Netstat Command in Linux with ExamplesIntroductionLinux netstat command stands for Network statistics. It displays information about different interface statistics, including open sockets, routing tables, and connection information. Further, it can be used to displays all the socket connections (including TCP, UDP). Apart from connected sockets, it also displays the sockets that are pending for connections. It is a handy tool for network and system administrators. In computing, the netstat command is a command-line network utility that shows network connections for TCP (both outgoing and incoming), several network interfaces (software-defined network interface or network interface controller), network protocol statistics, and routing tables. It's available on Plan 9, Unix, Inferno, and Unix-like OSes, including BSD, Solaris, Linux, and macOS. Also, it's available on IBM OS/2 and Microsoft Windows NT-based OSes, including Windows 10, Windows 8, Windows 7, Windows Vista, and Windows XP. In the network, t is used to find problems and determine the traffic as a performance measurement. This program is almost obsolete on Linux, although still added in several distributions. The netstat command is superseded by "s" on Linux. The ip route command is the replacement of the netstat -r command, and the ip maddr command is the replacement of the netstat -i command, each of which is suggested instead. Statistics givenNetstat gives statistics for below:
Some of the netstat commands and their description are mentioned below:
Syntax:The netstat command supports various command-line options. The basic syntax of the netstat command is as follows: Options:It supports multiple command-line options to print information about the Linux networking subsystem. The output is controlled by the first argument. Let's see the list of the first arguments: (none): If no option is specified, it will execute the default command that displays a list of open sockets of all configured address families. --route, -r: It is used to print the kernel routing tables. The "netstat -r" command and "route -e" command will produce the same output. --groups, -g: It is used to display multicast group membership information different IP versions (Ipv4 and IPV6). --interfaces, -i: It is used to display all network interfaces. --masquerade, -M: It displays masqueraded connections. --statistics, -s: This option displays the summary statistics for each protocol. Other options:--verbose, -v: It is used to display the detailed output. It is a handy tool for displaying the details about unconfigured address families. --wide, -W: It is used as an output not to reduce the IP address as necessary. It is still optional not to break existing scripts. --numeric, -n: It is used to display numeric addresses alternatively defining symbolic hosts, ports, or usernames. --numeric-hosts: It is used to display numerical host addresses; it does not affect the resolution of port or user names. --numeric-ports: It is used to display numerical port numbers, it does not affect the properties and objects of host or user names. --numeric-users: It is used to display numeric user Ids, it does not affect the resolution of host or port names. --protocol=family, -A: It is used to specify the address families for which connections are to be displayed. The address families are a comma (',') separated like Inet, inet6, Unix, ax25, Netrom, Econet, Ipx, DDP, and Bluetooth. -c, --continuous: It is used to display the selected information continuously for every second. -e, --extend: It is used for extended output. This option can be used twice for maximum detail. -o, --timers: It is used to include networking timers related information. -p, --program: It is used to display the PID and name of the process to the corresponding sockets. -l, --listening: It is used to display only listening sockets. -a, --all: It is used to display both sockets (i.e., listening and non-listening). By specifying the '--interfaces' option, we can list the interfaces that are not up. -F: It is used to display the routing information from the FIB. -C: It is used to display the routing information from the route cache. Installation of the netstat commandIf the netstat command is not installed on your machine, it will display the traditional Linux installation error message "Command 'netstat' not found." To install it, execute the below command: The above command will ask for the administration password to install the command. If it is successfully installed, it will produce the output as follows: Examples of the netstat commandLet' see the following examples of the netstat command:
Display All ConnectionsThe '-a' option is used to display all the existing connections. Execute the netstat command as follows: The above command will list all the existing connections. Consider the below output: Display only TCP or UDP ConnectionsWe can list only the TCP or UDP connections. To display only the TCP connection, execute the command with the 't' option as follows: The above command will list all the TCP connections. Consider the below output: To display only UDP connection, execute it with 'u' option as follows: The above command will list all the UDP connections. Consider the below output: Disable Reverse DNS Lookup for Faster OutputThe default behavior of the netstat command finds out the hostname for each IP address by a reverse DNS lookup. It causes the slowdowns in output. If we don't want to know the hostname, then disable the reverse DNS lookup by suppressing the 'n' option with it: Consider the below command: The above command will disable the reverse DNS lookup and display all the TCP connections. Consider the below output: Display only Listening ConnectionsThe listening connections are such connections that are available for connection requests. Any network process keeps an open port for the listening incoming connection requests. These connections can be listed by executing the below command: The above command will list all the listening connection for TCP connections. Consider the below output: Display Pid and UidWhile checking the network statistics, it is sometimes vital to know the Pid and Uid for a particular connection or user. The Pid and Uid can be listed by executing the 'p' option. Execute the below command: The above command will list all the Pid for the TCP connections. It is necessary to execute this command with sudo privilege. Otherwise, it will not display the Pid. Consider the below output: Display Statisticsnetstat command is also a handy tool for displaying the network statistics such as no packets transmitted and received by a protocol. To display the network statistics, execute the command with the '-s' option as follows: The above command will display the network statistics. Consider the below output: Display kernel Routing InformationThe 'r' option is used to display the kernel routing information. It will display the same output as route command. To display the routing information, execute the command as follows: The above command will display the routing information. The 'n' option will disable the hostname lookup. Consider the below output: Display Network InterfacesWe can also display information about the network interfaces by using the netstat command. To display the network interfaces, execute the command with 'i' option as follows: The above command will list the network interfaces and related information. Consider the below output: Display netstat Output ContinuouslyTo display the netstat output continuously, execute the command with the 'c' option as follows: The above command will display the TCP connections continuously. Consider the below output: Display Multicast Group InformationThe 'g' option is used to display the multicast group information. To print the details for Ipv4 and Ipv6, execute the command as follows: The above command will display the multicast group information. Consider the below output: Install Net-Tools in LinuxThe netstat command is a part of a package called net-tools. We get the net-tools package using the following command in Ubuntu: <Check Netstat VersionUpon the installation process, we can check the installed Netstat version using the following command: Show Routing TableThe netstat command displays the routing table information on the command line. If we want to check the routing table, we can use the -nr option with Netstat; it will display the kernel routing table in a similar form to that route does. We can run the following command: The -nr flag permits Netstat to show addresses separated by dots rather than applying symbolic address titles. Show Network ConnectionThe netstat command has a variety of options to view passive and active sockets. Active TCP, Unix, RAW, and UDP socket connections are mentioned by the -x, -w, -u, and -t options, respectively. We can run the following command: Show Network ServicesWe can execute the below command to see a network list, their related ports, and their current states: Show every listening port of the UDP and TCP connectionWe can see every UDP and TCP port by running the following command in the terminal window: Show every listening connectionWe can use the netstat command with the -l option to list every active connection:
Next TopicLinux ss
|