Netstat command is a command which is used to print information about the Linux networking subsystem. The type of informations that’s printed are controlled by the first argument: (none) By default, netstat displays a list of open sockets. If you didn’t specified any address families, then the active sockets of all configured address families will be printed. –route, -r Kernel routing tables are displayed. netstat -r and route -e these commands give us the same output. –groups, -g Displays the multicast group membership informations for IPv4 and IPv6. –interfaces, -i A table of all network interfaces are displayed. –masquerade, -M A list of masqueraded connections are displayed. –statistics, -s Summary statistics for each protocol are displayed.
OPTIONS
–verbose , -v
Tells the user what’s going on by being verbose. It prints some useful information about unconfigured address families.
–numeric , -n
Shows numerical addresses rather than trying to determine symbolic host, port or user names.
–numeric-hosts
shows numerical host addresses are shown without affecting the resolution of port or user names.
–numeric-ports
shows numerical port numbers but it will not affect the resolution of host or user names.
–numeric-users
shows numerical user IDs but it won’t affect the resolution of host or port names.
–protocol=family , -A
It specifies the address families of which the connections are to be shown.
separated list of address family keywords like inet, inet6, unix and ddp. This has the same effect as using the –inet, –inet6, –unix (-x), –ipx, –ax25, –netrom, and –ddp options.
raw, udp, tcp, inet sockets are included in the address family
-c, –continuous
netstat will print the selected informations every second repeatedly with this option.
-e, –extend
Display additional information. You can use this option to get maximum detail.
-o, –timers
Includes the informations related to networking timers.
-p, –program
It shows the process id (PID) and name of the program to which each socket belongs to.
-l, –listening
Show only listening sockets. (These are displayed by default.)
-a, –all
Show both listening and non-listening for established connections (ie TCP) sockets. With the –interfaces option, shows interfaces that
are not marked.
-F
Prints routing information from the FIB. (This is the default.)
-C
Prints routing informations from the route cache.
-Z –context
If SELinux is enabled then it will print the SELinux context.
-T –notrim
Stops trimming long addresses.
Example:
Listing only TCP port connections using netstat -at.
# netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost:ipp *:* LISTEN
tcp 0 0 localhost:smtp *:* LISTEN
tcp 0 0 *:48541 *:* LISTEN
tcp 0 0 192.168.0.11:43970 del11s06-in-f2.1e100.:https TIME_WAIT
tcp 0 0 192.168.0.11:52680 maa05s10-in-f14.1e100:https TIME_WAIT
tcp 0 0 192.168.0.11:36820 maa03s31-in-f10.1e100:https ESTABLISHED
Listing all ports (both TCP and UDP) using netstat -a option.
# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
\tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost:ipp *:* LISTEN
tcp 0 0 localhost:smtp *:* LISTEN
tcp 0 0 *:48541 *:* LISTEN
tcp 0 0 192.168.0.11:43438 maa05s06-in-f3.1e100.:https ESTABLISHED
tcp 0 0 192.168.0.11:36820 maa03s31-in-f10.1e100:https ESTABLISHED
tcp 0 0 192.168.0.11:55236 maa05s12-in-f14.1e100:https ESTABLISHED
tcp 0 0 192.168.0.11:45854 13.83.65.43:https ESTABLISHED
tcp 0 0 192.168.0.11:59160 kul06s17-in-f229.1e10:https ESTABLISHED
Listing only UDP port connections using netstat -au.
# netstat -au
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 *:827 *:*
udp 0 0 *:bootpc *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:ipp *:*
udp 360 0 192.168.0.11:48777 192.168.0.1:domain ESTABLISHED
udp 0 0 *:60564 *:*
udp 488 0 192.168.0.11:52509 192.168.0.1:domain ESTABLISHED
udp 488 0 192.168.0.11:49323 192.168.0.1:domain ESTABLISHED
udp 0 0 *:corba-iiop *:*
udp 0 0 *:41037 *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:corba-iiop *:*