zaro

What is the netstat command in Linux?

Published in Linux Network Utility 4 mins read

The netstat (network statistics) command is a fundamental command-line utility in Linux used for monitoring network connections, routing tables, interface statistics, and more. It provides a comprehensive overview of your system's network activities and protocol statistics, helping administrators and users diagnose network problems, monitor performance, and ensure security.

Understanding Netstat's Core Functions

netstat generates displays that show various aspects of your system's network status and protocol statistics. Specifically, it can provide detailed insights into:

  • Active Connections: Shows active incoming and outgoing network connections.
  • Listening Ports: Identifies ports that are open and listening for incoming connections on your system.
  • Protocol Statistics: Displays statistics for various network protocols such as TCP, UDP, ICMP, and IP.
  • Routing Tables: Provides information about the kernel's IP routing table.
  • Interface Statistics: Shows statistics for network interfaces, including data transmitted and received.

It's particularly useful for displaying the status of TCP and UDP endpoints in a clear table format, along with routing table information and interface details.

Key Netstat Options and Their Uses

The power of netstat lies in its various options, which allow you to filter and format the output to retrieve specific information. Here are some of the most frequently used and important options:

Option Full Name Description
-a --all Displays all active connections and listening ports.
-n --numeric Shows numerical addresses and port numbers instead of resolving hostnames and service names. This speeds up output.
-t --tcp Displays TCP connections.
-u --udp Displays UDP connections.
-l --listening Displays only listening sockets.
-p --programs Shows the PID and name of the program owning the socket. Requires root privileges.
-s --statistics Displays per-protocol statistics for protocols like IP, ICMP, TCP, and UDP. This is frequently used for determining network status.
-r --route Shows the IP routing table, providing insights into how network packets are directed. This is frequently used for determining network status.
-i --interfaces Displays a table of all network interfaces, showing their statistics like MTU, RX/TX packets, errors, etc. This is frequently used for determining network status.
-e --extend Displays extended information, often including user/UID information.

Practical Examples of Netstat

Understanding these options is best achieved through practical application. Here are some common netstat commands you might use:

  • View all active TCP and UDP connections with numerical addresses:

    netstat -tulna

    This command combines options to show TCP (-t) and UDP (-u) connections, only listening ports (-l), numerical addresses (-n), and all connections (-a).

  • Display per-protocol network statistics:

    netstat -s

    This command is crucial for gaining an overview of network activity at the protocol level, showing counts of packets sent, received, errors, and more for IP, ICMP, TCP, and UDP.

  • Show the IP routing table:

    netstat -r

    This helps you understand the paths network traffic takes to reach various destinations, including default gateways and specific network routes.

  • List network interface statistics:

    netstat -i

    Useful for monitoring the health and activity of your network adapters, showing packet counts, errors, and dropped packets.

  • Find which process is using a specific port (e.g., port 80 for web servers):

    sudo netstat -tulpn | grep :80

    By combining netstat with grep, you can quickly identify the program (and its PID) listening on a particular port.

Why Use Netstat?

netstat is an indispensable tool for various system administration and troubleshooting tasks:

  • Network Troubleshooting: Identify blocked ports, unresponsiveness, or network connectivity issues.
  • Security Auditing: Spot unauthorized connections or suspicious services listening on unexpected ports.
  • Performance Monitoring: Get a snapshot of network traffic and identify potential bottlenecks or unusual activity.
  • Service Verification: Confirm that network services (like web servers, SSH, databases) are listening on their intended ports.

Alternatives to Netstat

While netstat remains widely available and highly useful, modern Linux distributions often include newer tools that can offer better performance for similar tasks, especially on systems with many connections. The ss command (socket statistics) is often preferred for its speed and more detailed output, and ip route/ip link commands from the iproute2 suite can replace netstat -r and netstat -i respectively. However, netstat's ubiquity and familiar syntax ensure its continued relevance.

← Previous Article
Should I Wet My Microfiber Towels Before Use?
Next Article →
What Did Kamikaze Pilots Say Before Crashing?