How to use netstat command in linux

Netstat is a command-line tool for mornitoring  network packages and network interface. It is a very useful tool, the system administrator can be used to monitor network performance, locate and solve related problems.

In this article explain howto use netstat command on linux system.

Example usage netstat command

The syntax of netstat command is :

# netstat [options]

1. Display routing information

This information can be retrieved using the -r option along with this command:

# netstat -r

Example output:

So we see that kernel routing table information was displayed using the -r option. The flag “U” indicates that this entry is up while the flag “G” indicates that this entry is not a direct entry i.e. the destination indicated in this route entry is not on the same network. A list of flags is given below :

• A Receive all multicast at this interface.
• B OK broadcast.
• D Debugging ON.
• M Promiscuous Mode.
• O No ARP at this interface.
• P P2P connection at this interface.
• R Interface is running.
• U Interface is up.
• G Not a direct entry.

2. List Sockets which are in Listening State

List only listening ports using  -l option:

# netstat -l

List only listening TCP Ports using -lt option:

# netstat -lt

List only listening UDP Ports using -lu option:

# netstat -lu

3. Display multicast group membership information

This information is displayed for both IPv4 and IPv6 and can be retrieved using -g option with this command.

# netstat -g

4. Display summary statistics for each protocol

# netstat -s

Ip:
    55129 total packets received
    0 forwarded
    0 incoming packets discarded
    55007 incoming packets delivered
    56387 requests sent out
    4 outgoing packets dropped
    232 dropped because of missing route
Icmp:
    3287 ICMP messages received
    0 input ICMP message failed.
    ICMP input histogram:
        destination unreachable: 3287
    439 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 439
IcmpMsg:
        InType3: 3287
        OutType3: 439
Tcp:
    2246 active connections openings
    0 passive connection openings
    2 failed connection attempts
    306 connection resets received
    2 connections established
    46948 segments received
    46936 segments send out
    3858 segments retransmited
    148 bad segments received.
    531 resets sent
Udp:
    4376 packets received
    439 packets to unknown port received.
    0 packet receive errors
    4910 packets sent
..........

# netstat -st

netstat -st
IcmpMsg:
    InType3: 3287
    OutType3: 439
Tcp:
    2279 active connections openings
    0 passive connection openings
    2 failed connection attempts
    310 connection resets received
    9 connections established
    47342 segments received
    47384 segments send out
    3866 segments retransmited
    148 bad segments received.
    535 resets sent
..................

# netstat -su

IcmpMsg:
    InType3: 3287
    OutType3: 439
Udp:
    4550 packets received
    439 packets to unknown port received.
    0 packet receive errors
    5089 packets sent
................

5. Display information related to all network interfaces

This is made possible using the -i option along with this command.

# netstat -i

So we see that all the network information related to individual interfaces was displayed in the output. The RX and TX columns are described as follows :

• RX-OK : Correct packets received on this interface.
• RX-ERR : Incorrect packets received on this interface
• RX-DRP : Packets that were dropped at this interface.
• RX-OVR : Packets that this interface was unable to receive.

Similar definition is for the TX columns that describe the transmitted packets.

6. Display the PID of the program using socket

The PID of the program using a particular socket can be produced in the output using the option -p with this command.

# netstat -p

That’s it. For more information about netstat command see netstat man page.

See also: Monitoring network connection using ss command