About Netstat
Netstat is a command line tool used to list all network socket connections on the system, including tcp, udp, and unix sockets, in addition, it can also list sockets in the listening status (that is, waiting for access requests. If you want to check whether the Web service on the system is enabled, you can check whether port 80 is enabled. The above functions make netstat an essential tool for network management and system administrators. In this tutorial, I will list several examples to show you how to use netstat to find network connection information and the port number enabled by the system.
The following is a brief introduction to the man manual from netstat:
Netstat-print network connections, route tables, connection data statistics, disguised connections, and broadcast domain members.
1. List all connections
First, we will introduce the simplest command: to list all the current connections. Use the-a option.
$ netstat -aActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 enlightened:domain *:* LISTEN tcp 0 0 localhost:ipp *:* LISTEN tcp 0 0 enlightened.local:54750 li240-5.members.li:http ESTABLISHEDtcp 0 0 enlightened.local:49980 del01s07-in-f14.1:https ESTABLISHEDtcp6 0 0 ip6-localhost:ipp [::]:* LISTEN udp 0 0 enlightened:domain *:* udp 0 0 *:bootpc *:* udp 0 0 enlightened.local:ntp *:* udp 0 0 localhost:ntp *:* udp 0 0 *:ntp *:* udp 0 0 *:58570 *:* udp 0 0 *:mdns *:* udp 0 0 *:49459 *:* udp6 0 0 fe80::216:36ff:fef8:ntp [::]:* udp6 0 0 ip6-localhost:ntp [::]:* udp6 0 0 [::]:ntp [::]:* udp6 0 0 [::]:mdns [::]:* udp6 0 0 [::]:63811 [::]:* udp6 0 0 [::]:54952 [::]:* Active UNIX domain sockets (servers and established)Proto RefCnt Flags Type State I-Node Pathunix 2 [ ACC ] STREAM LISTENING 12403 @/tmp/dbus-IDgfj3UGXXunix 2 [ ACC ] STREAM LISTENING 40202 @/dbus-vfs-daemon/socket-6nUC6CCx
The preceding command lists all connections of all sockets under tcp, udp, and unix protocols. However, this information is not detailed enough. administrators often need to check the connection status of a specific protocol or port.
2. Only TCP or UDP connections are listed.
Use the-t option to list TCP connections:
$ netstat -atActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 enlightened:domain *:* LISTEN tcp 0 0 localhost:ipp *:* LISTEN tcp 0 0 enlightened.local:36310 del01s07-in-f24.1:https ESTABLISHEDtcp 0 0 enlightened.local:45038 a96-17-181-10.depl:http ESTABLISHEDtcp 0 0 enlightened.local:37892 ABTS-North-Static-:http ESTABLISHED.....
Use the-u option to list UDP connections:
$ netstat -auActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 *:34660 *:* udp 0 0 enlightened:domain *:* udp 0 0 *:bootpc *:* udp 0 0 enlightened.local:ntp *:* udp 0 0 localhost:ntp *:* udp 0 0 *:ntp *:* udp6 0 0 fe80::216:36ff:fef8:ntp [::]:* udp6 0 0 ip6-localhost:ntp [::]:* udp6 0 0 [::]:ntp [::]:*
Both IPv4 and IPv6 connections are shown above.
3. Disable Reverse Domain name resolution to speed up query
By default, netstat uses Reverse Domain name resolution to find the host name corresponding to each IP address. This reduces the search speed. If you think the IP address is sufficient and you do not need to know the host name, use the-n option to disable the domain name resolution function.
$ netstat -antActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 192.168.1.2:49058 173.255.230.5:80 ESTABLISHEDtcp 0 0 192.168.1.2:33324 173.194.36.117:443 ESTABLISHEDtcp6 0 0 ::1:631 :::* LISTEN
The preceding command lists all TCP connections without the domain name resolution technology. So easy? Very good.
4. Only list connections in the listener
A backend process of any network service opens a port to listen for access requests. These sockets that are being monitored can also be listed by netstat, just like the connected socket. Use the-l option to list the sockets being monitored.
$ netstat -tnlActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp6 0 0 ::1:631 :::* LISTEN
Now we can see the TCP port and connection in the listener status. If you view all listening ports, remove the-t option. If you only want to view the UDP port, use the-u option instead of the-t option.
Note: Do not use the-a option. Otherwise, netstat will list all connections, not just the listening port.
Linux netstat command
Linux netstat command details
Linux Command: service & netstat
Use the netstat command in Linux to view the network load.
Linux netstat command for LPI certification test