netstat command in Linux with examples
This article is a follow-up to the previous 90 Linux Commands frequently used by Linux Sysadmins post. As time allows, I will publish articles on the 90 commands geared toward Linux sysadmins and Linux power users.
netstat command in Linux
I recently revisited the netstat command. Netstat is a network debugging tool that displays network connections, routing tables, interface statistics, and protocol statistics. The command is available on most Unix-based systems, including Linux and macOS.
I find it amazing that this command has been around for so long, even though it’s now officially deprecated. Modern Linux distributions now favor the ss command as a replacement:
| Feature | netstat | ss |
|---|---|---|
| Speed | Slower | Faster |
| Output Details | Limited | Comprehensive |
| Deprecated? | Yes | No |
This article was originally published several years ago, when the netstat command was still widely used for network troubleshooting and monitoring. It remains an archive for those who continue to rely on netstat or wish to explore its functionality.
Below, you’ll find a quick rundown of how to use netstat, what it displays, and how to leverage it for monitoring current connections and gathering useful data.
The netstat command provides a way to view a wide variety of information about network connections, such as:
- The protocol used (TCP or UDP).
- The local and remote IP addresses and port numbers of the connection.
- The state of the connection (established, listening, or closed).
- The amount of data transmitted and received over the connection.
- The process ID (PID) of the program using the connection.
The netstat command can be used to troubleshoot network issues, monitor network activity, and provide information about active network connections on a system. It has various options that can be used to customize the output of the command. For example, the -a option shows all active connections and listening ports, while the -n option displays numerical addresses instead of resolving host names.
netstat command examples
Here are some examples of how the netstat command can be used:
To show all active TCP connections, use the following:
netstat -at
This command will display a list of all active TCP connections, including the local and remote IP addresses and port numbers, as well as the state of the connection.
To show all listening TCP ports, use the following:
netstat -tl
This command will display a list of all TCP ports on the system that are currently in a listening state. This can be useful for identifying services that are currently running on the system.
To show all UDP connections, use the following:
netstat -au
This command will display a list of all active UDP connections, including the local and remote IP addresses and port numbers.
To display network statistics, use the following:
netstat -s
This command will display a summary of various network statistics, such as the number of packets received and transmitted, errors, and collisions.
To show all active network connections and associated processes, use the following:
netstat -ap
This command will display a list of all active network connections and the processes that are associated with them. This can be useful for identifying which processes are using network resources on the system.
Related commands:
ping: Test network connectivity by sending and receiving packets.traceroute: Trace the path that packets take between hosts on a network.tcpdump: Capture and display network packets for analysis and troubleshooting.ss: Display network connections and statistics in a more detailed and faster way thannetstat.
Is it just my firefox or are there no actual commands after “use the following:” ??
There should be commands. Can you paste a screenshot in a private forum message to me? In the meantime, I will test on desktop with firefox in the AM.
Thanks for reporting.