The netstat command displays current TCP/IP network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. The ss command provides dump socket statistics but also shows information similar to netstat.
A number of command-line options and arguments exist, but netstat by itself displays a list of open sockets. Sockets are the interface between the user process and the network protocol stacks in the kernel. The protocol modules are grouped into protocol families such as AF_INET, AF_IPX, and AF_PACKET, and socket types such as SOCK_STREAM or SOCK_DGRAM. If you do not specify any address families, the active sockets of all configured address families are printed.
Examples of using the netstat command
Several options exist with the netstat command. Some of the most commonly used options are listed below:
| Options | Description |
|---|---|
| -A | Specify the address family. |
| -r | Display the route table. |
| -i | Display network interface information. |
| -s | Display summary statistics for each protocol. |
| -g | Display multicast group membership information. |
| -n | Display IP addresses instead of the resolved names. |
| -c | Print information every second continuously. |
| -e | Display extended information. |
1. Specifying address family
To specify the address families (low-level protocols) for which connections are to be shown, use the -A option followed by a comma-separated list of address family keywords. Possible address family keywords are inet, inet6, unix, ipx, ax25, netrom, and ddp. Example:
# netstat -A unix Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ] DGRAM 13229 @/org/freedesktop/hal/udev_event unix 2 [ ] DGRAM 972047754 @/org/kernel/udev/udevd unix 2 [ ] DGRAM 29633 /var/opt/OV/tmp/ovcd.sock unix 20 [ ] DGRAM 972084949 /dev/log unix 2 [ ] DGRAM 1603505216 unix 2 [ ] DGRAM 1603410473 unix 2 [ ] DGRAM 1603410454 unix 3 [ ] STREAM CONNECTED 1603410341 unix 3 [ ] STREAM CONNECTED 1603410340
2. Display the kernel routing table
Use the -r or –route option to display the kernel routing table.
# netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 link-local * 255.255.0.0 U 0 0 0 eth0 default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
3. Display kernel interface table for a specific interface
Display a table of all network interfaces or the specified iface using the options -i [for all interfaces] or -I=[ifname] [ for a specific interface]. Examples of both the options are displayed below.
# netstat -I=eth0 Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 1318844666 0 0 0 682418030 0 0 0 BMRU
# netstat -i Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 1318847618 0 0 0 682419336 0 0 0 BMRU lo 65536 0 1297056515 0 0 0 1297056515 0 0 0 LRU
4. Display summary statistics for each protocol
You can display a summary of statistics for each protocol using the option -s or –statistics.
# netstat -s
Ip:
67012 total packets received
0 forwarded
0 incoming packets discarded
66996 incoming packets delivered
36916 requests sent out
18 outgoing packets dropped
Icmp:
59 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
destination unreachable: 36
echo requests: 23
59 ICMP messages sent
.... 5. Display ports listening for input
To display all ports that have a process currently listening for input, use the option -l or –listening as shown below.
# netstat -l Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN tcp 0 0 localhost:findviatv 0.0.0.0:* LISTEN tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:ms-wbt-server 0.0.0.0:* LISTEN ....
6. Display multicast group membership information
The -g or –groups options, display multicast group membership information for IPv4 and IPv6. The example for the option follows below.
# netstat -g IPv6/IPv4 Group Memberships Interface RefCnt Group --------------- ------ --------------------- lo 1 all-systems.mcast.net eth0 1 all-systems.mcast.net lo 1 ff02::1 lo 1 ff01::1 eth0 1 ff02::1:ff84:1048 eth0 1 ff02::1 eth0 1 ff01::1
Some more options to use with netstat
Below table lists out some more options that can be used with netstat command to gather more informational data on the network end.
| Option | Description |
|---|---|
| -n or –numeric | Display IP addresses instead of the resolved names. |
| -c or –continuous | Print information every second continuously. |
| -e or –extend | Display additional information. Use this option twice for maximum detail. |
| -p or –program | Show the PID and name of the program to which each socket belongs. |
Any invalid option or argument displays a help screen listing usage and a brief description of available options.