Netstat command displays various network related information such as network connections, routing tables, interface statistics, masquerade connections, multicast memberships etc.
10 practical Linux netstat command examples.
1. List All Ports (both listening and non listening ports)
List all ports using netstat -a
# netstat -a | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address Stat
e
tcp 0 0 *:submission *:* LIST
EN
tcp 0 0 localhost:dyna-access *:* LIST
EN
tcp 0 0 *:sunrpc *:* LIST
EN
tcp 0 0 *:urd *:* LIST
EN
tcp 0 0 *:ssh *:* LIST
EN
tcp 0 0 *:smtp *:* LIST
EN
tcp 0 0 *:iscsi-target *:* LIST
EN
tcp 0 0 *:49641 *:* LIST
EN
tcp 0 52 oracle.microair.in:ssh 172.24.23.153:14211 ESTA
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 14148 /tmp/.X11-unix/X9
unix 2 [ ACC ] STREAM LISTENING 12054 @/var/run/hald/dbus-cYZ
kVWR8Gb
unix 2 [ ACC ] STREAM LISTENING 14230 /tmp/orbit-root/linc-90
0-0-3376678e2d44f
unix 2 [ ACC ] STREAM LISTENING 14719 /tmp/orbit-root/linc-8f
1-0-4e4fb3ab4acf6
unix 2 [ ] DGRAM 10609 /var/run/portreserve/so
cket
unix 2 [ ACC ] STREAM LISTENING 10684 /var/run/rpcbind.sock
List all tcp ports using netstat -at
# netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:submission *:* LISTEN
tcp 0 0 localhost:dyna-access *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:urd *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
List all udp ports using netstat -au
# netstat -au
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 *:sunrpc *:*
udp 0 0 *:ipp *:*
udp 0 0 *:iris-xpcs *:*
udp 0 0 *:821 *:*
udp 0 0 *:41786 *:*
udp 0 0 *:sunrpc *:*
2. List Sockets which are in Listening State
List only listening ports using netstat -l
# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:submission *:* LISTEN
tcp 0 0 localhost:dyna-access *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:urd *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
tcp 0 0 *:iscsi-target *:* LISTEN
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 14148 /tmp/.X11-unix/X9
unix 2 [ ACC ] STREAM LISTENING 12054 @/var/run/hald/dbus-cYZkVWR8Gb
unix 2 [ ACC ] STREAM LISTENING 14230 /tmp/orbit-root/linc-900-0-3376678e2d44f
unix 2 [ ACC ] STREAM LISTENING 14719 /tmp/orbit-root/linc-8f
List only listening TCP Ports using netstat -lt
# netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:submission *:* LISTEN
tcp 0 0 localhost:dyna-access *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:urd *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
List only listening UDP Ports using netstat -lu
# netstat -lu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 *:sunrpc *:*
udp 0 0 *:ipp *:*
udp 0 0 *:iris-xpcs *:*
udp 0 0 *:821 *:*
List only the listening UNIX Ports using netstat -lx
# netstat -lx
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 14148 /tmp/.X11-unix/X9
unix 2 [ ACC ] STREAM LISTENING 12054 @/var/run/hald/dbus-cYZkVWR8Gb
unix 2 [ ACC ] STREAM LISTENING 14230 /tmp/orbit-root/linc-900-0-3376678e2d44f
unix 2 [ ACC ] STREAM LISTENING 14719 /tmp/orbit-root/linc-8f1-0-4e4fb3ab4acf6
unix 2 [ ACC ] STREAM LISTENING 10684 /var/run/rpcbind.sock
unix 2 [ ACC ] STREAM LISTENING 10737 /var/run/mcelog-client
unix 2 [ ACC ] STREAM LISTENING 11764 /var/run/dbus/system_bu
3. Show the statistics for each protocol
Show statistics for all ports using netstat -s
# netstat -s
Ip:
390700 total packets received
0 forwarded
0 incoming packets discarded
383228 incoming packets delivered
8510 requests sent out
Icmp:
7 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
destination unreachable: 2
echo requests: 5
79 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 74
echo replies: 5
IcmpMsg:
InType3: 2
InType8: 5
OutType0: 5
OutType3: 74
Tcp:
5 active connections openings
113 passive connection openings
16 failed connection attempts
0 connection resets received
1 connections established
7103 segments received
10131 segments send out
73 segments retransmited
0 bad segments received.
378 resets sent
Udp:
42 packets received
13 packets to unknown port received.
0 packet receive errors
44 packets sent
Show statistics for TCP (or) UDP ports using netstat -st (or) -su
# netstat -st
# netstat -su
4. Display PID and program names in netstat output using netstat -p
netstat -p option can be combined with any other netstat option. This will add the “PID/Program Name” to the netstat output. This is very useful while debugging to identify which program is running on a particular port.
# netstat -pt
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 248 oracle.microair.in:ssh 172.24.0.17:57321 ESTABLISHED 29088/sshd
5. Don’t resolve host, port and user name in netstat output
When you don’t want the name of the host, port or user to be displayed, use netstat -n option. This will display in numbers, instead of resolving the host name, port name, user name.
This also speeds up the output, as netstat is not performing any look-up.
# netstat -an
If you don’t want only any one of those three items ( ports, or hosts, or users ) to be resolved, use following commands.
# netsat -a --numeric-ports
# netsat -a --numeric-hosts
# netsat -a --numeric-users
6. Print netstat information continuously
netstat will print information continuously every few seconds.
# netstat -c
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 prakash-laptop.loc:33362 201-151-18-123.ama:www ESTABLISHED
tcp 1 1 prakash-laptop.loc:52144 201.41.143.232:www CLOSING
tcp 0 0 prakash-laptop.loc:43143 server-101-41-43-5:www ESTABLISHED
7. Find the non supportive Address families in your system
# netstat --verbose
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 52 oracle.microair.in:ssh 172.24.0.17:57321 ESTABLISHED
netstat: no support for `AF INET (sctp)' on this system.
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 10609 /var/run/portreserve/socket
unix 2 [ ] DGRAM 10824 /var/run/fcm/fcm_clif
unix 2 [ ] DGRAM 1855 @/org/kernel/udev/udevd
unix 15 [ ] DGRAM 10626 /dev/log
unix 2 [ ] DGRAM 11192 @/org/freedesktop/hal/u
At the end, you will have something like this.
unix 3 [ ] STREAM CONNECTED 14695 @/tmp/.X11-unix/X9
netstat: no support for `AF IPX' on this system.
netstat: no support for `AF AX25' on this system.
netstat: no support for `AF X25' on this system.
netstat: no support for `AF NETROM' on this system.
8. Display the kernel routing information using netstat -r
# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default 172.16.24.251 0.0.0.0 UG 0 0 0 eth0
link-local * 255.255.0.0 U 0 0 0 eth0
172.10.0.0 * 255.255
Note: Use netstat -rn to display routes in numeric format without resolving for host-names.
9. Find out on which port a program is running
# netstat -ap | grep ssh
tcp 0 0 *:ssh *:* LISTEN 2125/sshd
tcp 0 52 oracle.microair.in:ssh 172.16.0.223:56231 ESTABLISHED 29088/sshd
tcp 0 0 *:ssh *:* LISTEN 2125/sshd
unix 2 [ ] DGRAM 62948 29088/sshd
Find out which process is using a particular port:
# netstat -an | grep ':80'
10. Show the list of network interfaces
# netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR
eth0 1500 0 0 0 0 0 0 0 0 0
eth2 1500 0 743679 0 0 0 262033 6 0 0
lo 65336 0 4 0 0 0 4 0 0 0
Display extended information on the interfaces (similar to ifconfig) using netstat -ie:
# netstat -ie
Kernel Interface table
eth0 Link encap:Ethernet HWaddr 73:CC:A0:BF:BF:14
inet addr:172.16.0.223 Bcast:172.16.4.255 Mask:255.255.252.0
inet6 addr: fe80::7aac:c0ff:febf:1f28/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:750344 errors:0 dropped:0 overruns:0 frame:0
TX packets:26214 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:78170590 (74.5 MiB) TX bytes:8935032 (8.5 MiB)
Interrupt:19 Memory:f0500000-f0520000
10 practical Linux netstat command examples.
1. List All Ports (both listening and non listening ports)
List all ports using netstat -a
# netstat -a | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address Stat
e
tcp 0 0 *:submission *:* LIST
EN
tcp 0 0 localhost:dyna-access *:* LIST
EN
tcp 0 0 *:sunrpc *:* LIST
EN
tcp 0 0 *:urd *:* LIST
EN
tcp 0 0 *:ssh *:* LIST
EN
tcp 0 0 *:smtp *:* LIST
EN
tcp 0 0 *:iscsi-target *:* LIST
EN
tcp 0 0 *:49641 *:* LIST
EN
tcp 0 52 oracle.microair.in:ssh 172.24.23.153:14211 ESTA
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 14148 /tmp/.X11-unix/X9
unix 2 [ ACC ] STREAM LISTENING 12054 @/var/run/hald/dbus-cYZ
kVWR8Gb
unix 2 [ ACC ] STREAM LISTENING 14230 /tmp/orbit-root/linc-90
0-0-3376678e2d44f
unix 2 [ ACC ] STREAM LISTENING 14719 /tmp/orbit-root/linc-8f
1-0-4e4fb3ab4acf6
unix 2 [ ] DGRAM 10609 /var/run/portreserve/so
cket
unix 2 [ ACC ] STREAM LISTENING 10684 /var/run/rpcbind.sock
List all tcp ports using netstat -at
# netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:submission *:* LISTEN
tcp 0 0 localhost:dyna-access *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:urd *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
List all udp ports using netstat -au
# netstat -au
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 *:sunrpc *:*
udp 0 0 *:ipp *:*
udp 0 0 *:iris-xpcs *:*
udp 0 0 *:821 *:*
udp 0 0 *:41786 *:*
udp 0 0 *:sunrpc *:*
2. List Sockets which are in Listening State
List only listening ports using netstat -l
# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:submission *:* LISTEN
tcp 0 0 localhost:dyna-access *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:urd *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
tcp 0 0 *:iscsi-target *:* LISTEN
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 14148 /tmp/.X11-unix/X9
unix 2 [ ACC ] STREAM LISTENING 12054 @/var/run/hald/dbus-cYZkVWR8Gb
unix 2 [ ACC ] STREAM LISTENING 14230 /tmp/orbit-root/linc-900-0-3376678e2d44f
unix 2 [ ACC ] STREAM LISTENING 14719 /tmp/orbit-root/linc-8f
List only listening TCP Ports using netstat -lt
# netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:submission *:* LISTEN
tcp 0 0 localhost:dyna-access *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:urd *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
List only listening UDP Ports using netstat -lu
# netstat -lu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 *:sunrpc *:*
udp 0 0 *:ipp *:*
udp 0 0 *:iris-xpcs *:*
udp 0 0 *:821 *:*
List only the listening UNIX Ports using netstat -lx
# netstat -lx
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 14148 /tmp/.X11-unix/X9
unix 2 [ ACC ] STREAM LISTENING 12054 @/var/run/hald/dbus-cYZkVWR8Gb
unix 2 [ ACC ] STREAM LISTENING 14230 /tmp/orbit-root/linc-900-0-3376678e2d44f
unix 2 [ ACC ] STREAM LISTENING 14719 /tmp/orbit-root/linc-8f1-0-4e4fb3ab4acf6
unix 2 [ ACC ] STREAM LISTENING 10684 /var/run/rpcbind.sock
unix 2 [ ACC ] STREAM LISTENING 10737 /var/run/mcelog-client
unix 2 [ ACC ] STREAM LISTENING 11764 /var/run/dbus/system_bu
3. Show the statistics for each protocol
Show statistics for all ports using netstat -s
# netstat -s
Ip:
390700 total packets received
0 forwarded
0 incoming packets discarded
383228 incoming packets delivered
8510 requests sent out
Icmp:
7 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
destination unreachable: 2
echo requests: 5
79 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 74
echo replies: 5
IcmpMsg:
InType3: 2
InType8: 5
OutType0: 5
OutType3: 74
Tcp:
5 active connections openings
113 passive connection openings
16 failed connection attempts
0 connection resets received
1 connections established
7103 segments received
10131 segments send out
73 segments retransmited
0 bad segments received.
378 resets sent
Udp:
42 packets received
13 packets to unknown port received.
0 packet receive errors
44 packets sent
Show statistics for TCP (or) UDP ports using netstat -st (or) -su
# netstat -st
# netstat -su
4. Display PID and program names in netstat output using netstat -p
netstat -p option can be combined with any other netstat option. This will add the “PID/Program Name” to the netstat output. This is very useful while debugging to identify which program is running on a particular port.
# netstat -pt
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 248 oracle.microair.in:ssh 172.24.0.17:57321 ESTABLISHED 29088/sshd
5. Don’t resolve host, port and user name in netstat output
When you don’t want the name of the host, port or user to be displayed, use netstat -n option. This will display in numbers, instead of resolving the host name, port name, user name.
This also speeds up the output, as netstat is not performing any look-up.
# netstat -an
If you don’t want only any one of those three items ( ports, or hosts, or users ) to be resolved, use following commands.
# netsat -a --numeric-ports
# netsat -a --numeric-hosts
# netsat -a --numeric-users
6. Print netstat information continuously
netstat will print information continuously every few seconds.
# netstat -c
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 prakash-laptop.loc:33362 201-151-18-123.ama:www ESTABLISHED
tcp 1 1 prakash-laptop.loc:52144 201.41.143.232:www CLOSING
tcp 0 0 prakash-laptop.loc:43143 server-101-41-43-5:www ESTABLISHED
7. Find the non supportive Address families in your system
# netstat --verbose
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 52 oracle.microair.in:ssh 172.24.0.17:57321 ESTABLISHED
netstat: no support for `AF INET (sctp)' on this system.
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 10609 /var/run/portreserve/socket
unix 2 [ ] DGRAM 10824 /var/run/fcm/fcm_clif
unix 2 [ ] DGRAM 1855 @/org/kernel/udev/udevd
unix 15 [ ] DGRAM 10626 /dev/log
unix 2 [ ] DGRAM 11192 @/org/freedesktop/hal/u
At the end, you will have something like this.
unix 3 [ ] STREAM CONNECTED 14695 @/tmp/.X11-unix/X9
netstat: no support for `AF IPX' on this system.
netstat: no support for `AF AX25' on this system.
netstat: no support for `AF X25' on this system.
netstat: no support for `AF NETROM' on this system.
8. Display the kernel routing information using netstat -r
# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default 172.16.24.251 0.0.0.0 UG 0 0 0 eth0
link-local * 255.255.0.0 U 0 0 0 eth0
172.10.0.0 * 255.255
Note: Use netstat -rn to display routes in numeric format without resolving for host-names.
9. Find out on which port a program is running
# netstat -ap | grep ssh
tcp 0 0 *:ssh *:* LISTEN 2125/sshd
tcp 0 52 oracle.microair.in:ssh 172.16.0.223:56231 ESTABLISHED 29088/sshd
tcp 0 0 *:ssh *:* LISTEN 2125/sshd
unix 2 [ ] DGRAM 62948 29088/sshd
Find out which process is using a particular port:
# netstat -an | grep ':80'
10. Show the list of network interfaces
# netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR
eth0 1500 0 0 0 0 0 0 0 0 0
eth2 1500 0 743679 0 0 0 262033 6 0 0
lo 65336 0 4 0 0 0 4 0 0 0
Display extended information on the interfaces (similar to ifconfig) using netstat -ie:
# netstat -ie
Kernel Interface table
eth0 Link encap:Ethernet HWaddr 73:CC:A0:BF:BF:14
inet addr:172.16.0.223 Bcast:172.16.4.255 Mask:255.255.252.0
inet6 addr: fe80::7aac:c0ff:febf:1f28/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:750344 errors:0 dropped:0 overruns:0 frame:0
TX packets:26214 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:78170590 (74.5 MiB) TX bytes:8935032 (8.5 MiB)
Interrupt:19 Memory:f0500000-f0520000
No comments:
Post a Comment