10 Examples Use of Netsat

If there are mandatory command line-based network monitoring tools every network administrator should a master in, netstat should be on the list. Netstat — which stands for network statistic — is a versatile tool every network administrator can use for monitoring the network they are handling. While this tool is tend to more popular in Linux and other Unix-like platforms, those who use Windows can also take advantage of this tool.

Nearly all Linux distributions have added netstat as the standard tool so you can just use it without installing it first. If your distro haven’t added the tool you can just install it. In Linux, netstat is a part of net-tools.

Netstat is a helpful and useful when it comes to network troubleshooting and performance measurement. You can use this tool for monitoring network connections both incoming and outgoing. It is one of the basic network service debugging tools, telling you what ports are open and whether any programs are listening on ports.

Just like other commands in Linux, you can get more info about netstat by reading its manual in terminal by typing man netstat. Or, you can also see the available parameters by typing netstat --help. This article will show you the top 10 examples use of netstat.

1. Displaying network interface transactions

# netstat -i

Kernel Interface table
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
enp3s0     1500 0         0      0      0 0             0      0      0      0 BMU
lo        65536 0      1316      0      0 0          1316      0      0      0 LRU
wlp2s0     1500 0      8950      0      0 0          9370      0      0      0 BMRU

2. Displaying kernel interface table

# netstat -ie
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:1360 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1360 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:118265 (118.2 KB)  TX bytes:118265 (118.2 KB)

wlp2s0    Link encap:Ethernet  HWaddr 48:d2:24:b0:20:f9  
          inet addr:192.168.1.102  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::3726:56d2:44f0:ade5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9041 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9472 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:5795807 (5.7 MB)  TX bytes:2201496 (2.2 MB)

3. Listing all the LISTENING ports of TCP and UDP connections

# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 localhost:mysql         *:*                     LISTEN     
tcp        0      0 aliko-X200CA:domain     *:*                     LISTEN     
tcp        0      0 192.168.1.102:41480     ec2-52-42-35-202.:https ESTABLISHED
tcp        0      0 192.168.1.102:40242     sc-in-f188.1e100.n:5228 ESTABLISHED
tcp        0      0 192.168.1.102:41482     ec2-52-42-35-202.:https ESTABLISHED
tcp6       0      0 [::]:http               [::]:*                  LISTEN     
udp        0      0 aliko-X200CA:domain     *:*                                
udp        0      0 *:bootpc                *:*                                
udp        0      0 *:mdns                  *:*                                
udp        0      0 *:mdns                  *:*                                
udp        0      0 *:55564                 *:*                                
udp        0      0 *:57703                 *:*                                
udp        0      0 *:ipp                   *:*                                
udp6       0      0 [::]:43015              [::]:*                             
udp6       0      0 [::]:mdns               [::]:*                             
udp6       0      0 [::]:mdns               [::]:*                             
raw6       0      0 [::]:ipv6-icmp          [::]:*                  7          
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     23667    @/tmp/.ICE-unix/1621
unix  2      [ ]         DGRAM                    22989    /run/user/1001/systemd/notify
unix  2      [ ACC ]     STREAM     LISTENING     22990    /run/user/1001/systemd/private
unix  2      [ ACC ]     SEQPACKET  LISTENING     1530     /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     23001    /run/user/1001/keyring/control
unix  2      [ ACC ]     STREAM     LISTENING     22237    /run/user/1001/keyring/pkcs11
unix  2      [ ACC ]     STREAM     LISTENING     22239    /run/user/1001/keyr

4. Listing all LISTENING connections

# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 localhost:mysql         *:*                     LISTEN     
tcp        0      0 aliko-X200CA:domain     *:*                     LISTEN     
tcp6       0      0 [::]:http               [::]:*                  LISTEN     
udp        0      0 aliko-X200CA:domain     *:*                                
udp        0      0 *:bootpc                *:*                                
udp        0      0 *:mdns                  *:*                                
udp        0      0 *:mdns                  *:*                                
udp        0      0 *:55564                 *:*                                
udp        0      0 *:57703                 *:*                                
udp        0      0 *:ipp                   *:*                                
udp6       0      0 [::]:43015              [::]:*                             
udp6       0      0 [::]:mdns               [::]:*                             
udp6       0      0 [::]:mdns               [::]:*                             
raw6       0      0 [::]:ipv6-icmp          [::]:*                  7          
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     23667    @/tmp/.ICE-unix/1621
unix  2      [ ACC ]     STREAM     LISTENING     22990    /run/user/1001/systemd/private
unix  2      [ ACC ]     SEQPACKET  LISTENING     1530     /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     23001    /run/user/1001/keyring/control
unix  2      [ ACC ]     STREAM     LISTENING     22237    /run/user/1001/keyring/pkcs11
unix  2      [ ACC ]     STREAM     LISTENING     22239    /run/user/1001/keyring/ssh

5. Displaying statistics by protocol

# netstat -s
Ip:
    11360 total packets received
    1 with invalid addresses
    0 forwarded
    0 incoming packets discarded
    11359 incoming packets delivered
    11745 requests sent out
    124 outgoing packets dropped
Icmp:
    293 ICMP messages received
    0 input ICMP message failed.
    ICMP input histogram:
        destination unreachable: 293
    302 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 302
IcmpMsg:
        InType3: 293
        OutType3: 302

6. Displaying kernel IP routing

# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         192.168.1.1     0.0.0.0         UG        0 0          0 wlp2s0
link-local      *               255.255.0.0     U         0 0          0 wlp2s0
192.168.1.0     *               255.255.255.0   U         0 0          0 wlp2s0

7. Displaying IPv4 and IPv6 information

# netstat -g
IPv6/IPv4 Group Memberships
Interface       RefCnt Group
--------------- ------ ---------------------
lo              1      all-systems.mcast.net
enp3s0          1      all-systems.mcast.net
wlp2s0          2      224.0.0.251
wlp2s0          1      all-systems.mcast.net
lo              1      ip6-allnodes
lo              1      ff01::1
enp3s0          1      ip6-allnodes
enp3s0          1      ff01::1
wlp2s0          2      ff02::fb
wlp2s0          1      ff02::1:fff0:ade5
wlp2s0          1      ip6-allnodes
wlp2s0          1      ff01::1

8. Displaying service name with PID

# netstat -tp
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 192.168.1.102:35346     sin10s01-in-f14.1:https ESTABLISHED 2258/chrome     
tcp        0      0 192.168.1.102:40242     sc-in-f188.1e100.n:5228 ESTABLISHED 2258/chrome     
tcp        0      0 192.168.1.102:56224     jktd3khweb11v.clou:http ESTABLISHED 2258/chrome

9. Displaying RAW network statistics

# netstat --statistics --raw
Ip:
    11973 total packets received
    1 with invalid addresses
    0 forwarded
    0 incoming packets discarded
    11972 incoming packets delivered
    12412 requests sent out
    124 outgoing packets dropped
Icmp:
    293 ICMP messages received
    0 input ICMP message failed.
    ICMP input histogram:
        destination unreachable: 293
    302 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 302

10. Print netstat information continuously

# netstat -c
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 192.168.1.102:56236     jktd3khweb11v.clou:http ESTABLISHED
tcp        0      0 192.168.1.102:59698     192.0.73.2:https        ESTABLISHED
tcp        0      0 192.168.1.102:40242     sc-in-f188.1e100.n:5228 ESTABLISHED
tcp        0      0 192.168.1.102:33964     45.e4.9bc0.ip4.sta:http ESTABLISHED
udp        0      0 192.168.1.102:44048     sb-in-f157.1e100.:https ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ]         DGRAM                    22989    /run/user/1001/systemd/notify
unix  7      [ ]         DGRAM                    1532     /run/systemd/journal/socket
unix  2      [ ]         DGRAM                    1629     /run/systemd/journal/syslog
unix  19     [ ]         DGRAM                    1630     /run/systemd/journal/dev-log

Related posts

Written by Al Putra

An open source user, Manchester United fan and CC0-licensed stuffs lover