Using netstat
Introduction
The netstat command is a powerful networking tool used to display network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. It's available on Unix-like operating systems, including Linux, and Windows.
Basic netstat Command
To see the basic usage of netstat, simply type the command without any options:
netstat
This will display a list of active connections and their states.
Viewing Listening Ports
To display all listening ports, use the -l option:
netstat -l
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:http *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
Displaying Numerical Addresses
To display numerical addresses instead of resolving hostnames, use the -n option:
netstat -n
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.1.2:80 192.168.1.1:34567 ESTABLISHED
tcp 0 0 192.168.1.2:22 192.168.1.3:12345 ESTABLISHED
Displaying Routing Tables
To display the kernel routing tables, use the -r option:
netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
Displaying Interface Statistics
To display statistics for each network interface, use the -i option:
netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 12345 0 0 0 6789 0 0 0 BMRU
lo 65536 6789 0 0 0 6789 0 0 0 LRU
Displaying All Connections
To display all connections including TCP, UDP, and Unix socket connections, use the -a option:
netstat -a
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:http *:* LISTEN
tcp 0 0 192.168.1.2:80 192.168.1.1:34567 ESTABLISHED
udp 0 0 *:domain *:*
unix 2 [ ACC ] STREAM LISTENING 12345 /run/systemd/journal/stdout
Conclusion
The netstat command is an essential tool for network troubleshooting and monitoring. By understanding and using its various options, you can gain valuable insights into your network's performance and behavior.