Netstat (network statistics) is a command line tool for monitoring network connections both incoming and outgoing as well as viewing routing tables, interface statistics, masquerade connections, multicast memberships etc. It can be used to list out all the network (socket) connections on a system. It lists out all the tcp, udp socket connections and the unix socket connections. Netstat is available on all Unix-like Operating Systems and also available on Windows OS as well. It is very useful in terms of network troubleshooting and performance measurement. netstat is one of the most basic network service debugging tools, telling you what ports are open and whether any programs are listening on ports.
List out all connections
The first and most simple command is to list out all the current connections. Simply run the netstat command with the a option.
# netstat -a
check the following snippet for the netstat output. Output contain multiple pages, so some data are omitted.
Explanation of each column
Proto – tell us if the socket listed is TCP or UDP. TCP connections are used for browsing the web and downloading files. UDP connections are used by certain fast-paced computer games and sometimes by live streams.
Recv-Q & Send-Q – tell us how much data is in the queue for that socket, waiting to be read (Recv-Q) or sent (Send-Q). In short: if this is 0, everything’s ok, if there are non-zero values anywhere, there may be trouble.
Local Address & Foreign Address – tell to which hosts and ports the listed sockets are connected. The local end is always on the computer on which you’re running netstat and the foreign end is about the other computer
State – tells in which state the listed sockets are. The TCP protocol defines states, including “LISTEN” (wait for some external computer to contact us) and “ESTABLISHED” (ready for communication). The stranger among these is the “CLOSE WAIT” state. This means that the foreign or remote machine has already closed the connection, but that the local program somehow hasn’t followed suit.
The above command shows all connections from different protocols like tcp, udp and unix sockets. However this is not quite useful. Administrators often want to pick out specific connections based on protocols or port numbers for example.
Don’t resolve host, port and user name in netstat output
When you don’t want the name of the host, port or user to be displayed, use netstat -n option. This will display in numbers, instead of resolving the host name, port name, user name. This also speeds up the output, as netstat is not performing any look-up.
# netstat -an
List only TCP or UDP connections
To list out only tcp connections use the t options.
# netstat -t
Similarly to list out only udp connections use the u option.
Listing all LISTENING Connections
# netstat -l
Listing all TCP Listening Ports
# netstat -lt
Listing all UDP Listening Ports
# netstat -lu
Displaying Service name with PID
# netstat -tp
Displaying Kernel IP routing
# netstat -r
Showing Network Interface Transactions
# netstat -i
Displaying RAW Network Statistics
# netstat –statistics –raw
You can only use netstat truly effectively if you know much about your network and your Linux system.
