Netstat - commands you can use...

[Kosmito]

The netstat command is like a special tool in Linux that helps you understand and check things about how your computer connects to the internet. It can tell you about the connections your computer is making, the paths it uses to send information, and even some technical details like how many packets of data are being sent or received. In simple terms, it's like a window that shows you what's happening with your computer and the internet. This article will help you learn how to use netstat, exploring different ways to get specific information and giving you a better idea of what's going on behind the scenes.
Overview of Netstat Command in Linux

`netstat` stands for network statistics. It allows users to display network-related information and diagnose various networking issues. The command has several options that can be combined to retrieve specific details.
Basic Syntax of `netstat`Command in Linux

Below is the general syntax of the netstat command:

Code: Select all

@bash:/ netstat [options]
usage: netstat [-vWeenNcCF] [<Af>] -r         netstat {-V|--version|-h|--help}
       netstat [-vWnNcaeol] [<Socket> ...]
       netstat { [-vWeenNac] -i | [-cnNe] -M | -s [-6tuw] }

        -r, --route              display routing table
        -i, --interfaces         display interface table
        -g, --groups             display multicast group memberships
        -s, --statistics         display networking statistics (like SNMP)
        -M, --masquerade         display masqueraded connections

        -v, --verbose            be verbose
        -W, --wide               don't truncate IP addresses
        -n, --numeric            don't resolve names
        --numeric-hosts          don't resolve host names
        --numeric-ports          don't resolve port names
        --numeric-users          don't resolve user names
        -N, --symbolic           resolve hardware names
        -e, --extend             display other/more information
        -p, --programs           display PID/Program name for sockets
        -o, --timers             display timers
        -c, --continuous         continuous listing

        -l, --listening          display listening server sockets
        -a, --all                display all sockets (default: connected)
        -F, --fib                display Forwarding Information Base (default)
        -C, --cache              display routing cache instead of FIB
        -Z, --context            display SELinux security context for sockets

  <Socket>={-t|--tcp} {-u|--udp} {-U|--udplite} {-S|--sctp} {-w|--raw}
           {-x|--unix} --ax25 --ipx --netrom
  <AF>=Use '-6|-4' or '-A <af>' or '--<af>'; default: inet
  List of possible address families (which support routing):
    inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25)
    netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP)
    x25 (CCITT X.25)

Let's explore some of the most commonly used options along with examples:
Some Practical Examples of netstat Commands in Linux:
1) Show Both Listening and Non-listening Sockets Using netstat Command in Linux

-a -all : Show both listening and non-listening sockets. With the --interfaces option, show interfaces that are not up.

Code: Select all

@bash:/ netstat -a | more 

2) List All TCP Ports Using netstat Command in Linux

This command specifically lists all TCP ports, giving you information about the TCP connections your system is engaged in.

Code: Select all

@bash:/ netstat -at

3) List All UDP Ports Using netstat Command in Linux

Similar to the previous example, this command focuses on UDP ports, revealing details about UDP connections.

Code: Select all

@bash:/ netstat -au

4) List Only Listening Ports Using netstat Command in Linux

By using this option, you can see only the ports that are actively listening for incoming connections

Code: Select all

@bash:/ netstat -l

To list only the listening ports.
5) List Only Listening TCP Ports Using netstat Command in Linux

Narrowing it down further, this command specifically lists the TCP ports that are in a listening state.

Code: Select all

@bash:/ netstat -lt

To list only the listening tcp ports.
6) List Only Listening UDP Ports Using netstat Command in Linux

Similarly, this command focuses on displaying only the UDP ports that are actively listening.

Code: Select all

@bash:/ netstat -lu

To list only the listening udp ports.
7) List Only Listening UNIX Ports Using netstat Command in Linux

For those working with UNIX systems, this option shows only the UNIX ports that are in a listening state.

Code: Select all

@bash:/ netstat -lx

To list only the listening UNIX ports.
8) List Statistics for All Ports Using netstat Command in Linux

This command provides statistical information for all ports, offering insights into network activity.

Code: Select all

@bash:/ netstat -s 

To list the statistics for all ports.
9) List Statistics for TCP Ports Using netstat Command in Linux

For a more specific breakdown, this command displays statistics exclusively for TCP ports.

Code: Select all

@bash:/ netstat -st

To list the statistics for TCP ports.
10) List Statistics for UDP Ports Using netstat Command in Linux

Similarly, this command focuses on the statistical information related to UDP ports.

Code: Select all

@bash:/ netstat -su

List the statistics for UDP ports.
11) Display PID and Program Names Using netstat Command in Linux

This option enriches the output by displaying Process ID (PID) and program names associated with network connections.

Code: Select all

@bash:/ netstat -pt

To display the PID and program names.
12) Print Netstat Information Continuously Using netstat Command in Linux

Executing this command continuously prints netstat information, updating at regular intervals to provide real-time insights.

Code: Select all

@bash:/ netstat -c

To print the netstat information continuously.
13) Get Non-supportive Address Families Using netstat Command in Linux

To identify non-supportive address families on the system, use this command for a detailed overview.

Code: Select all

@bash:/ netstat --verbose

To get the non-supportive address families in the system.

At the end, we have something like this.
14) Get Kernel Routing Information Using netstat Command in Linux

This command retrieves kernel routing information, displaying destination addresses, gateways, and interface details.

Code: Select all

@bash:/ netstat -r

To get the kernel routing information.
15) Get Port on Which a Program is Running Using netstat Command in Linux

To find the port on which a specific program, in this case, SSH, is running, use this command.

Code: Select all

@bash:/ netstat -ap | grep ssh

To get the port on which a program is running.
16) Identify Process Using a Particular Port Using netstat Command in Linux

This command helps identify the process associated with a given port, such as port 80 in this example.

Code: Select all

@bash:/ netstat -an | grep ':80'

To get the process which is using the given port.
17) Get List of Network Interfaces Using netstat Command in Linux

Use this command to obtain a list of network interfaces, providing details about each interface's activities.

Code: Select all

@bash:/ netstat -i

To get the list of network interfaces.
Display Extended Information on Interfaces Using netstat Command in Linux

For extended information on interfaces, similar to the output of the ifconfig command, use this option to gain comprehensive insights.

Code: Select all

@bash:/ netstat -ie

To display extended information on the interfaces