howtouselinux

6 ways to use netstat command in Linux

Table of Contents

The netstat command is one of the most powerful and useful commands in Linux. It can be used to troubleshoot network problems, find out what processes are using network sockets, and much more.

In this blog post, we will discuss 6 ways that you can use the netstat command to solve problems and get information about your Linux system.

Check TCP connections with netstat command in Linux

netstat –t will show you the currently established TCP connections on your system. It can be useful for troubleshooting or just getting an overview of what’s going on.

To see the IP and port numbers of each established connection, use netstat -tn.

Here netstat -n will print out the numerical versions of each IP address, instead of using the hostname or domain name.

For example:


# netstat -tn

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address      Foreign Address     State    
tcp    0   0 10.244.7.77:58494    10.252.52.155:8086   ESTABLISHED
tcp    0   36 10.244.7.77:22     10.79.104.177:55281   ESTABLISHED
tcp    0   0 10.244.7.77:895     10.240.163.167:2049   ESTABLISHED

The “State” column of the output above shows the state of each connection. These are codes such as ESTABLISHED, CLOSED, TIME_WAIT, and so on. 

Here is more info about the TCP state.

  • ESTABLISHED The socket has an established connection.
  • SYN_SENT The socket is actively attempting to establish a connection.
  • SYN_RECV A connection request has been received from the network.
  • FIN_WAIT1 The socket is closed, and the connection is shutting down.
  • FIN_WAIT2 Connection is closed, and the socket is waiting for a shutdown from the remote end.
  • TIME_WAIT The socket is waiting after close to handle packets still in the network.
  • CLOSE The socket is not being used.
  • CLOSE_WAIT The remote end has shut down, waiting for the socket to close.
  • LAST_ACK The remote end has shut down, and the socket is closed. Waiting for acknowledgement.
  • LISTEN The socket is listening for incoming connections. Such sockets are not included in the output unless you specify the –listening (-l) or –all (-a) option.
  • CLOSING Both sockets are shut down but we still don’t have all our data sent.
  • UNKNOWN The state of the socket is unknown.

 

From the command output, you can get an overview of all TCP states as a quick way to check if your network is functioning properly.

If there are any unusual or unexpected states like CLOSED or TIME_WAIT that appear in the output, it could indicate a problem with your network.

Check listening ports with netstat command in Linux

The –l option with netstat will show you which ports are currently listening and open. This is useful for getting an overview of what services are running on the system and which ports they are using.

For example:

# netstat -lnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address     Foreign Address    State   PID/Program name
tcp     0   0 0.0.0.0:22            0.0.0.0:*                LISTEN  1668/sshd
tcp     0   0 127.0.0.1:631        0.0.0.0:*                LISTEN  2022/cupsd

This will show you the ports that are open, as well as the process ID and program name of each service running on those ports.

You can filter the output to check for particular services. For example:

$ netstat -lnp | grep ftp
tcp     0   0 0.0.0.0:21            0.0.0.0:*                LISTEN   1545/vsftpd  

This will show you if the FTP service is running on your system, which port it is using, and what program is serving that port.

You can also filter the output to check for particular port, for example:

$ netstat -lnp | grep :22
tcp     0   0 0.0.0.0:22            0.0.0.0:*                LISTEN   1668/sshd

This will show you if port 22 (which is used by SSH) is open on your system and what program is serving it.

These are just two examples of how you can use the netstat command to check for listening ports.

There are many other options and filters that you can use with this command to get detailed information about your network connections and services.

Check gateway with netstat command in Linux

The –r option with netstat will show you the current routing table of your system. This is useful for troubleshooting problems related to routing, or just getting an overview of what routes are being used.

For example:

# netstat -rn
Kernel IP routing table
Destination     Gateway           Genmask         Flags   MSS Window irtt
default         10.252.52.1    0.0.0.0                UG      0   0  0
10.244.7.0     *                255.255.255.0       U         0   0  0

The output of this command will show you the routing table, including the destination and gateway IP addresses, as well as other information such as the mask and flags used for each route.

If you are experiencing any issues with the gateway, such as not being able to access certain websites or services, you can use netstat to check if the default gateway is properly configured.

For example:

$ netstat -rn | grep UG
default         10.252.52.1    0.0.0.0                UG      0   0  0

This will show you the default gateway address. You can use the ping command to verify that the gateway is responding and reachable from your system.

For example:

$ping 10.252.52.1
PING 10.252.52.1 (10.252.52.1): 56 data bytes
64 bytes from 10.252.52.1: icmp_seq=0 ttl=64 time=3.362 ms

This will show you if the gateway is responding and how long it takes for it to respond.

If the ping command returns an error or times out, then there could be an issue with the gateway which needs to be investigated further.

Check UDP connections with netstat command in Linux

Similar to the above, you can use netstat –u to get a list of UDP connections. To see the IP and port numbers associated with each connection, use netstat -ulpn.

For example:

Proto Recv-Q Send-Q Local Address Foreign Address State
udp     0   0 10.244.7.77:504 10.240.173.250:53   
udp     0   0 10.244.7.77:50034 10.240.163.167:123

This will show you the source and destination IP address and port number for each UDP connection.

UDP is the protocol used for many services and applications, such as DNS, DHCP, SNMP, VoIP, and others. To list some of the most common UDP protocols and their associated port numbers, use the –p option with netstat.

For example:

$ netstat -ulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address     Foreign Address    State   PID/Program name
udp     0   0 0.0.0.0:123            0.0.0.0:*                  1654/ntpd
udp     0   0 0.0.0.0:53            0.0.0.0:*                  1767/dnsmasq
udp     0   0 0.0.0.0:161           0.0.0.0:*                  1810/snmpd
udp     0   0 0.0.0.0:500           0.0.0.0:*                  1860/racoon

This will show you the services using UDP, along with their associated port numbers, which can be useful for setting up firewalls or troubleshooting network issues.

Monitor network traffic with netstat command in Linux

The –i option will show you a list of statistics about the current network interfaces. This can be used to monitor incoming/outgoing traffic over each interface.

For example:

$ netstat -i
Kernel Interface table
Iface     MTU     RX-OK RX-ERR   RX-DRP RX-OVER    TX-OK TX-ERR   TX-DRP TX-OVER
eth0     1500     19976005        0         0         0   13229420        0         0
lo                65536          0       0         0         0         0        0         0

This will show you the number of packets received and transmitted over each interface, as well as any errors or dropped packets.

If you see RX-ERR, RX-DRP or TX-ERR, TX-DRP numbers that are too high, it could indicate a problem with your network configuration. This can also be used to monitor overall traffic trends over time.

Check kernel IP statistics with netstat command in Linux

The –s option with netstat will show you the current kernel IP (Internet Protocol) statistics. This is useful for getting an overview of some of your system’s networking information, such as number of packets sent or received, and any errors that may have occurred during network communication.

For example:

tcp -s
Tcp:
225939 active connections openings
342 passive connection openings
226037 failed connection attempts
16 connection resets received
1 connections established
470581 segments received
465062 segments send out
11 segments retransmited
0 bad segments received.
225870 resets sent

This command will show you a summary of the different TCP states and how many of each type there are. This is useful for understanding what’s going on with your network.

If you see the retransmited segments or failed connection attempts, this could indicate an issue with your network configuration.

These are just a few of the ways to use netstat command in Linux. There are many more options and filters that you can use to get detailed information about your network connections, routes and services.

With the right commands and proper understanding of how they work, you will be able to utilize netstat as a powerful tool for monitoring your system’s performance or troubleshooting any networking issues you might be having.

 

Welcome to howtouselinux.com!

Our website is dedicated to providing comprehensive information on using Linux.

We hope you find our site helpful and informative, and we welcome your feedback and suggestions for future content.

Learn More

Facebook
Twitter
LinkedIn