netstat is a versatile tool for monitoring network connections, including incoming and outgoing connections, routing tables, interface statistics, and more. It is especially useful for network troubleshooting and for understanding what services are listening on specific ports.
Common netstat Switches
- -t: Displays only TCP connections.
- -u: Displays only UDP connections.
- -l: Shows only listening sockets.
- -n: Displays addresses and port numbers numerically, without resolving hostnames.
- -p: Displays the PID and program name of the process associated with each connection.
- -r: Displays the kernel’s routing table.
- -c: Continuously updates the network status every second.
- -i: Displays a table of network interfaces.
- -e: Displays extended information (e.g., packet counts, errors) for network interfaces.
- -s: Displays network statistics for each protocol (e.g., TCP, UDP, ICMP).
Example netstat Commands
- Display all active TCP connections
> netstat -nt - Display all active UDP connections
> netstat -nu - Show all listening sockets (TCP and UDP)
> netstat -l - Show network connections with program names and PIDs
> netstat -p - Display the routing table
> netstat -r - Continuously update the list of active connections every second
> netstat -c - Show network statistics for TCP, UDP, and ICMP
> netstat -s - Display interface statistics
> netstat -i - Display all active connections in numeric format (IP addresses and port numbers)
> netstat -an
Real-World Use Cases:
- Network troubleshooting: If a particular service or port is unreachable,
netstatcan help identify whether the port is actively listening or whether there are any related established connections. - Security monitoring: By displaying active connections and the processes associated with them, you can monitor potentially unwanted network activity or services running on suspicious por