Netstat Command & Examples : View Monitor Network Statistics and Configurations In Linux


Netstat is a command line tool that is used to view and monitor network statistics and configurations of a system. This tool is available on both Unix, Linux and Windows NT-based operating systems.
Below are some of the activities that can be carried out using this tool
  • View network connections
  • View routing tables
  • View network interface statistics
  • View masquerade connections
  • View multicast memberships
Netstat is a very powerful tool that can be used for network troubleshooting and network performance measuring purposes.

Below are some of the basic commands of netstat tool



1) Listing all the sockets

This displays details of all the sockets, including open and close sockets in the following format

Proto - Protocol
RefCnt - Reference Count : number of attached processes connected via this socket
Flags - Flag type
Type – Network socket type
State - State of the socket
I-Node - Inode of the socket
Path - Path of the socket

Command : netstat -a

Sample output :
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     15365    /var/run/docker.sock
unix  2      [ ACC ]     STREAM     LISTENING     22352    @/tmp/.ICE-unix/4060
unix  2      [ ACC ]     STREAM     LISTENING     10523    /var/run/acpid.socket
unix  2      [ ACC ]     STREAM     LISTENING     21843    /tmp/ssh-8rfNCLtCuWbJ/agent.4000
unix  2      [ ACC ]     STREAM     LISTENING     13073    /var/run/samba/winbindd/pipe

2) Listing all TCP port connections



This displays details of all the TCP sockets, including open and close sockets in the same format.

Command : netstat -at

Sample output :
Active Internet connections (servers and established)
Proto  Recv-Q    Send-Q    Local Address        Foreign Address              State
tcp          0           0         localhost:ipp            *:*                         LISTEN
tcp           0           0        *:microsoft-ds          *:*                         LISTEN
tcp          0           0         *:netbios-ssn           *:*                         LISTEN
tcp          0           0         ubuntu:domain         *:*                         LISTEN
tcp6        0           0         ip6-localhost:ipp       [::]:*                      LISTEN
tcp6        0           0        [::]:microsoft-ds        [::]:*                      LISTEN
tcp6        0           0        [::]:netbios-ssn         [::]:*                      LISTEN
tcp6         1           0       ip6-localhost:34871     ip6-localhost:ipp     CLOSE_WAIT

3) Listing all UDP port connections

This displays details of all the UDP sockets, including open and close sockets in the same format.

Command : netstat -au

Sample Output :
Active Internet connections (servers and established)
Proto    Recv-Q    Send-Q     Local Address                     Foreign Address     State
udp         0            0              *:59865                              *:*
udp         0            0              ubuntu:domain                    *:*
udp         0            0              *:bootpc                             *:*
udp         0            0              *:32333                              *:*
udp         0            0              *:ipp                                   *:*
udp         0            0              192.168.64.2:netbios-ns       *:*
udp         0            0              192.168.64.1:netbios-ns       *:*
udp         0            0              172.17.255.2:netbios-ns        *:*
udp         0           0              172.17.0.1:netbios-ns            *:*

4) Listing all connections in ‘LISTEN’ state

This displays details of all the listening sockets in the same format.

Command : netstat -l

Sample output :
Proto  Recv-Q    Send-Q    Local Address              Foreign Address     State
tcp    0           0         localhost:ipp              *:*                 LISTEN
tcp            0           0           *:microsoft-ds            *:*                 LISTEN
tcp           0           0           *:netbios-ssn              *:*                 LISTEN
tcp           0           0           ubuntu:domain           *:*                 LISTEN
tcp6         0           0           ip6-localhost:ipp          [::]:*              LISTEN
tcp6         0           0           [::]:microsoft-ds          [::]:*              LISTEN
tcp6         0           0           [::]:netbios-ssn          [::]:*              LISTEN

5) Display the routing table



This prints out kernel routing information in below format
Destination - Destination Address
Gateway – Gateway Address
Genmask - Netmask corresponding to the network
Flag - To provide specific information about the route (U-route is up , G - Communication for this network should be sent via the gateway)
MSS – Maximum Segment size
Window – TCP Window size
Irtt – Initial round trip time
Iface – Interface

Command : netstat -r

Sample Output :
Kernel IP routing table
Destination    Gateway           Genmask          Flags    MSS     Window  irtt    Iface
default          192.168.64.2      0.0.0.0              UG       0           0         0       eth0
172.17.0.0          *                255.255.0.0        U        0           0         0       docker0
192.168.64.0    *                255.255.255.0     U        0           0         0       eth0

6) Display network interfaces

This prints out information about network interfaces in following format
Iface – Interface
MTU – Maximum Transmission Unit
Met – Metric value for the interface
RX-OK - Number of error free packets received
RX-ERR – Number of packets received with errors
RX-DRP – Number of dropped packets when receiving
RX-OVR – Number of packets lost due to the overflow when receiving
TX-OK - Number of error free packets transmitted
RX-ERR – Number of transmitted packets with errors
RX-DRP – Number of dropped packets when transmitting
RX-OVR – Number of packets lost due to the overflow when transmitting
Flg – Flag

Command : netstat -i

Sample Output :
Kernel Interface table
Iface        MTU    Met RX-OK   RX-ERR  RX-DRP  RX-OVR  TX-OK   TX-ERR  TX-DRP  TX-OVR  Flg
docker0    1500    0   0              0           0        0            0          0           0          0          BMU
eth0         1500    0   36774       0          0        0            20917    0          0          0          BMRU
lo             65536  0   7246         0          0        0            7246      0          0          0          LRU

7) Continuous monitoring

This command outputs socket connections continuously, so this is useful for continuous network monitoring.

Command : netstat -c

Sample output :
unix 3 [ ] STREAM CONNECTED 24655
unix 3 [ ] STREAM CONNECTED 22456
unix 3 [ ] STREAM CONNECTED 22227 @/tmp/.X11-unix/X0
unix 2 [ ] DGRAM            16819
unix 3 [ ] STREAM CONNECTED 13848 /var/run/dbus/system_bus_socket

8) Display multicast group information

This displays multicast group information for both IPV4 and IPV6 in following format
Interface - Network interface
RefCnt – Reference Count : number of attached processes connected via this socket
Group – Multicast group

Command : netstat -g

Sample output :
IPv6/IPv4 Group Memberships
Interface       RefCnt     Group
--------------- ------ ---------------------
lo                   1         all-systems.mcast.net
eth0                1           224.0.0.251
eth0                1           all-systems.mcast.net
docker0           1           224.0.0.251
docker0           1           all-systems.mcast.net
lo                    1           ip6-allnodes
lo                    1           ff01::1
eth0                1           ff02::fb
eth0                1           ff02::1:ff6a:275b
eth0                1           ip6-allnodes
eth0                1           ff01::1
docker0           1           ip6-allnodes
docker0           1           ff01::1
Below are some of bit more advanced and miscellaneous commands of netstat tool



9) Listing active connection on a given port

Following command displays details about connections established through the port 80. These details include protocol , source and destination addresses and the connection status.

Command : netstat -anp | grep :80 | grep ESTABLISHED

Sample output :
tcp 0 0 192.168.64.129:51548 74.125.204.106:80  ESTABLISHED 8418/firefox
tcp 0 0 192.168.64.129:44365 172.217.194.101:80 ESTABLISHED 8418/firefox
tcp 0 0 192.168.64.129:51547 74.125.204.106:80  ESTABLISHED 8418/firefox

10) List number of different connection types

Following command displays the number connections of different types of state that is in the machine sorted in ascending order

Command : netstat -ant | awk '{print $6}' | sort | uniq -c | sort -n

Sample Output :
1 CLOSE_WAIT
1 established)
1 Foreign
7 LISTEN

11) Display services listening to a given port

This shows details on the services listening to the port 53 , such as the process id of the service and service name

Command : netstat -ltnp | grep ':53'

Sample output :
tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN 1488/dnsmasq

12) List Non supportive address families



At the bottom of the output of the following command, details on the non-supportive address families in the machine is displayed.

Command : netstat --verbose

Sample output :
netstat: no support for `AF IPX' on this system.
netstat: no support for `AF AX25' on this system.
netstat: no support for `AF X25' on this system.
netstat: no support for `AF NETROM' on this system.

13) Find out on which port a service is running

This is used to find out the details of the ports that ‘SSH’ service is listening to along with details on the ssh service itself

Command : netstat -ap | grep ssh

Sample output :
unix 2 [ ACC ] STREAM LISTENING 21843 4004/ssh-agent /tmp/ssh-8rfNCLtCuWbJ/agent.4000
unix 2 [ ACC ] STREAM LISTENING 22603 3927/gnome-keyring- /run/user/1000/keyring-SC0TKd/ssh
'man Netstat' Command
  • man command is used to view the manual page of a command and here it displays the manual page of the netstat command. It list out all the usage options that are available for this command with explanations and example. 
     
    Command : man netstat 
     
    Sample output : 
    DESCRIPTION
           Netstat  prints  information about the Linux networking subsystem.  The
           type of information printed is controlled by  the  first  argument,  as
           follows:
    
       (none)
           By  default,  netstat  displays  a  list of open sockets.  If you don't
           specify any address families, then the active sockets of all configured
           address families will be printed.
    
       --route , -r
           Display  the kernel routing tables. See the description in route(8) for
           details.  netstat -r and route -e produce the same output.
    
       --groups , -g
           Display multicast group membership information for IPv4 and IPv6.
    
       --interfaces, -i
           Display a table of all network interfaces.
    
       --masquerade , -M
           Display a list of masqueraded connections.
    
       --statistics , -s
           Display summary statistics for each protocol.
     


In this tutorial we learned how to use netstat command in linux. Hope you enjoyed reading and please leave your suggestion in the below comment section.
Netstat Command & Examples : View Monitor Network Statistics and Configurations In Linux Netstat Command & Examples : View Monitor Network Statistics and Configurations In Linux Reviewed by Raj on December 23, 2019 Rating: 5

No comments:

Powered by Blogger.