Netstat is a command-line tool for mornitoring network packages and network interface. It is a very useful tool, the system administrator can be used to monitor network performance, locate and solve related problems.
In this article explain howto use netstat command on linux system.
Example usage netstat command
The syntax of netstat command is :
# netstat [options]
1. Display routing information
This information can be retrieved using the -r option along with this command:
# netstat -r
So we see that kernel routing table information was displayed using the -r option. The flag “U” indicates that this entry is up while the flag “G” indicates that this entry is not a direct entry i.e. the destination indicated in this route entry is not on the same network. A list of flags is given below :
- A Receive all multicast at this interface.
- B OK broadcast.
- D Debugging ON.
- M Promiscuous Mode.
- O No ARP at this interface.
- P P2P connection at this interface.
- R Interface is running.
- U Interface is up.
- G Not a direct entry.
2. List Sockets which are in Listening State
List only listening ports using -l option:
# netstat -l
List only listening TCP Ports using -lt option:
# netstat -lt
List only listening UDP Ports using -lu option:
# netstat -lu
3. Display multicast group membership information
This information is displayed for both IPv4 and IPv6 and can be retrieved using -g option with this command.
# netstat -g
4. Display summary statistics for each protocol
This is very handy information that netstat command provides. This information can be retrieved by using -s option with this command.
# netstat -s
Ip: 55129 total packets received 0 forwarded 0 incoming packets discarded 55007 incoming packets delivered 56387 requests sent out 4 outgoing packets dropped 232 dropped because of missing route Icmp: 3287 ICMP messages received 0 input ICMP message failed. ICMP input histogram: destination unreachable: 3287 439 ICMP messages sent 0 ICMP messages failed ICMP output histogram: destination unreachable: 439 IcmpMsg: InType3: 3287 OutType3: 439 Tcp: 2246 active connections openings 0 passive connection openings 2 failed connection attempts 306 connection resets received 2 connections established 46948 segments received 46936 segments send out 3858 segments retransmited 148 bad segments received. 531 resets sent Udp: 4376 packets received 439 packets to unknown port received. 0 packet receive errors 4910 packets sent ..........
Display statistics tcp protocol
# netstat -st
netstat -st IcmpMsg: InType3: 3287 OutType3: 439 Tcp: 2279 active connections openings 0 passive connection openings 2 failed connection attempts 310 connection resets received 9 connections established 47342 segments received 47384 segments send out 3866 segments retransmited 148 bad segments received. 535 resets sent ..................
Display statistics udp protocol
# netstat -su
IcmpMsg: InType3: 3287 OutType3: 439 Udp: 4550 packets received 439 packets to unknown port received. 0 packet receive errors 5089 packets sent ................
5. Display information related to all network interfaces
This is made possible using the -i option along with this command.
# netstat -i
So we see that all the network information related to individual interfaces was displayed in the output. The RX and TX columns are described as follows :
- RX-OK : Correct packets received on this interface.
- RX-ERR : Incorrect packets received on this interface
- RX-DRP : Packets that were dropped at this interface.
- RX-OVR : Packets that this interface was unable to receive.
Similar definition is for the TX columns that describe the transmitted packets.
6. Display the PID of the program using socket
The PID of the program using a particular socket can be produced in the output using the option -p with this command.
# netstat -p
That’s it. For more information about netstat command see netstat man page.