lost due to the overflow when receiving
TX-OK - Number of error free packets transmitted
RX-ERR – Number of transmitted packets with errors
RX-DRP – Number of dropped packets when transmitting
RX-OVR – Number of packets lost due to the overflow when transmitting
Flg – Flag

Command : netstat -i

Sample Output :
Kernel Interface table
Iface        MTU    Met RX-OK   RX-ERR  RX-DRP  RX-OVR  TX-OK   TX-ERR  TX-DRP  TX-OVR  Flg
docker0    1500    0   0              0           0        0            0          0           0          0          BMU
eth0         1500    0   36774       0          0        0            20917    0          0          0          BMRU
lo             65536  0   7246         0          0        0            7246      0          0          0          LRU

7) Continuous monitoring

This command outputs socket connections continuously, so this is useful for continuous network monitoring.

Command : netstat -c

Sample output :
unix 3 [ ] STREAM CONNECTED 24655
unix 3 [ ] STREAM CONNECTED 22456
unix 3 [ ] STREAM CONNECTED 22227 @/tmp/.X11-unix/X0
unix 2 [ ] DGRAM            16819
unix 3 [ ] STREAM CONNECTED 13848 /var/run/dbus/system_bus_socket

8) Display multicast group information

This displays multicast group information for both IPV4 and IPV6 in following format
Interface - Network interface
RefCnt – Reference Count : number of attached processes connected via this socket
Group – Multicast group

Command : netstat -g

Sample output :
IPv6/IPv4 Group Memberships
Interface       RefCnt     Group
--------------- ------ ---------------------
lo                   1         all-systems.mcast.net
eth0                1           224.0.0.251
eth0                1           all-systems.mcast.net
docker0           1           224.0.0.251
docker0           1           all-systems.mcast.net
lo                    1           ip6-allnodes
lo                    1           ff01::1
eth0                1           ff02::fb
eth0                1           ff02::1:ff6a:275b
eth0                1           ip6-allnodes
eth0                1           ff01::1
docker0           1           ip6-allnodes
docker0           1           ff01::1
Below are some of bit more advanced and miscellaneous commands of netstat tool



9) Listing active connection on a given port

Following command displays details about connections established through the port 80. These details include protocol , source and destination addresses and the connection status.

Command : netstat -anp | grep :80 | grep ESTABLISHED

Sample output :
tcp 0 0 192.168.64.129:51548 74.125.204.106:80  ESTABLISHED 8418/firefox
tcp 0 0 192.168.64.129:44365 172.217.194.101:80 ESTABLISHED 8418/firefox
tcp 0 0 192.168.64.129:51547 74.125.204.106:80  ESTABLISHED 8418/firefox

10) List number of different connection types

Following command displays the number connections of different types of state that is in the machine sorted in ascending order

Command : netstat -ant | awk '{print $6}' | sort | uniq -c | sort -n

Sample Output :
1 CLOSE_WAIT
1 established)
1 Foreign
7 LISTEN

11) Display services listening to a given port

This shows details on the services listening to the port 53 , such as the process id of the service and service name

Command : netstat -ltnp | grep ':53'

Sample output :
tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN 1488/dnsmasq

12) List Non supportive address families



At the bottom of the output of the following command, details on the non-supportive address families in the machine is displayed.

Command : netstat --verbose

Sample output :
netstat: no support for `AF IPX' on this system.
netstat: no support for `AF AX25' on this system.
netstat: no support for `AF X25' on this system.
netstat: no support for `AF NETROM' on this system.

13) Find out on which port a service is running

This is used to find out the details of the ports that ‘SSH’ service is listening to along with details on the ssh service itself

Command : netstat -ap | grep ssh

Sample output :
unix 2 [ ACC ] STREAM LISTENING 21843 4004/ssh-agent /tmp/ssh-8rfNCLtCuWbJ/agent.4000
unix 2 [ ACC ] STREAM LISTENING 22603 3927/gnome-keyring- /run/user/1000/keyring-SC0TKd/ssh
'man Netstat' Command
  • man command is used to view the manual page of a command and here it displays the manual page of the netstat command. It list out all the usage options that are available for this command with explanations and example.  
     
    Command : man netstat 
     
    Sample output : 
    DESCRIPTION
       Netstat  prints  information about the Linux networking subsystem.  The
       type of information printed is controlled by  the  first  argument,  as
       follows:

   (none)
       By  default,  netstat  displays  a  list of open sockets.  If you don't
       specify any address families, then the active sockets of all configured
       address families will be printed.

   --route , -r
       Display  the kernel routing tables. See the description in route(8) for
       details.  netstat -r and route -e produce the same output.

   --groups , -g
       Display multicast group membership information for IPv4 and IPv6.

   --interfaces, -i
       Display a table of all network interfaces.

   --masquerade , -M
       Display a list of masqueraded connections.

   --statistics , -s
       Display summary statistics for each protocol.
     


In this tutorial we learned how to use netstat command in linux. Hope you enjoyed reading and please leave your suggestion in the below comment section.
Labels:

Comments

Post a Comment

Popular posts from this blog

How to Speedup your WordPress site with Amazon CloudFront.

Introduction A WordPress performance is quite excellent . The number of WordPress plugins to handle performance is such evidence. But the easiest way to improve your user experience is to accelerate the entire WordPress website using CloudFront. This will help you not only improve site response time reduces the necessary infrastructure, reducing the load on the Web server, so you can reduce the total cost of the infrastructure works WordPress. CloudFront is actually a site can greatly help your site to respond to unexpected load when gained popularity. Today this post is to clarify the method of providing a reasonable standard configuration on the WordPress website or blog. How does CloudFront help? Amazon CloudFront is to improve the user's experience accessing the Web site in several ways: 1.  Anycast DNS is to ensure that customers are routed to the nearest edge location. 2.  The cached content is available to users at the edge position (i
100 comments
Read more

Linux System : Free Employee Monitoring with Automatic Screenshots

Introduction :   A utomatic screen-shots  of Linux system directly import  on your web server with Linux samba server service and scrot command. 1)  Setup web panel UI on your web server :   Get web panel PHP/HTML code from Github URL: https://github.com/raj412/Employee-Monitoring-for-Linux-System It’s work in Linux server LAMP environment(no need database for this configuration ) Defult login username password is admin/1234. You can change username/passwrod from login.php file in line number #6 Login Page : Dashboard : Screenshot Page : 2)  Samba server configuration on web server : I.  Install Samba on your server where you setup Linux screenshot log system web panel. sudo apt-get update sudo apt-get install samba II.  Set a password for your user in Samba sudo smbpasswd -a <user_name> III.  Share gallery-images folder from you web panel. This is my web panel gallery-images p
Post a Comment
Read more

How to control high traffic load on Apache servers : optimization performance of APACHE2 & PHP-FPM

Everyone handle high traffic loads  on Apache server. During down-time they forget to check server memory . Apache not used lot of memory  still server not responding. All time we restart Apache service and all things will start working good. I also faced same issue numerous time and all-time  used same solution : Restart Apache. After lots of research and reading found one solution. In this blog you see step-by-step guide to apache2 performance settings. System environment: Intel(R) Xeon(R) CPU 3.10GHz, 4 cores | 8GB RAM Ubuntu 16.04 Apache2 version using mpm_event PHP FPM (5.6,7.1) First,  Calculate process size : Download : python script file “ps_mem.py” from Github Open this and ps_mem.py file upload on you server :  https://github.com/raj412/ps_mem chmod a+x ps_mem.py sudo python ps_mem.py Output like this:  See here : 12 Apache processes, consuming a total of  35.7MiB, so each Apache process is using roughly 3MiB of RAM. The 42 php-fpm process u
8 comments
Read more