netstat Command in Linux
The netstat command in Linux is a robust tool for network troubleshooting and monitoring. It provides various options and outputs to display network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.
When executed, it displays detailed information about currently active TCP, UDP, and Unix socket connections. TCP connections guarantee reliable data transfer and are typically used by applications such as web browsers and email clients.
On the other hand, UDP connections are used for faster, less reliable data transfer, often utilized in video streaming and gaming. Unix socket connections facilitate inter-process communication on the same machine, commonly seen in server applications.
In addition, netstat not only shows sockets that are currently connected and exchanging data but also those that are listening and ready to accept incoming connections. These listening sockets are essential for server applications, as they await client connection requests.
Table of Contents
Here is a comprehensive guide to the options available with the netstat command −
Syntax of netstat Command
The following is the general syntax for the nestat command −
netstat [options]
netstat Command Options
The following is a list of different options that allow you to customize the netstat command to suit various network troubleshooting, monitoring, and management tasks −
| Options | Description |
|---|---|
| --route , -r | Displays the kernel routing tables. This is useful for viewing the paths that network packets take. It's similar to the output of route -e. |
| --groups , -g | Shows multicast group membership information for both IPv4 and IPv6. This is helpful for understanding multicast network configurations. |
| --interfaces, -i | Displays a table of all network interfaces, along with their statistics. This is useful for monitoring the status and activity of each network interface. |
| --masquerade , -M | Lists masqueraded connections, which are connections that are being modified by Network Address Translation (NAT). |
| --statistics , -s | Provides summary statistics for each protocol. This is useful for getting an overview of network activity and performance. |
| --verbose, -v | This option makes netstat provide more detailed output. It prints additional useful information about unconfigured address families, helping you understand what the command is doing behind the scenes. |
| --wide, -W | Prevents truncation of IP addresses in the output. This is useful to see the full address without any cutoff, especially when scripting or analyzing data. |
| --numeric, -n | Shows numerical addresses instead of resolving symbolic hostnames, port names, or usernames. This option speeds up the output as it skips DNS lookups. |
| --numeric-hosts | Displays numerical host addresses only, while still resolving port names and usernames. |
| --numeric-ports | Shows numerical port numbers only, while still resolving hostnames and usernames. |
| --numeric-users | Displays numerical user IDs only, while still resolving hostnames and port names. |
| --protocol=family, -A |
Specifies the address families (protocols) for which connections are to be shown. The family can be a comma-separated list including options like inet, unix, ipx, ax25, netrom, and ddp. Each family corresponds to different protocol sockets (e.g., inet includes raw, udp, and tcp). |
| --continuous, -c | Continuously prints the selected information every second. This is useful for real-time monitoring of network activity. |
| --extend, -e | Displays additional information about each connection. Using this option twice (-ee) provides maximum detail. |
| --timers, -o | Includes information related to networking timers, which can help diagnose timing-related network issues. |
| --program, -p | Shows the PID and name of the program associated with each socket. This helps identify which processes are using network connections. |
| --listening, -l | Displays only listening sockets, excluding active connections. Useful for checking which services are ready to accept incoming connections. |
| -F | Prints routing information from the Forwarding Information Base (FIB). This is the default behavior for routing information. |
| -C | Prints routing information from the route cache, which can provide insights into recent routing decisions made by the kernel. |
Examples of netstat Command in Linux
In this section, we'll explore some practical examples of the netstat command using various options to illustrate its versatility and utility in real-world scenarios −
Display All Active Connections and Listening Ports
To display all active connections and listening ports, you can simply use the netstat command with the "-a" option −
sudo netstat -a
This command lists all active network connections and listening ports on the system, giving you a comprehensive overview of network activity.
Show Kernel Routing Tables
To display the kernel routing tables, you can use the netstat command with the "-r" option −
sudo netstat -r
This command displays the kernel routing tables, which is useful for understanding the paths that network packets take through your system.
Display Detailed Information Including Timer Data
To display detailed information including timer data, you can simply use the following command −
sudo netstat -o
This command shows detailed information about network connections, routing tables, interface statistics, masquerade connections, and multicast memberships, including timer data for each connection.
Continuous Real-Time Monitoring of Network Activity
For continuous real-time monitoring of network activity, you can use the netstat command with the "-c" option −
sudo netstat -c
The "-c" flag refreshes the output every second, providing real-time updates of active network connections, which is valuable for live monitoring.
Display Numerical Addresses Without Resolving Hostnames
To display numerical addresses without resolving hostnames, you can use the netstat command with the "-n" option −
sudo netstat -n
This command shows numerical IP addresses instead of attempting to resolve them to hostnames, which can speed up the output and make it easier to read.
Display PID and Program Name for Each Socket
To display the PID (Process ID) and program name for each socket in the terminal, you can use the netstat command with the "-p" option −
sudo netstat -p
This command shows the PID and program name associated with each connection, making it easier to identify which processes are using network resources.
Show Network Interfaces and Their Statistics
To display network interfaces and their statistics, you can simply use the netstat command with the "-i" flag −
sudo netstat -i
This command displays a table of all network interfaces along with their statistics, helping you monitor the status and performance of your network interfaces.
Display Multicast Group Membership Information
To display multicast group membership information, you can use the netstat command with the "-g" option −
sudo netstat -g
This command shows multicast group memberships for both IPv4 and IPv6, which is useful for managing multicast networking configurations.
Display Active UNIX Domain Sockets
To display active UNIX domain sockets in the terminal, you can use the netstat command with the "-x" option −
sudo netstat -x
This command lists all active Unix domain sockets, which are used for inter-process communication on the local machine.
Display Routing Information from the Route Cache
To display routing information from the route cache, you can simply use the netstat command with the "-C" option −
sudo netstat -C
This command provides details about the routing cache, which stores recently used routing information.
Conclusion
The examples we've discussed above illustrate the wide range of capabilities and flexibility of the netstat command. Whether you are troubleshooting network issues, monitoring performance, or managing network configurations, netstat provides valuable insights and data.