Linux Network Management with "netstat"

Sohail
Sohail

Table of Contents

The netstat (short for network statistics) command line tool helps in retrieving information such as network connections, network interfaces in use, routing tables, masquerade connections.  It lists out all the TCP, UDP socket connections, and the UNIX socket connections.

The common test case that almost everybody encounters to see whether a given background process says a web server running or not on the specified port. Apart from this kind of simple yet powerful test case, netstat is helpful to administrators, testers, and developers in their day to day work to perform debugging, network troubleshooting and performance measurement.​The Linux manual page defines netstat as –​

netstat man page

​netstat is available on UNIX and UNIX-like systems such as Solaris, AIX, HP-UX, macOS, Linux and BSD flavors.  It is even available in Microsoft operating systems such as Windows NT, Vista, 7, 8 and Windows 10. In this article let us focus on some of the useful options provided by netstat with examples tested on Ubuntu 16.04:​1 – ​Show all listening and non-listening sockets of TCP, UDP, and UNIX socket connections, routing table entries, and network interfaces ​

$ netstat –a 
netstat -a

  ​2 – To show only TCP socket connections:

$ netstat –at 
show only tcp socket netstat

3 – Show only UDP socket connections

$ netstat –au 
show only udp socket netstat

In case to turn off domain names or hostnames and display only IP addresses in the output, just add “–n” option

display ip address output netstat

4 – Show all socket connections which are in listening state:

$ netstat –l | more
$ netstat –lt | more <- only TCP sockets
$ netstat –lu | more <- only UDP sockets ​5 - ​Finding the port used by a process.

Often we get a situation where we would need to know which port a particular process on server says apache is running.  Combining netstat with UNIX common utilities like “grep” we can easily make it out. Note that you need to have root privileges in case you are looking for processes started by root.  For instance, if we are looking port number on which apache is running, we can use “-ap” option combined with “grep” as follows:

​$ netstat –ap | grep apache 
netstat find port number apache

​Finding process name when a port is known:

find process name netstat

​A user can add “–programs” option which indicates which program/process is listening on the specified port in a user-friendly manner.

netstat add program

6 – Show the statistics for each protocol

$ netstat –s
$ netstat –st – for TCP only ports
$ netstat –su - for UDP only ports 
show statistics netstat

7 – Display process id (pid) and process names in netstat output.

$ netstat -lp | more
$ netstat -ltp | more - for listening TCP ports
$ netstat -lup | more - for listening UDP ports 
display pid in netstat

8 – Show netstat information continuously. You can add “–c” option to your netstat command in order to display the connections continuously.

$ netstat –c 
show netstat information

9 – Find the non-supportive address families in your system.

$ netstat -–verbose 
find non-supportive address

  ​10 – Display the kernel routing information

$ netstat –r 
display kernel routing netstat

11 – Show the list of network interfaces

$ netstat –i 
show network list

12 – The above output is more of technical in nature.  Using netstat with switch “-ie”, will provide the information in a user-friendly output as below:

$ netstat –ie 
use netstat with switch
13 – Showing output in promiscuous mode

At times it is required to display output by netstat for every selected interval.  For this, netstat provides the promiscuous mode with “-ac” switch, that enables netstat to show the desired output or refresh the output every “n” seconds as below. Default interval of refresh is one second.​

$ netstat –ac 5 | grep tcp 
promiscuous mode netstat

To stop, press “ctrl +c”.14 – Displaying ipv4 and ipv6 information $ netstat –g

display ipv4 and ipv6 netstat

Conclusion

Using netstat in bare form might produce huge information that is too much for the need. One should know what options should be used with netstat so that it can produce the information that you are looking for. Following image shows various options in terms of both flags and long names of netstat:

netstat help manual
Linux toolsUncategorizedtutorial