How to use the command 'netstat' (with examples)

How to use the command 'netstat' (with examples)

Netstat is a command-line tool used to display various information related to network connections and interfaces on a Linux system. It provides valuable insights into active connections, listening ports, routing tables, and more. In this article, we will explore several use cases of the ’netstat’ command to understand its capabilities and how it can be useful in different scenarios.

Use case 1: List all ports

Code:

netstat --all

Motivation:

By listing all ports using the ‘–all’ option, we can get a comprehensive view of all active connections, including both TCP and UDP protocols. This can be helpful in troubleshooting network-related issues or analyzing the network activity of a system.

Explanation:

The ‘–all’ option instructs ’netstat’ to display all sockets (both listening and non-listening) and their associated information. By default, ’netstat’ only shows active connections, but with this option, we can see all connections, including those in a closed state.

Example output:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 192.168.1.10:53246      151.101.129.69:443      ESTABLISHED
udp        0      0 0.0.0.0:68              0.0.0.0:*

Use case 2: List all listening ports

Code:

netstat --listening

Motivation:

Understanding which ports are actively listening for incoming connections is vital for network security and identifying potential services running on a system. By listing all listening ports, we can get an overview of the services that are accepting connections and their associated transport protocols.

Explanation:

The ‘–listening’ option filters the output of ’netstat’ to display only the sockets that are actively listening for incoming connections. This can help identify services running on a system and their corresponding ports.

Example output:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
udp        0      0 0.0.0.0:53              0.0.0.0:*

Use case 3: List listening TCP ports

Code:

netstat --tcp

Motivation:

In certain scenarios, it may be necessary to specifically focus on TCP connections. By listing only the TCP ports that are actively listening, we can narrow down our analysis and gain insights into TCP services running on a system.

Explanation:

The ‘–tcp’ option provides a filtered output of ’netstat’ that only includes the TCP sockets, both active and listening. This can be useful when you want to focus your attention on TCP connections and disregard UDP or other protocols.

Example output:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN

Use case 4: Display PID and program names

Code:

netstat --program

Motivation:

Sometimes, it is necessary to identify the specific process or program associated with a network connection. By displaying the PID (Process Identifier) and program names, we can easily correlate network activity with running processes on the system.

Explanation:

The ‘–program’ option enhances the output of ’netstat’ by appending the PID and program name information to each socket. This allows for easy identification of the processes responsible for network connections and aids in troubleshooting or understanding the network behavior of a system.

Example output:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1234/sshd
tcp        0      0 192.168.1.10:53246      151.101.129.69:443      ESTABLISHED 5678/chrome

Use case 5: List information continuously

Code:

netstat --continuous

Motivation:

In certain situations, it is essential to monitor the network activity continuously. The ‘–continuous’ option allows for real-time updates, ensuring that we have up-to-date information on network connections and their status.

Explanation:

The ‘–continuous’ option instructs ’netstat’ to continuously refresh and display the network-related information. This is particularly useful when monitoring changes in the network, identifying unusual behavior, or capturing real-time statistics.

Example output:

Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 192.168.1.10:53246      151.101.129.69:443      ESTABLISHED
udp        0      0 0.0.0.0:68              0.0.0.0:*

Use case 6: List routes and do not resolve IP addresses to hostnames

Code:

netstat --route --numeric

Motivation:

Understanding the routing table of a system can be crucial for network troubleshooting or analyzing network traffic flow. By displaying routes without resolving IP addresses to hostnames, we can get a concise and more readable output.

Explanation:

The ‘–route’ option displays the routing table, while the ‘–numeric’ option prevents ’netstat’ from attempting to resolve IP addresses to hostnames. This can be useful when dealing with large amounts of network traffic or when the resolution of hostnames is not required.

Example output:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

Use case 7: List listening TCP and UDP ports (+ user and process if you’re root)

Code:

netstat --listening --program --numeric --tcp --udp --extend

Motivation:

When troubleshooting network issues, it can be helpful to have a comprehensive view that includes both TCP and UDP listening ports, along with associated user and process information. This information is especially valuable if the user running the ’netstat’ command has root privileges.

Explanation:

The ‘–listening’ option shows only sockets that are actively listening, while ‘–program’ appends the PID and program name information. The ‘–numeric’ option prevents IP address resolution, ‘–tcp’ filters only TCP sockets, and ‘–udp’ filters only UDP sockets. Lastly, ‘–extend’ provides additional details like timers and process information.

Example output:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      root       1234/sshd
udp        0      0 0.0.0.0:68              0.0.0.0:*                           dhcpd

Conclusion:

The ’netstat’ command is a powerful tool for gathering network-related information on a Linux system. By exploring various use cases, we have seen how it can provide insights into active connections, listening ports, routing tables, and more. Whether you are troubleshooting network issues, monitoring network activity, or securing your system, ’netstat’ proves to be a valuable resource.

Tags :

Related Posts

How to use the command zipgrep (with examples)

How to use the command zipgrep (with examples)

Zipgrep is a command-line utility that allows users to search for patterns within the files inside a ZIP archive using extended regular expressions.

Read More
How to use the command "arithmetic" (with examples)

How to use the command "arithmetic" (with examples)

The “arithmetic” command is a quiz program that generates simple arithmetic problems for the user to solve.

Read More
How to use the command bq (with examples)

How to use the command bq (with examples)

The bq command-line tool is a Python-based command-line tool for BigQuery.

Read More