What is the netstat command used for?

The netstat command displays network connections, routing tables, and network interface statistics. It's useful for monitoring network activity, troubleshooting connectivity issues, and understanding network usage patterns.

How do I see all active network connections?

Use 'netstat -tuln' to see all active TCP and UDP connections with numeric addresses and ports. For more detailed information, use 'netstat -tulnp' to also see the process names.

How do I check which ports are listening?

Use 'netstat -tuln | grep LISTEN' to see all listening ports, or 'netstat -tulnp | grep LISTEN' to see listening ports with process information.

netstat

Display network connections, routing tables, and network interface statistics

Syntax

netstat [options]

Basic Usage

Show all connections

netstat -a

Displays all active network connections.

Show TCP connections

netstat -t

Show UDP connections

netstat -u

Show listening ports

netstat -l

Common Options

-a, --all: Show all connections and listening ports
-t, --tcp: Show TCP connections
-u, --udp: Show UDP connections
-l, --listening: Show only listening ports
-n, --numeric: Show numeric addresses instead of resolving names
-p, --programs: Show process/program name
-r, --route: Show routing table
-i, --interfaces: Show network interfaces
-s, --statistics: Show network statistics
-c, --continuous: Update continuously

Practical Examples

Show all active TCP connections

netstat -t

Show listening ports with process names

netstat -tulnp

Show routing table

netstat -r

Show network interface statistics

netstat -i

Show network statistics by protocol

netstat -s

Show connections for specific port

netstat -tuln | grep :80

Show connections with continuous updates

netstat -tuln -c

Show only established connections

netstat -tuln | grep ESTABLISHED

Understanding Output

Connection States

LISTEN: Port is listening for connections
ESTABLISHED: Active connection
CLOSE_WAIT: Connection closing
TIME_WAIT: Connection timed out
SYN_SENT: Connection attempt

Output Columns

Proto: Protocol (tcp/udp)
Recv-Q: Receive queue
Send-Q: Send queue
Local Address: Local IP and port
Foreign Address: Remote IP and port
State: Connection state

Best Practices

Monitoring Use Cases

Check which services are listening on ports
Monitor active network connections
Troubleshoot network connectivity issues
Verify firewall rules effectiveness
Monitor network usage patterns

Important Notes

netstat is deprecated in favor of ss and ip commands
Use -n flag for faster output (no DNS resolution)
Combine with grep for filtering specific information
Use -c for continuous monitoring
Consider using ss command for newer systems