The netstat (network statistics) command is used to gather information about TCP connections to the system. Depending on the options used, netstat informs the user of existing connections, listening ports on the server, NIC information, etc.

Common options for the netstat command include:

Option Used To
-v Activate verbose mode.
-i [interface] Display info about all network interfaces or interface specified.
-c Continuously print information every second.
-l Show only what ports are being listened on.

The netstat command has been deprecated in favor of the ss command, but it may still be installed with some Linux distributions.

Syntax

The syntax of the netstat command is:

Output

The default output of netstat is in columnar format, as follows:

  • The protocol used by the socket.
  • The number of processes attached to the socket.
  • Flags that give further information about the socket’s status.
  • The type of socket access.
  • The state of the socket.
  • The ID of the process attached to the socket
  • The path of the process attached to the socket.

An example is as follows:

unix 2 [ ] STREAM CONNECTED 472 /run/dbus/system_bus_socket

netsta Configuration files

Configuration File Description
/etc/services The services translation file
/proc/net/dev device information
/proc/net/raw raw socket information
/proc/net/tcp TCP socket information
/proc/net/udp UDP socket information
/proc/net/igmp IGMP multicast information
/proc/net/unix Unix domain socket information
/proc/net/route IP routing information
/proc/net/snmp Statistics

netstat Command Examples

1. To display the kernel routing table:

# netstat -r
# netstat --route 

2. To display multicast group membership information

# netstat -g
# netstat --groups 

3. To display the kernel interface table:

# netstat -i
# netstat --interfaces
# netstat --interfaces=eth0 

4. To display a list of masqueraded connections:

# netstat -M
# netstat --masquerade 

5. To display summary statistics of each protocol:

# netstat -s
# netstat --statistics 

6. To set to verbose :

# netstat -v
# netstat --verbose 

7. To show numerical addresses instead of trying to determine symbolic host:

# netstat -n
# netstat --numeric 

8. To numerical host addresses but does not affect the resolution:

# netstat --numeric-hosts 

9. To numerical port numbers but does not affect the resolution:

# netstat --numeric-ports 

10. To show numerical user IDs but does not affect the resolution:

# netstat --numeric-users 

11. To print the selected information every second continuously:

# netstat -c 
# netstat --continuous

12. To display the additional information:

# netstat -e
# netstat --extend 

13. To include information related to networking timers:

# netstat -o
# netstat --timers 

14. To show the PID and name of the program to which each socket belongs:

# netstat -p
# netstat --program 

15. To show only listening sockets:

# netstat -l
# netstat --listening 

16. To show both listening and non-listening sockets:

# netstat -a
# netstat --all 

17. To print routing information from the FIB:

18. To print routing information from the route cach:

19. To print SELinux context:

# netstat -Z
# netstat --context 

20. To stop trimming long addresses:

# netstat -T
# netstat --notrim 

21. To set delay:

22. To get the help:

# netstat -h
# netstat --help 

23. To get the version:

netstat examples with multiple options combined

1. To see the currently active routing table:

2. To see all the socket information:

3. To see all the listening ports:

# netstat -anp | grep LISTEN

4. To see all the process/services running and listening on ports:

5. To see the protocol specific statistics (e.g. for TCP):

6. To see the interface activity stats:

# netstat -i -t 2
# netstat -it 2

7. To see the summary stat for a particular port:

# netstat -st               (For TCP)
# netstat -su               (For UDP)