netstat Command in Linux | Explained

The netstat command in Linux is a tool for viewing information about the network and is commonly employed to troubleshoot network issues or gather information about network activity. The netstat utility is supported on all the Linux distributions and is the most exercised tool by the network administrators.

Let’s start discussing the netstat utility in more depth

Prerequisite: Install netstat Utility

The netstat command doesn’t come pre-installed in Linux OS, and you need first to install the “net-tools” package to use it. This package is a collection of basic network utilities for Linux systems. To install the net-tools package, you need to type the following command:

$ sudo apt install net-tools              #Debian/Ubuntu-Based 
$ sudo yum install net-tools              #RHEL/CentOS-Based
$ sudo pacman -S net-tools                #Arch-Based

How Does netstat Command Work in Linux?

The basic syntax of the netstat Command is mentioned below:

Syntax:

$ netstat <options>

The netstat is the main command keyword. In contrast, the options supported by can be obtained using the following command.

$ netstat --help

How to Use the netstat Command in Linux?

We have learned the basic workings and syntax of the netstat command in Linux. Let’s exercise it practically through examples.

Display All Listening and Non-Listening Ports

The netstat command in Linux can be used to display active connections to and from your system. It shows the sockets that are being used by the network subsystem of the operating system.

The “-a” option stands for “all” so using it will show both listening and non-listening sockets. Listening sockets are those that are waiting for incoming connections, while non-listening sockets are those that are connected to a remote host.

You can type the below-mentioned command to display these ports on the Linux terminal:

$ netstat -a

Display all TCP Ports

When you combine the “-a” and “-t” options, you will only be able to see the information regarding the TCP ports. This will include information regarding all active Internet sockets using TCP to send or receive data.

$ netstat -at

Display all UDP Ports

Combining “-a” and “-u” options together will display active sockets for the UDP (User Datagram Protocol) protocol only. It shows all active Internet sockets that are using UDP to send or receive data. You can get all the relevant information by typing the below command:

$ netstat -au

Display Active Network Connections and Their Associated Processes

Combining “-p” and “-a” options with the netstat command in Linux will display active network connections and their associated processes. It shows a list of all active sockets, along with the protocol, local and remote addresses, and the state of the socket.

The “-p” option tells it to display the process ID (PID) and name of the program that is using the socket:

$ netstat -ap

Display Only Listening TCP Ports

Combining the “-l” and “-t” options together will be used to display the current listening TCP sockets on a system. It shows all active Internet sockets that are listening for incoming connections. The -l option tells netstat to display only listening sockets information:

$ netstat -lt

Display Only Listening UDP Ports

Combining the “-l” and “-u” options together will provide you with the information of all the listening UDP ports, which are shown below:

$ netstat -lu

Note: As you can see in the above image, there is nothing displayed in the “state tab” because UDP is a “stateless protocol”. It sends data packets known as datagrams from one host to another without establishing a connection.

List Only Unix Ports

You can get the Unix sockets and ports-related information by combining the “-l” and “-x” options together that are listening for connections as shown below:

$ netstat -lx

Display All Listening Ports

When you use the “-l” option with the netstat command then it displays a list of all the listening sockets on the system, along with their associated port numbers and the addresses they are listening on. For example, the output might look something like this:

$ netstat -l

Display the Statistics of All Ports

The “-s” option in Linux is used to display summary statistics for all network protocols. It shows a summary of the number of packets and bytes sent and received, along with the error and collision rates for each protocol:

$ netstat -s

Display the Statistics of TCP Ports

Combining “-s” and “-t” options will display summary statistics for TCP connections. It summarizes the number of packets and bytes sent and received, along with the error and collision rates for TCP connections. The “-s” option tells the utility to display summary statistics, and the “-t” option tells it to display statistics for the TCP protocol:

$ netstat -st

Display the Statistics of UDP Ports

Combining “-s” and “-u”  will display summary statistics for network protocols. It shows a summary of the number of packets and bytes sent and received, along with each protocol’s error and collision rates. The “-s” option tells the utility to display summary statistics, and the “-u” option tells it to display statistics for the UDP protocol:

$ netstat -su

Display the Network Statistics

The “-c” option can be combined with the netstat command to display network statistics continuously. It shows a list of active network connections, the protocol, local and remote addresses, and the connection state. The “-c” option tells the utility to display the information, continuously updating the output every second:

$ netstat -c

Display Kernel Routing Information

Combining the “-r” option with the netstat command in Linux will display the kernel routing table. The routing table contains information about how to reach different destinations on the network. It includes the destination address, the gateway (if applicable), and the interface through which the traffic will be sent.

$ netstat -r

That’s all from this netstat utility.

Conclusion

The netstat command is a Linux utility that lets you view network statistics and information about active network connections. It can display the status of TCP, UDP, and other protocols, as well as statistics about the network traffic on your system. You have to install the “net-tools” utility to use this command, and different options linked with the netstat command have also been discussed.