Linux is a vast operating system that offers a plethora of powerful commands and utilities for users to explore. One such command is the netstat command, which can be an invaluable tool for network troubleshooting and gaining insight into server connections.
In this blog, I will introduce you to ten of my favorite uses of the netstat command, providing detailed explanations of each command’s syntax and a sample output. If you are an avid Linux user like me, always looking to improve your skills, this article is a must-read!
What is netstat?
Before diving deep, it’s essential to get a basic idea. netstat stands for ‘Network Statistics’. It’s a command-line tool that provides information concerning network connections, routing tables, interface statistics, masquerade connections, and more.
To install netstat on different Linux distros, you can use the following commands:
Debian/Ubuntu
sudo apt install net-tools
Red Hat/CentOS
sudo yum install net-tools
Fedora
sudo dnf install net-tools
Arch Linux
sudo pacman -S net-tools
OpenSUSE
sudo zypper in net-tools
Once installed, you can verify the installation by running the following command:
netstat --version
This will show you the version of netstat that is installed on your system.
Example:
$ netstat --version netstat (Linux) 8.60
Let’s go on the main course now!
Top 10 netstat commands to use in Linux networking
1. Display all active connections
Syntax: netstat -a
Using this command, you can see all the active connections on your server. It covers both TCP and UDP connections.
Output:
Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 localhost:domain *:* LISTEN tcp 0 0 server.example.com:ssh client.example.com:4942 ESTABLISHED udp 0 0 localhost:domain *:*
2. Show network services and their active ports
Syntax: netstat -tuln
This is one of those commands I frequently use. It displays the TCP and UDP ports on which the computer is listening and the corresponding service names.
Output:
Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN udp 0 0 0.0.0.0:53 0.0.0.0:*
3. Show listening TCP ports
Syntax: netstat -tln
If you’re specifically interested in TCP ports, this is your command. It’s more refined than the previous one.
Output:
Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
4. Show listening UDP ports
Syntax: netstat -uln
Similarly, for those keen on understanding the active UDP ports, this command is a gem.
Output:
Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 0.0.0.0:53 0.0.0.0:*
5. Display network interfaces and their statistics
Syntax: netstat -i
It’s always interesting to see statistics about the network interfaces. You would get details like packets received and sent, errors, and much more.
Output:
Kernel Interface table Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 329624 13 13 0 239170 0 0 0 BMRU lo 65536 35277 0 0 0 35277 0 0 0 LRU
6. Display the kernel routing table
Syntax: netstat -rn
Now, this is something for the more advanced users. The kernel routing table provides an in-depth perspective on how packets are routed through the network.
Output:
Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
7. Show network statistics
Syntax: netstat -s
This command presents you with an assortment of statistics about the system’s network activity. It’s a comprehensive overview that I occasionally dive into when I want to understand the nuances.
Output:
Ip:
52711 total packets received
0 forwarded
0 incoming packets discarded
52689 incoming packets delivered
32082 requests sent out
8. Display multicast group information
Syntax: netstat -g
If you’re working with multicast groups, this is a great command to see the memberships of interfaces in those groups.
Output:
IPv6/IPv4 Group Memberships Interface RefCnt Group --------------- ------ --------------------- lo 1 all-systems.mcast.net eth0 1 all-systems.mcast.net
9. Continuous monitoring of network statistics
Syntax: netstat -c
Continuous monitoring is like having a live dashboard. Especially useful during troubleshooting or when observing changes in real-time.
10. Find the process using a port
Syntax: netstat -tulpn | grep :[port-number]
Being able to tie a port to a specific process is incredibly beneficial, especially when identifying potential security risks.
Output (For port 22):
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1234/sshd
Netstat command usage in Linux summary
| Usage | Command | Sample Output (abbreviated) |
|---|---|---|
| Display All Active Connections | netstat -a |
tcp 0 0 localhost:domain *:* LISTEN |
| Show Network Services and their Active Ports | netstat -tuln |
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN |
| Show Listening TCP Ports | netstat -tln |
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN |
| Show Listening UDP Ports | netstat -uln |
udp 0 0 0.0.0.0:53 0.0.0.0:* |
| Display Network Interfaces and their Statistics | netstat -i |
eth0 1500 329624 13 13 0 239170 0 0 0 BMRU |
| Display the Kernel Routing Table | netstat -rn |
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 |
| Show Network Statistics | netstat -s |
Ip: 52711 total packets received |
| Display Multicast Group Information | netstat -g |
eth0 1 all-systems.mcast.net |
| Continuous Monitoring of Network Statistics | netstat -c |
Continuous updates every second. |
| Find the Process using a Port | netstat -tulpn | grep :[port-number] |
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1234/sshd |
Frequently Asked Questions (FAQs) about netstat in Linux
Having discussed the ten interesting usages of the netstat command, I’ve also come across numerous questions from beginners and enthusiasts alike. Here, I’ve compiled some of the most commonly asked questions and provided brief answers to each. These might help you consolidate your understanding of netstat and its various functionalities.
1. What is the primary purpose of the netstat command?
netstat stands for ‘Network Statistics’. It’s a versatile command-line tool in Linux used to display various network-related information like active connections, routing tables, interface statistics, and more.
2. Is netstat available by default on all Linux distributions?
Most Linux distributions come with netstat pre-installed as part of the net-tools package. However, in some newer distributions, you might need to install it manually.
3. Are there alternatives to the netstat command?
Yes, there are alternatives. One of the most popular ones is ss. In fact, in some modern Linux distributions, ss is recommended over netstat. However, my personal liking leans towards netstat due to its comprehensive output and familiarity.
4. How can I get more detailed information about a specific netstat option?
The man pages in Linux are always a treasure trove of information. Simply run:
man netstat
This command will provide you with an in-depth overview of netstat and all its options.
5. Sometimes netstat outputs are too lengthy. How can I filter the results?
You can always pipe the output of netstat to grep to search for specific terms. For example, if you’re looking for information related to port 80, you can use:
netstat -tuln | grep :80
6. Is netstat only available on Linux?
No, netstat is available on most Unix-like operating systems, including macOS and some versions of Windows (though its functionality and options might differ slightly).
Wrapping up
If you’re a Linux enthusiast or professional, you’re probably already familiar with the netstat command. This powerful tool offers a wide range of uses, making it an essential part of any Linux user’s toolkit. One of the most popular applications of netstat is to show active ports and network statistics. These commands can be used to monitor network traffic, troubleshoot connection issues, and more. However, it’s worth noting that every netstat command has its own unique moment of relevance depending on the context. That’s why it’s so important to explore the full range of commands available to you. By doing so, you’ll be equipped to handle a variety of situations and use netstat to its fullest potential. So, dive in and start exploring – you never know what you might discover!
