Netstat Command is very useful .this command displays various network related information such as network connections, routing tables, interface statistics, masquerade connections, multicast memberships etc.,
below are some example
1. List All Ports (both listening and non listening ports)
List all ports using netstat -a
# netstat -a | more
[root@boost ~]# netstat -a | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 boost.localho:licensedaemon *:* LISTEN
tcp 0 0 boost.localhost:tr-rsrb-p1 *:* LISTEN
tcp 0 0 *:amqp *:* LISTEN
tcp 0 0 *:10601 *:* LISTEN
tcp 0 0 *:svn *:* LISTEN
tcp 0 0 *:mysql *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost.localdomain:ipp *:* LISTEN
tcp 0 0 localhost.localdomain:smtp *:* LISTEN
tcp 0 0 boost.localho:licensedaemon boost.localhost:60530 ESTABLISHED
tcp 0 52 boost.localhost:ssh ABTS-North-Dynamic-21:13206 ESTABLISHED
tcp 0 0 boost.localhost:51937 boost.localhost:tr-rsrb-p1 ESTABLISHED
List all tcp ports using netstat -at
# netstat -at
[root@boost ~]# netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 boost.localho:licensedaemon *:* LISTEN
tcp 0 0 boost.localhost:tr-rsrb-p1 *:* LISTEN
tcp 0 0 *:amqp *:* LISTEN
tcp 0 0 *:10601 *:* LISTEN
tcp 0 0 *:svn *:* LISTEN
tcp 0 0 *:mysql *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost.localdomain:ipp *:* LISTEN
tcp 0 0 localhost.localdomain:smtp *:* LISTEN
tcp 0 0 boost.localho:licensedaemon boost.localhost:60530 ESTABLISHED
tcp 0 248 boost.localhost:ssh ABTS-North-Dynamic-21:13206 ESTABLISHED
tcp 0 0 boost.localhost:51937 boost.localhost:tr-rsrb-p1 ESTABLISHED
tcp 0 0 boost.localhost:tr-rsrb-p1 boost.localhost:51937 ESTABLISHED
tcp 0 0 boost.localhost:60530 boost.localho:licensedaemon ESTABLISHED
tcp 0 0 *:https *:* LISTEN
tcp 0 0 *:pcsync-https *:* LISTEN
tcp 0 0 *:wbem-https *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:http *:* LISTEN
tcp 0 0 *:ncube-lm *:* LISTEN
tcp 0 0 *:59665 *:* LISTEN
tcp 0 0 *:37652 *:* LISTEN
tcp 0 0 *:23829 *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 boost.localhost:ipp *:* LISTEN
[root@boost ~]#
List all udp ports using netstat -au
# netstat -au
[root@boost ~]# netstat -au
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 *:966 *:*
udp 0 0 *:mdns *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:ipp *:*
udp 0 0 *:904 *:*
udp 0 0 *:11025 *:*
udp 0 0 *:39063 *:*
udp 0 0 boost.localhost:28589 *:*
udp 0 0 boost.localhost:11440 *:*
udp 0 0 boost.localhost:11568 *:*
udp 0 0 *:34632 *:*
udp 0 0 boost.localhost:37471 *:*
udp 0 0 boost.localhost:39916 *:*
udp 0 0 *:sunrpc *:*
udp 0 0 boost.localhost:55299 *:*
udp 0 0 *:904 *:*
2. List Sockets which are in Listening State
List only listening ports using netstat -l
# netstat -l
[root@boost ~]# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 boost.localho:licensedaemon *:* LISTEN
tcp 0 0 boost.localhost:tr-rsrb-p1 *:* LISTEN
tcp 0 0 *:amqp *:* LISTEN
tcp 0 0 *:10601 *:* LISTEN
tcp 0 0 *:svn *:* LISTEN
tcp 0 0 *:mysql *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost.localdomain:ipp *:* LISTEN
tcp 0 0 localhost.localdomain:smtp *:* LISTEN
tcp 0 0 *:https *:* LISTEN
tcp 0 0 *:pcsync-https *:* LISTEN
tcp 0 0 *:wbem-https *:* LISTEN
List only listening TCP Ports using netstat -lt
# netstat -lt
[root@boost ~]# netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 boost.localho:licensedaemon *:* LISTEN
tcp 0 0 boost.localhost:tr-rsrb-p1 *:* LISTEN
tcp 0 0 *:amqp *:* LISTEN
tcp 0 0 *:10601 *:* LISTEN
tcp 0 0 *:svn *:* LISTEN
tcp 0 0 *:mysql *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost.localdomain:ipp *:* LISTEN
tcp 0 0 localhost.localdomain:smtp *:* LISTEN
tcp 0 0 *:https *:* LISTEN
tcp 0 0 *:pcsync-https *:* LISTEN
tcp 0 0 *:wbem-https *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:http *:* LISTEN
tcp 0 0 *:ncube-lm *:* LISTEN
tcp 0 0 *:59665 *:* LISTEN
tcp 0 0 *:37652 *:* LISTEN
tcp 0 0 *:23829 *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 boost.localhost:ipp *:* LISTEN
List only listening UDP Ports using netstat -lu
# netstat -lu
[root@boost ~]# netstat -lu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 *:966 *:*
udp 0 0 *:mdns *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:ipp *:*
udp 0 0 *:904 *:*
udp 0 0 *:11025 *:*
udp 0 0 *:39063 *:*
udp 0 0 boost.localhost:28589 *:*
udp 0 0 boost.localhost:11440 *:*
udp 0 0 boost.localhost:11568 *:*
udp 0 0 *:34632 *:*
udp 0 0 boost.localhost:37471 *:*
udp 0 0 boost.localhost:39916 *:*
udp 0 0 *:sunrpc *:*
udp 0 0 boost.localhost:55299 *:*
udp 0 0 *:904 *:*
[root@boost ~]#
List only the listening UNIX Ports using netstat -lx
# netstat -lx
[root@boost ~]# netstat -lx
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 64195 /var/tmp/.oracle/sEXTPROC1986
unix 2 [ ACC ] STREAM LISTENING 106946 @/tmp/dbus-Xq2EuEFyq4
unix 2 [ ACC ] STREAM LISTENING 11391 /var/run/cups/cups.sock
unix 2 [ ACC ] STREAM LISTENING 106862 @/tmp/gdm-greeter-OEzTmrgF
unix 2 [ ACC ] STREAM LISTENING 7731 @/com/ubuntu/upstart
unix 2 [ ACC ] STREAM LISTENING 56766 /tmp/keyring-mP1t5P/socket
unix 2 [ ACC ] STREAM LISTENING 106776 /tmp/.X11-unix/X0
3. Show the statistics for each protocol
Show statistics for all ports using netstat -s
# netstat -s
Ip:
11150 total packets received
1 with invalid addresses
0 forwarded
0 incoming packets discarded
11149 incoming packets delivered
11635 requests sent out
Icmp:
0 ICMP messages received
0 input ICMP message failed.
Tcp:
582 active connections openings
2 failed connection attempts
25 connection resets received
Udp:
1183 packets received
4 packets to unknown port received.
.....
Show statistics for TCP (or) UDP ports using netstat -st (or) -su
# netstat -st
# netstat -su
4. Display PID and program names in netstat output using netstat -p
netstat -p option can be combined with any other netstat option. This will add the “PID/Program Name” to the netstat output. This is very useful while debugging to identify which program is running on a particular port.
# netstat -pt
[root@boost ~]# netstat -pt
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 boost.localho:licensedaemon boost.localhost:60530 ESTABLISHED 6237/tnslsnr
tcp 0 52 boost.localhost:ssh ABTS-North-Dynamic-21:13206 ESTABLISHED 25422/0
tcp 0 0 boost.localhost:51937 boost.localhost:tr-rsrb-p1 ESTABLISHED 4155/ora_lreg_mobil
tcp 0 0 boost.localhost:tr-rsrb-p1 boost.localhost:51937 ESTABLISHED 6241/tnslsnr
tcp 0 0 boost.localhost:60530 boost.localho:licensedaemon ESTABLISHED 6056/ora_lreg_boost
[root@boost ~]#
5. Don’t resolve host, port and user name in netstat output
When you don’t want the name of the host, port or user to be displayed, use netstat -n option. This will display in numbers, instead of resolving the host name, port name, user name.
This also speeds up the output, as netstat is not performing any look-up.
# netstat -an
If you don’t want only any one of those three items ( ports, or hosts, or users ) to be resolved, use following commands.
# netsat -a --numeric-ports
# netsat -a --numeric-hosts
# netsat -a --numeric-users
6. Print netstat information continuously
netstat will print information continuously every few seconds.
# netstat -c
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 ramesh-laptop.loc:36130 101-101-181-225.ama:www ESTABLISHED
tcp 1 1 ramesh-laptop.loc:52564 101.11.169.230:www CLOSING
tcp 0 0 ramesh-laptop.loc:43758 server-101-101-43-2:www ESTABLISHED
tcp 1 1 ramesh-laptop.loc:42367 101.101.34.101:www CLOSING
^C
7. Find the non supportive Address families in your system
netstat --verbose
At the end, you will have something like this.
netstat: no support for `AF IPX' on this system.
netstat: no support for `AF AX25' on this system.
netstat: no support for `AF X25' on this system.
netstat: no support for `AF NETROM' on this system.
8. Display the kernel routing information using netstat -r
# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 eth2
link-local * 255.255.0.0 U 0 0 0 eth2
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth2
Note: Use netstat -rn to display routes in numeric format without resolving for host-names.
9. Find out on which port a program is running
# netstat -ap | grep ssh
(Not all processes could be identified, non-owned process info
[root@boost ~]# netstat -ap | grep ssh
tcp 0 0 *:ssh *:* LISTEN 1917/sshd
tcp 0 52 boost.localhost:ssh ABTS-North-Dynamic-21:13206 ESTABLISHED 25422/0
tcp 0 0 *:ssh *:* LISTEN 1917/sshd
[root@boost ~]#
Find out which process is using a particular port:
# netstat -an | grep ':80'
10. Show the list of network interfaces
# netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 0 0 0 0 0 0 0 0 BMU
eth2 1500 0 26196 0 0 0 26883 6 0 0 BMRU
lo 16436 0 4 0 0 0 4 0 0 0 LRU
Display extended information on the interfaces (similar to ifconfig) using netstat -ie:
# netstat -ie
Kernel Interface table
eth0 Link encap:Ethernet HWaddr 00:10:40:11:11:11
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Memory:f6ae0000-f6b00000