Skip to main content

Netstat Command & Examples : View Monitor Network Statistics and Configurations In Linux


Netstat is a command line tool that is used to view and monitor network statistics and configurations of a system. This tool is available on both Unix, Linux and Windows NT-based operating systems.
Below are some of the activities that can be carried out using this tool
  • View network connections
  • View routing tables
  • View network interface statistics
  • View masquerade connections
  • View multicast memberships
Netstat is a very powerful tool that can be used for network troubleshooting and network performance measuring purposes.

Below are some of the basic commands of netstat tool



1) Listing all the sockets

This displays details of all the sockets, including open and close sockets in the following format

Proto - Protocol
RefCnt - Reference Count : number of attached processes connected via this socket
Flags - Flag type
Type – Network socket type
State - State of the socket
I-Node - Inode of the socket
Path - Path of the socket

Command : netstat -a

Sample output :
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     15365    /var/run/docker.sock
unix  2      [ ACC ]     STREAM     LISTENING     22352    @/tmp/.ICE-unix/4060
unix  2      [ ACC ]     STREAM     LISTENING     10523    /var/run/acpid.socket
unix  2      [ ACC ]     STREAM     LISTENING     21843    /tmp/ssh-8rfNCLtCuWbJ/agent.4000
unix  2      [ ACC ]     STREAM     LISTENING     13073    /var/run/samba/winbindd/pipe

2) Listing all TCP port connections



This displays details of all the TCP sockets, including open and close sockets in the same format.

Command : netstat -at

Sample output :
Active Internet connections (servers and established)
Proto  Recv-Q    Send-Q    Local Address        Foreign Address              State
tcp          0           0         localhost:ipp            *:*                         LISTEN
tcp           0           0        *:microsoft-ds          *:*                         LISTEN
tcp          0           0         *:netbios-ssn           *:*                         LISTEN
tcp          0           0         ubuntu:domain         *:*                         LISTEN
tcp6        0           0         ip6-localhost:ipp       [::]:*                      LISTEN
tcp6        0           0        [::]:microsoft-ds        [::]:*                      LISTEN
tcp6        0           0        [::]:netbios-ssn         [::]:*                      LISTEN
tcp6         1           0       ip6-localhost:34871     ip6-localhost:ipp     CLOSE_WAIT

3) Listing all UDP port connections

This displays details of all the UDP sockets, including open and close sockets in the same format.

Command : netstat -au

Sample Output :
Active Internet connections (servers and established)
Proto    Recv-Q    Send-Q     Local Address                     Foreign Address     State
udp         0            0              *:59865                              *:*
udp         0            0              ubuntu:domain                    *:*
udp         0            0              *:bootpc                             *:*
udp         0            0              *:32333                              *:*
udp         0            0              *:ipp                                   *:*
udp         0            0              192.168.64.2:netbios-ns       *:*
udp         0            0              192.168.64.1:netbios-ns       *:*
udp         0            0              172.17.255.2:netbios-ns        *:*
udp         0           0              172.17.0.1:netbios-ns            *:*

4) Listing all connections in ‘LISTEN’ state

This displays details of all the listening sockets in the same format.

Command : netstat -l

Sample output : 
Proto  Recv-Q    Send-Q    Local Address              Foreign Address     State
tcp    0           0         localhost:ipp              *:*                 LISTEN
tcp            0           0           *:microsoft-ds            *:*                 LISTEN
tcp           0           0           *:netbios-ssn              *:*                 LISTEN
tcp           0           0           ubuntu:domain           *:*                 LISTEN
tcp6         0           0           ip6-localhost:ipp          [::]:*              LISTEN
tcp6         0           0           [::]:microsoft-ds          [::]:*              LISTEN
tcp6         0           0           [::]:netbios-ssn          [::]:*              LISTEN

5) Display the routing table



This prints out kernel routing information in below format
Destination - Destination Address
Gateway – Gateway Address
Genmask - Netmask corresponding to the network
Flag - To provide specific information about the route (U-route is up , G - Communication for this network should be sent via the gateway)
MSS – Maximum Segment size
Window – TCP Window size
Irtt – Initial round trip time
Iface – Interface

Command : netstat -r

Sample Output :
Kernel IP routing table
Destination    Gateway           Genmask          Flags    MSS     Window  irtt    Iface
default          192.168.64.2      0.0.0.0              UG       0           0         0       eth0
172.17.0.0          *                255.255.0.0        U        0           0         0       docker0
192.168.64.0    *                255.255.255.0     U        0           0         0       eth0

6) Display network interfaces

This prints out information about network interfaces in following format
Iface – Interface
MTU – Maximum Transmission Unit
Met – Metric value for the interface
RX-OK - Number of error free packets received
RX-ERR – Number of packets received with errors
RX-DRP – Number of dropped packets when receiving
RX-OVR – Number of packets lost due to the overflow when receiving
TX-OK - Number of error free packets transmitted
RX-ERR – Number of transmitted packets with errors
RX-DRP – Number of dropped packets when transmitting
RX-OVR – Number of packets lost due to the overflow when transmitting
Flg – Flag

Command : netstat -i

Sample Output :
Kernel Interface table
Iface        MTU    Met RX-OK   RX-ERR  RX-DRP  RX-OVR  TX-OK   TX-ERR  TX-DRP  TX-OVR  Flg
docker0    1500    0   0              0           0        0            0          0           0          0          BMU
eth0         1500    0   36774       0          0        0            20917    0          0          0          BMRU
lo             65536  0   7246         0          0        0            7246      0          0          0          LRU

7) Continuous monitoring

This command outputs socket connections continuously, so this is useful for continuous network monitoring.

Command : netstat -c

Sample output :
unix 3 [ ] STREAM CONNECTED 24655
unix 3 [ ] STREAM CONNECTED 22456
unix 3 [ ] STREAM CONNECTED 22227 @/tmp/.X11-unix/X0
unix 2 [ ] DGRAM            16819
unix 3 [ ] STREAM CONNECTED 13848 /var/run/dbus/system_bus_socket

8) Display multicast group information

This displays multicast group information for both IPV4 and IPV6 in following format
Interface - Network interface
RefCnt – Reference Count : number of attached processes connected via this socket
Group – Multicast group

Command : netstat -g

Sample output :
IPv6/IPv4 Group Memberships
Interface       RefCnt     Group
--------------- ------ ---------------------
lo                   1         all-systems.mcast.net
eth0                1           224.0.0.251
eth0                1           all-systems.mcast.net
docker0           1           224.0.0.251
docker0           1           all-systems.mcast.net
lo                    1           ip6-allnodes
lo                    1           ff01::1
eth0                1           ff02::fb
eth0                1           ff02::1:ff6a:275b
eth0                1           ip6-allnodes
eth0                1           ff01::1
docker0           1           ip6-allnodes
docker0           1           ff01::1
Below are some of bit more advanced and miscellaneous commands of netstat tool



9) Listing active connection on a given port

Following command displays details about connections established through the port 80. These details include protocol , source and destination addresses and the connection status.

Command : netstat -anp | grep :80 | grep ESTABLISHED

Sample output :
tcp 0 0 192.168.64.129:51548 74.125.204.106:80  ESTABLISHED 8418/firefox
tcp 0 0 192.168.64.129:44365 172.217.194.101:80 ESTABLISHED 8418/firefox
tcp 0 0 192.168.64.129:51547 74.125.204.106:80  ESTABLISHED 8418/firefox

10) List number of different connection types

Following command displays the number connections of different types of state that is in the machine sorted in ascending order

Command : netstat -ant | awk '{print $6}' | sort | uniq -c | sort -n

Sample Output :
1 CLOSE_WAIT
1 established)
1 Foreign
7 LISTEN

11) Display services listening to a given port

This shows details on the services listening to the port 53 , such as the process id of the service and service name

Command : netstat -ltnp | grep ':53'

Sample output :
tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN 1488/dnsmasq

12) List Non supportive address families



At the bottom of the output of the following command, details on the non-supportive address families in the machine is displayed.

Command : netstat --verbose

Sample output :
netstat: no support for `AF IPX' on this system.
netstat: no support for `AF AX25' on this system.
netstat: no support for `AF X25' on this system.
netstat: no support for `AF NETROM' on this system.

13) Find out on which port a service is running

This is used to find out the details of the ports that ‘SSH’ service is listening to along with details on the ssh service itself

Command : netstat -ap | grep ssh

Sample output :
unix 2 [ ACC ] STREAM LISTENING 21843 4004/ssh-agent /tmp/ssh-8rfNCLtCuWbJ/agent.4000
unix 2 [ ACC ] STREAM LISTENING 22603 3927/gnome-keyring- /run/user/1000/keyring-SC0TKd/ssh
'man Netstat' Command
  • man command is used to view the manual page of a command and here it displays the manual page of the netstat command. It list out all the usage options that are available for this command with explanations and example.  
     
    Command : man netstat 
     
    Sample output : 
    DESCRIPTION
       Netstat  prints  information about the Linux networking subsystem.  The
       type of information printed is controlled by  the  first  argument,  as
       follows:

   (none)
       By  default,  netstat  displays  a  list of open sockets.  If you don't
       specify any address families, then the active sockets of all configured
       address families will be printed.

   --route , -r
       Display  the kernel routing tables. See the description in route(8) for
       details.  netstat -r and route -e produce the same output.

   --groups , -g
       Display multicast group membership information for IPv4 and IPv6.

   --interfaces, -i
       Display a table of all network interfaces.

   --masquerade , -M
       Display a list of masqueraded connections.

   --statistics , -s
       Display summary statistics for each protocol.
     


In this tutorial we learned how to use netstat command in linux. Hope you enjoyed reading and please leave your suggestion in the below comment section.
Labels:

Comments

Post a Comment

Popular posts from this blog

Apt-fast for Increasing Download Speed while Installing and Updating Packages Ubuntu/Debian [Beginners Guide]

Have you ever experienced slow download speed when downloading or updating packages in Ubuntu even when your network connection is running fine? You encounter this issue especially when updating and installing packages for the first time after installing a new Ubuntu/Debian OS. However, there is a way to get around this by speeding up the download speed using apt-fast command in Linux. Apt-fast is a shell script wrapper for “apt-get” and “aptitude” that uses the power of either  axel  or  aria 2  download managers to accelerate the download process. It improves download performance by downloading packages simultaneously in parallel with multiple packages per connection. In this article, we will walk through some steps to install apt-fast in order to accelerate the update and downloading process in Ubuntu. We will use Ubuntu 18.04 LTS for describing the procedure mentioned in this article.   Step 1: Installing prerequisites We need to install...
Post a Comment
Read more

What is a CDN ? How Does a content delivery network Work?

I ntroduction. Latest Web sites and applications often need to provide   amount of static content to end users. This content includes images, style sheets, JavaScript, and video. The increase in the number of static assets and the increase grows the bandwidth usage increases page load time decreased, depending on the size of the user's search experience, and reduce the usable capacity of the server. Dramatically improving performance, reducing the page load time   reduce the bandwidth and infrastructure costs, you can implement a content delivery network,  And  CDN cache these assets at a set of servers that are geographically distributed. What is a CDN? Content delivery network is a group of servers distributed geographically optimized to provide static content to end users. While this static content can be almost any type of data, CDNs are most commonly used to deliver web pages and related files, streaming video and audio, and large softwar...
Post a Comment
Read more

How To Install PHP 7.4 and PHP 7.3 ON Ubuntu 18.04/19.04/16.04

How to Install PHP 7.4 / PHP 7.3 on Ubuntu?. This guide will help you Install PHP 7.4 / PHP 7.3 on Ubuntu 18 / Ubuntu 16 /  Ubuntu 19 . PHP is an open-source server-side scripting language which has been widely adopted for the creation of dynamic web pages. PHP is secure, fast, simple, efficient, flexible and a loosely typed scripting language. The PHP release 7.4.0 has been made available for the general public and for use in Production environments. How to install PHP 7.4 on Ubuntu 18.04 / Ubuntu 19.04 / Ubuntu 16.04 Step 1: Add PHP 7.4 PPA Repository We’ll add ppa:ondrej/php PPA repository which has the latest build packages of PHP. sudo apt-get update sudo apt -y install software-properties-common sudo add-apt-repository ppa:ondrej/php sudo apt-get update Step 2: Install PHP 7.4 on Ubuntu 18/ Ubuntu 19/ Ubuntu 16 Install PHP 7.4 on Ubuntu 18.04/19.04/16.04 using the command: sudo apt -y install php7.4 Check version inst...
Post a Comment
Read more