How to use the command 'netstat' (with examples)
- Osx
- December 17, 2024
Netstat, short for “network statistics,” is a command-line network utility used to monitor network connections, both incoming and outgoing, and record network interface-related statistics. Netstat is a powerful tool for administrators and users alike who need to troubleshoot network issues, monitor network activity, or get a quick snapshot of what the device is doing network-wise. It provides information about open connections, routing tables, and a variety of network statistics, making it invaluable for real-time diagnostics and analysis.
Use case 1: Display the PID and program name listening on a specific protocol
Code:
netstat -p protocol
Motivation:
Understanding which processes are responsible for network activity on your computer is crucial for troubleshooting and security auditing. You may often need to identify the process ID (PID) and the associated program name that is listening on a particular network protocol. This helps in diagnosing potential issues like unwanted or suspicious processes using network resources or simply allocating resources based on network activity.
Explanation:
-p
: This flag displays the PID and the program’s name. Including this argument allows users to drill down into the specifics of which program is responsible for the given network activity.protocol
: This parameter allows users to specify a network protocol, such as TCP, UDP, etc., thus focusing the output on connections related to the given protocol.
Example Output:
Active Internet connections
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost:8008 *:* LISTEN 7313/python
Use case 2: Print the routing table and do not resolve IP addresses to hostnames
Code:
netstat -nr
Motivation:
When analyzing routing tables, resolving IP addresses to hostnames is often unnecessary and can slow down the process, especially if the DNS resolution is slow or unavailable. This option provides a faster way to check routing configurations without the delay of resolving IP addresses. Network administrators might use this to quickly spot routing errors, verify connectivity paths, or configure different network segments efficiently.
Explanation:
-n
: Tells netstat to show numerical addresses instead of trying to resolve hostnames.-r
: Displays the routing table, showing the paths that traffic will take based on the network’s routing configuration.
Example Output:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
Use case 3: Print the routing table of IPv4 addresses
Code:
netstat -nr -f inet
Motivation:
Sometimes there is a need to focus specifically on IPv4 routing tables, especially when the network uses both IPv4 and IPv6. This command allows users to filter and view only the IPv4-related routes, making it easier to debug, configure, and audit IPv4 traffic paths, which is particularly useful in IPv4-dominated network infrastructures.
Explanation:
-n
: As before, this option avoids converting IP addresses into hostnames.-r
: Indicates the request to print routing tables.-f inet
: Specifies that only the IPv4 (INET) entries should be shown in the output, effectively filtering the results to only show relevant data.
Example Output:
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.1 UGSc 11 0 eth0
192.168.1.0 link#4 U 2 0 eth0
Conclusion:
The netstat
command is a versatile tool for network diagnosis and monitoring, offering a variety of options to satisfy different use cases. From identifying which programs are using network resources to examining routing tables, netstat
provides vital insights into how a machine is communicating over a network. Such detailed visibility is indispensable for resolving network issues, optimizing configuration, or ensuring security compliance. Understanding how to leverage the specific use cases of netstat can significantly enhance one’s ability to maintain and troubleshoot network systems efficiently.