How to Use the Command 'netstat' (with Examples)

How to Use the Command 'netstat' (with Examples)

The netstat command is a powerful utility in Unix-like operating systems that displays network-related information such as open connections, routing tables, interface statistics, masquerade connections, and multicast memberships. This tool is indispensable for network administrators and engineers who wish to monitor the operational state of a network and troubleshoot connectivity issues. While it is often replaced by the ss command in many modern systems, netstat remains popular due to its robust set of features.

Use Case 1: List All Ports

Code:

netstat --all

Motivation:

By listing all ports, users can gain a comprehensive view of both listening and non-listening sockets on the system. This includes all protocols, enabling the monitoring of ongoing network activities. This is particularly helpful in identifying unauthorized or anomalous services running on the system.

Explanation:

  • --all: This flag shows both listening and non-listening sockets. It displays all sockets including those not currently active or waiting for a connection.

Example Output:

Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 localhost:54171         localhost:54172         ESTABLISHED
tcp        0      0 localhost:54172         localhost:54171         ESTABLISHED
udp        0      0 0.0.0.0:68              0.0.0.0:*               

Use Case 2: List All Listening Ports

Code:

netstat --listening

Motivation:

Listing all listening ports is vital to manage and secure a system by showing which ports are ready to accept connections. This allows administrators to verify that only expected services are running and identify any potentially unauthorized services.

Explanation:

  • --listening: This filter command shows all listening sockets, i.e., sockets that are waiting for a connection.

Example Output:

Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        0      0 *:ssh                   *:*                     LISTEN      
tcp        0      0 localhost:ipp           *:*                     LISTEN      
udp        0      0 0.0.0.0:bootpc          0.0.0.0:*                          

Use Case 3: List Listening TCP Ports

Code:

netstat --tcp

Motivation:

Monitoring TCP ports is crucial for maintaining secure and efficient communications. By focusing on TCP, network operators can ensure proper functioning of key services like HTTP, HTTPS, and SSH, which are essential for the administration and access of services.

Explanation:

  • --tcp: This flag limits the output to TCP protocol only.

Example Output:

Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        0      0 *:http                  *:*                     LISTEN      
tcp        0      0 *:https                 *:*                     LISTEN      

Use Case 4: Display PID and Program Names

Code:

netstat --program

Motivation:

Attaching PIDs and program names to connections allows users to identify the processes responsible for each connection. This is invaluable in performance troubleshooting and security audits to ensure that only permitted applications maintain network connections.

Explanation:

  • --program: Displays the PID and name of the program to which each socket belongs.

Example Output:

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:ssh                   *:*                     LISTEN      1001/sshd
tcp        0      0 *:http                  *:*                     LISTEN      2168/apache2

Use Case 5: List Information Continuously

Code:

netstat --continuous

Motivation:

Continuous monitoring is critical during live debugging and performance testing, allowing real-time observation of network state changes. This can help identify transient issues that might be missed in a single snapshot.

Explanation:

  • --continuous: Continuously updates and outputs network data in real-time.

Example Output:

... (repeats) ...
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        0      0 localhost:58123         localhost:39972         TIME_WAIT   
tcp        0      0 192.168.1.5:53015       ec2-54-93-12-34:https   ESTABLISHED

Use Case 6: List Routes and Do Not Resolve IP Addresses to Hostnames

Code:

netstat --route --numeric

Motivation:

For an accurate and fast overview of the routing table without DNS resolution delays, this command lists all routes in numeric form. This is especially useful when dealing with busy networks or when analyzing routing paths to troubleshoot traffic flow issues.

Explanation:

  • --route: Outputs the kernel routing table.
  • --numeric: Displays numerical addresses instead of trying to determine symbolic host, port, or user names.

Example Output:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 wlan0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 wlan0

Use Case 7: List Listening TCP and UDP Ports (+ User and Process If You’re Root)

Code:

netstat --listening --program --numeric --tcp --udp --extend

Motivation:

This comprehensive command is used to fully enumerate active listening ports across TCP and UDP protocols, complete with user and process information. Such detailed output is essential for complex diagnostic tasks where full visibility into the network stack is required.

Explanation:

  • --listening: Shows only listening sockets.
  • --program: Includes PID and program names.
  • --numeric: Display addresses as numbers.
  • --tcp: Includes TCP ports.
  • --udp: Includes UDP ports.
  • --extend: Extends information on the current socket details to include user data.

Example Output:

Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode      PID/Program name
tcp        0      0 *:http                  *:*                     LISTEN      www-data   2315       2168/apache2
udp        0      0 192.168.1.10:4500       0.0.0.0:*                           root       73412      1396/pluto

Conclusion:

The netstat command is an extremely versatile utility that presents users with detailed insights into network status and performance. Whether for routine system administration or thorough debugging, the different options and parameters of netstat enable effective and efficient network monitoring and diagnostics. By studying these examples, users can understand how to apply netstat to glean critical insights into system and network performance.

Related Posts

How to Utilize the Get-Content Command in PowerShell (with examples)

How to Utilize the Get-Content Command in PowerShell (with examples)

The Get-Content command in PowerShell is a versatile tool designed to retrieve the content from a specified item, typically a file.

Read More
How to Use the Command 'host' (with Examples)

How to Use the Command 'host' (with Examples)

The host command is a powerful and widely used utility for DNS (Domain Name System) lookups.

Read More
How to Use the Command 'xvfb-run' (with Examples)

How to Use the Command 'xvfb-run' (with Examples)

The xvfb-run command is a powerful utility that allows users to execute commands in a virtual X server environment.

Read More