Linux Netstat Ultimate Guide

The netstat command is a command-line utility that allows users to view detailed information about the network connections on their system. This includes information about active connections, the protocol being used, and the local and remote addresses and port numbers. In this guide, we will provide a detailed explanation of how to use the netstat command and some examples of common usage scenarios.

How do use netat in Linux?

To use the netstat command, open a command prompt or terminal window and type the following:

netstat

This will display a list of active connections on your system, including the protocol being used (TCP or UDP), the local and remote address and port, and the connection state.

By default, the netstat command only displays active TCP connections. If you want to view active UDP connections instead, you can use the following syntax:

netstat -u

Or, if you want to view both TCP and UDP connections, you can use the following syntax:

netstat -a

Displaying Numeric Addresses and Port Numbers

By default, the netstat command translates addresses and port numbers to their corresponding hostnames and service names. For example, the address “127.0.0.1” would be displayed as “localhost” and the port number “80” would be displayed as “http”.

If you want to display the addresses and port numbers in their raw numerical form instead, you can use the -n flag. For example, the following syntax would display all active connections and show the addresses and port numbers in numerical form:

netstat -an

Each network connection on your system is associated with a specific process or program. The netstat command allows you to view the process ID (PID) and program name for each connection. To do this, you can use the -p flag.

For example, the following syntax would display all active TCP connections and show the PID and program name for each connection:

netstat -tp

Displaying Listening Ports

In addition to displaying active connections, the netstat command can also be used to display a list of ports that are being listened to by programs on your system. This can be useful for identifying which programs are listening for incoming connections and on which ports they are listening.

To display a list of listening ports, you can use the -l flag. For example, the following syntax would display a list of all TCP and UDP ports that are being listened to on your system:

netstat -an | find "LISTENING" 

Displaying Network Statistics

The netstat command can also be used to display various statistics about the network connections on your system. This includes information such as the total number of packets and bytes sent and received, the number of failed connection attempts, and the number of active connections.

To display network statistics, you can use the -s flag. For example, the following syntax would display statistics for all TCP connections:

netstat -s

Or, if you want to display statistics for UDP connections instead, you can use the following syntax:

netstat -us

The following command would print out all active TCP connections, displaying the addresses and port numbers in numerical form and showing the PID and program name for each connection:

netstat -atn -p

Additional Options

There are many additional options and flags that can be used with the netstat command. Some of the more useful ones include:

The -i flag can be used to display a list of network interfaces on the system and some statistics about their usage, such as the number of packets and bytes sent and received.

The -c flag can be used to make the netstat command display a continuous listing of connections. This can be useful for monitoring network activity in real-time.

The -o flag can be used to display the owning process ID (PID) for each connection. This can be useful for identifying which process is responsible for a specific connection.

The -f flag can be used to display the fully qualified domain name (FQDN) for each address instead of just the hostname.The -r flag can be used to display the kernel routing table, which shows the routes that are currently in use by the system for directing network packets to their destination.

For a complete list of all available options and flags for the netstat command, you can run the following command:

netstat --help

This will display a list of all available options and a brief description of each one.

Conclusion

In this guide, we have provided a detailed explanation of how to use the netstat command to view information about network connections on your system. We have also discussed some of the most useful options and flags that can be used with the netstat command, along with some examples of common usage scenarios. By using the netstat command and its various options and flags, you can gain valuable insights into the network activity on your system and identify potential issues or areas for improvement.