The netstat command prints information about the UNIX and Linux networking subsystem such as the network connections, routing tables, masquerade connections, multicast memberships plus many more.
In this article, let’s review some of the netstat tips and tricks.
List Ports
List all open IPv4 and IPv6 ports.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# netstat -a Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:http *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 builder:ssh anfield:3544 ESTABLISHED tcp6 0 0 [::]:ssh [::]:* LISTEN udp 0 0 *:bootpc *:* udp 0 0 *:nfs *:* udp6 0 0 [::]:nfs [::]:* Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 8521 /tmp/.X11-unix/X0 unix 2 [ ACC ] SEQPACKET LISTENING 6945 /run/udev/control |
List all TCP ports.
|
1 2 3 4 5 6 7 |
# netstat -ta Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:http *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 builder:ssh anfield:3544 ESTABLISHED tcp6 0 0 [::]:ssh [::]:* LISTEN |
List all IPv4 TCP ports.
|
1 2 3 4 5 6 |
# netstat -ta -4 Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:http *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 builder:ssh anfield:3544 ESTABLISHED |
List all IPv6 TCP ports.
|
1 2 3 4 |
# netstat -ta -6 Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp6 0 0 [::]:ssh [::]:* LISTEN |
List all UDP ports.
|
1 2 3 4 5 6 |
# netstat -ua Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 *:bootpc *:* udp 0 0 *:nfs *:* udp6 0 0 [::]:nfs [::]:* |
List all IPv4 UDP ports.
|
1 2 3 4 5 |
# netstat -ua -4 Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 *:bootpc *:* udp 0 0 *:nfs *:* |
List all IPv6 UDP ports.
|
1 2 3 4 |
# netstat -ua -6 Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State udp6 0 0 [::]:nfs [::]:* |
List Ports in Specific State
List only listening ports. Append the commands with “-4” or “-6” option as shown in the previous examples to filter for IPv4 or IPv6 ports.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
# netstat -l Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:http *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp6 0 0 [::]:ssh [::]:* LISTEN udp 0 0 *:bootpc *:* udp 0 0 *:nfs *:* udp6 0 0 [::]:nfs [::]:* Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 8521 /tmp/.X11-unix/X0 unix 2 [ ACC ] SEQPACKET LISTENING 6945 /run/udev/control |
List only listening TCP ports.
|
1 2 3 4 5 6 |
# netstat -tl Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:http *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp6 0 0 [::]:ssh [::]:* LISTEN |
List only TCP ports in ESTABLISHED state.
|
1 2 |
# netstat -t | grep ESTABLISHED tcp 0 0 builder:ssh anfield:3544 ESTABLISHED |
List only listening UDP ports.
|
1 2 3 4 5 6 |
# netstat -ul Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 *:bootpc *:* udp 0 0 *:nfs *:* udp6 0 0 [::]:nfs [::]:* |
List only listening UNIX domain sockets.
|
1 2 3 4 5 |
# netstat -xl Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 8521 /tmp/.X11-unix/X0 unix 2 [ ACC ] SEQPACKET LISTENING 6945 /run/udev/control |
Network Statistics
Print TCP network statistics.
|
1 |
# netstat -ts |
Print UDP network statistics.
|
1 |
# netstat -us |
Print RAW (IP and ICMP) network statistics.
|
1 |
# netstat -ws |
Show PID and Process Name of Socket
If you want to determine which PID or process is listening on a port, use the “-p” option. This option is most useful when run as root.
Print all the PIDs and process name of the IPv4 TCP ports.
|
1 2 3 4 5 |
# netstat -ltp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:http *:* LISTEN 1215/apache2 tcp 0 0 *:ssh *:* LISTEN 785/sshd |
Non Supported Address Families
Print all the non supported network address families on the system.
|
1 2 3 4 5 |
# netstat -v 2>&1 1>/dev/null netstat: no support for `AF IPX' on this system. netstat: no support for `AF AX25' on this system. netstat: no support for `AF X25' on this system. netstat: no support for `AF NETROM' on this system. |
List Network Interfaces
Print a table of all network interfaces.
|
1 2 3 4 5 |
# netstat -i Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 49606 0 0 0 24336 0 0 0 BMRU lo 16436 0 4 0 0 0 4 0 0 0 LRU |
Print network interfaces with additional information.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
# netstat -ie Kernel Interface table eth0 Link encap:Ethernet HWaddr 08:00:27:e4:05:10 inet addr:192.168.10.11 Bcast:192.168.10.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fee4:510/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:50718 errors:0 dropped:0 overruns:0 frame:0 TX packets:24619 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:37951258 (37.9 MB) TX bytes:3644013 (3.6 MB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:4 errors:0 dropped:0 overruns:0 frame:0 TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:260 (260.0 B) TX bytes:260 (260.0 B) |
List Kernel Routing Table
Print a kernel routing table in numeric format.
|
1 2 3 4 5 6 |
# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.10.1 0.0.0.0 UG 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 |
Mohamed Ibrahim
ibrahim = { interested_in(unix, linux, android, open_source, reverse_engineering); coding(c, shell, php, python, java, javascript, nodejs, react); plays_on(xbox, ps4); linux_desktop_user(true); }
