10 Netstat command examples on Unix / Linux

The Netstat command displays various network data such as network connections, routing table, interface statistics, masked connections, multicast space, etc.

In this article, let’s take a look at 10 practical command examples NetStat on Unix.

1. List of all ports (both listening and non-listening ports)

List all ports using Netstat -a command

# netstat -a | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 localhost:30037         *:*                     LISTEN
udp        0      0 *:bootpc                *:*                                

Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     6135     /tmp/.X11-unix/X0
unix  2      [ ACC ]     STREAM     LISTENING     5140     /var/run/acpid.socket

List all TCP ports using netstat -at

# netstat -at
Active Internet connections (servers and established)                     
Proto Recv-Q Send-Q Local Address           Foreign Address         State 
tcp        0      0 0.0.0.0:http            0.0.0.0:*               LISTEN
tcp        0      0 localhost:webcache      0.0.0.0:*               LISTEN
tcp        0      0 andreyex.ru:domain      0.0.0.0:*               LISTEN
tcp        0      0 localhost:domain        0.0.0.0:*               LISTEN

Listing all UDP ports with netstat -au

# netstat -au
Active Internet connections (servers and established)                           
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
udp        0      0 andreyex.ru:49419       google-public-dn:domain ESTABLISHED 
udp        0      0 andreyex.ru:39293       google-public-dn:domain ESTABLISHED 
udp        0      0 andreyex.ru:50053       google-public-dn:domain ESTABLISHED

2. List of sockets that are listening

List only listening ports with netstat -l

# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:http            0.0.0.0:*               LISTEN
tcp        0      0 localhost:webcache      0.0.0.0:*               LISTEN
tcp        0      0 andreyex.ru:domain      0.0.0.0:*               LISTEN
tcp        0      0 localhost:domain        0.0.0.0:*               LISTEN

List only listening TCP ports with netstat -lt

# netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:http            0.0.0.0:*               LISTEN
tcp        0      0 localhost:webcache      0.0.0.0:*               LISTEN
tcp        0      0 andreyex.ru:domain      0.0.0.0:*               LISTEN
tcp        0      0 localhost:domain        0.0.0.0:*               LISTEN

List only listening UDP ports using netstat -lu

# netstat -lu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
udp        0      0 andreyex.ru:domain      0.0.0.0:*
udp        0      0 localhost:domain        0.0.0.0:*
udp        0      0 andreyex.ru:ntp         0.0.0.0:*

List only listening UNIX ports with netstat -lx

# netstat -lx
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     19693    tmp/core.adm.internal 
unix  2      [ ACC ]     SEQPACKET  LISTENING     8723     /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     12566    /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     16948    /var/run/fail2ban/fail2ban.sock
unix  2      [ ACC ]     STREAM     LISTENING     19702    tmp/core.sock

3. Show statistics for each protocol

Show statistics for all ports using netstat -s

# netstat -s
Ip:                                                                                                                                                           
    190566 total packets received                                                                                                                             
    0 forwarded                                                                                                                                               
    0 incoming packets discarded                                                                                                                              
    189618 incoming packets delivered                                                                                                                         
    170462 requests sent out                                                                                                                                  
    16 dropped because of missing route                                                                                                                       
Icmp:                                                                                                                                                         
    74 ICMP messages received                                                                                                                                 
    0 input ICMP message failed.                                                                                                                              
    ICMP input histogram:                                                                                                                                     
        destination unreachable: 22                                                                                                                           
        echo requests: 52
.....

Show statistics for TCP (or) UDP ports using netstat -st (or) -su

# netstat -st

# netstat -su

4. PIDs and program names in netstat output using netstat -p command

The netstat -p option can be combined with any other netstat option. This will add “PID / Program Name” to the netstat output. This is very useful when debugging to determine which program is running on a specific port.

# netstat -pt
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 localhost:56642         localhost:46846         TIME_WAIT   -                                                                             
tcp        0      0 localhost:56642         localhost:46748         TIME_WAIT   -

5. Do not allow host, port and username in netstat output

If you don’t want to display the hostname, port, or user, use netstat with the -n option. It will display in numbers, and not allow hostname, portname, username.

This also speeds up the logout as netstat does not perform any lookups.

# netstat -an

If you don’t want one of these three items (port or host or user), use the following commands.

# netsat -a --numeric-ports

# netsat -a --numeric-hosts

# netsat -a --numeric-users

6. Continuous printing of netstat information

netstat will print information continuously every few seconds.

# netstat -c
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 localhost:37840         localhost:webcache      ESTABLISHED                                                                               
tcp        0      0 andreyex.ru:vlsi-lm     213.132.93.178:24080    ESTABLISHED                                                                               
tcp        0      0 localhost:56642         localhost:47258         TIME_WAIT                                                                                 
tcp        0      0 localhost:56642         localhost:47150         TIME_WAIT
^C

Exit printing: Ctrl + C.

7. Find numbers supporting the address of families in your system

netstat --verbose

In the end, you will have something like this.

netstat: no support for `AF IPX' on this system.
netstat: no support for `AF AX25' on this system.
netstat: no support for `AF X25' on this system.
netstat: no support for `AF NETROM' on this system.

8. Displaying kernel routing information using netstat -r

# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         gw.msk.ispsyste 0.0.0.0         UG        0 0          0 eth0
213.159.208.0   0.0.0.0         255.255.254.0   U         0 0          0 eth0

Note: Use netstat -rn to display routes numerically without hostname resolution.

9. Find out on which port the program is running

# netstat -ap | grep ssh
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp        0      0 0.0.0.0:28456           0.0.0.0:*               LISTEN      779/sshd            
tcp        0      0 andreyex.ru:28456       213.132.93.178:13430    ESTABLISHED 2893/sshd: andreyex 
tcp        0      0 andreyex.ru:28456       213.132.93.178:13106    ESTABLISHED 2393/sshd: andreyex 
tcp6       0      0 [::]:28456              [::]:*                  LISTEN      779/sshd

Find out which process is using a specific port:

# netstat -an | grep ':80'

10. Show list of network interfaces

# netstat -i
Kernel Interface table
Iface      MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg 
eth0      1555  2765202      0      0 0         86602      0      0      0 BMRU
lo       65536    93149      0      0 0         93149      0      0      0 LRU

Displaying extended information about interfaces (similar to ifconfig) using netstat -ie:

# netstat -ie
Kernel Interface table
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1550 
        inet 213.159.209.228  netmask 255.255.254.0  broadcast 213.159.209.255
        inet6 fe80::5054:ff:fe80:19a4  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:80:19:a4  txqueuelen 1000  (Ethernet)      
        RX packets 2772322  bytes 189451708 (180.6 MiB)           
        RX errors 0  dropped 0  overruns 0  frame 0               
        TX packets 86767  bytes 137897931 (131.5 MiB)             
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Sidebar