How to use the command 'netstat' (with examples)

How to use the command 'netstat' (with examples)

  • Osx
  • December 17, 2024

Netstat, short for “network statistics,” is a command-line network utility used to monitor network connections, both incoming and outgoing, and record network interface-related statistics. Netstat is a powerful tool for administrators and users alike who need to troubleshoot network issues, monitor network activity, or get a quick snapshot of what the device is doing network-wise. It provides information about open connections, routing tables, and a variety of network statistics, making it invaluable for real-time diagnostics and analysis.

Use case 1: Display the PID and program name listening on a specific protocol

Code:

netstat -p protocol

Motivation:

Understanding which processes are responsible for network activity on your computer is crucial for troubleshooting and security auditing. You may often need to identify the process ID (PID) and the associated program name that is listening on a particular network protocol. This helps in diagnosing potential issues like unwanted or suspicious processes using network resources or simply allocating resources based on network activity.

Explanation:

  • -p: This flag displays the PID and the program’s name. Including this argument allows users to drill down into the specifics of which program is responsible for the given network activity.
  • protocol: This parameter allows users to specify a network protocol, such as TCP, UDP, etc., thus focusing the output on connections related to the given protocol.

Example Output:

Active Internet connections
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 localhost:8008          *:*                     LISTEN      7313/python

Use case 2: Print the routing table and do not resolve IP addresses to hostnames

Code:

netstat -nr

Motivation:

When analyzing routing tables, resolving IP addresses to hostnames is often unnecessary and can slow down the process, especially if the DNS resolution is slow or unavailable. This option provides a faster way to check routing configurations without the delay of resolving IP addresses. Network administrators might use this to quickly spot routing errors, verify connectivity paths, or configure different network segments efficiently.

Explanation:

  • -n: Tells netstat to show numerical addresses instead of trying to resolve hostnames.
  • -r: Displays the routing table, showing the paths that traffic will take based on the network’s routing configuration.

Example Output:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0

Use case 3: Print the routing table of IPv4 addresses

Code:

netstat -nr -f inet

Motivation:

Sometimes there is a need to focus specifically on IPv4 routing tables, especially when the network uses both IPv4 and IPv6. This command allows users to filter and view only the IPv4-related routes, making it easier to debug, configure, and audit IPv4 traffic paths, which is particularly useful in IPv4-dominated network infrastructures.

Explanation:

  • -n: As before, this option avoids converting IP addresses into hostnames.
  • -r: Indicates the request to print routing tables.
  • -f inet: Specifies that only the IPv4 (INET) entries should be shown in the output, effectively filtering the results to only show relevant data.

Example Output:

Routing tables

Internet:
Destination        Gateway            Flags        Refs      Use    Netif Expire
default            192.168.1.1        UGSc           11        0      eth0
192.168.1.0        link#4             U              2        0      eth0

Conclusion:

The netstat command is a versatile tool for network diagnosis and monitoring, offering a variety of options to satisfy different use cases. From identifying which programs are using network resources to examining routing tables, netstat provides vital insights into how a machine is communicating over a network. Such detailed visibility is indispensable for resolving network issues, optimizing configuration, or ensuring security compliance. Understanding how to leverage the specific use cases of netstat can significantly enhance one’s ability to maintain and troubleshoot network systems efficiently.

Related Posts

How to Use the Command 'qm suspend' in Proxmox (with Examples)

How to Use the Command 'qm suspend' in Proxmox (with Examples)

The command qm suspend is an essential part of managing virtual machines within the Proxmox Virtual Environment (PVE), allowing administrators to temporarily pause the operation of a VM.

Read More
How to Use the Command 'pnmtojpeg' (with Examples)

How to Use the Command 'pnmtojpeg' (with Examples)

The pnmtojpeg command is a utility tool designed to convert images from the PNM (Portable Any Map) format to the more widely-used JPEG/JFIF/EXIF formats.

Read More
Comprehensive Guide to Using the 'gopass' Command (with examples)

Comprehensive Guide to Using the 'gopass' Command (with examples)

Gopass is a robust Unix password manager designed specifically for team environments.

Read More