DevOps, Netstat Unix/Linux

UNIX / Linux: 10 Netstat



Cheetsheet:

List all ports using netstat -a

List all tcp ports using netstat -at

List all udp ports using netstat -au

List only listening ports using netstat -l

List only listening TCP Ports using netstat -lt

List only listening UDP Ports using netstat -lu

List only the listening UNIX Ports using netstat -lx

Show statistics for all ports using netstat -s

Show statistics for TCP netstat -st

Show statistics for UDP netstat -su

Add PID/Program Name to output netstat -ltp

Don’t resolve host, port and user name in netstat output netstat -ltpn

netstat will print information continuously every few seconds netstat -c

Display the kernel routing information using netstat -r

Find out on which port a program is running sudo netstat -ap | grep ssh

Find out which process is using a particular port netstat -an|grep 80

Show the list of network interfaces netstat -i

Display extended information on the interfaces netstat -ie

Netstat command displays various network related information such as network connections, routing tables, interface statistics, masquerade connections, multicast memberships etc.,

List All Ports (both listening and non listening ports)

List all ports using netstat -a

Output:

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 0 localhost:6942 *:* LISTEN

tcp 0 0 *:58882 *:* LISTEN

tcp 0 0 *:9191 *:* LISTEN

tcp 0 0 localhost:27017 *:* LISTEN

tcp 0 0 localhost:mysql *:* LISTEN

tcp 0 0 *:9292 *:* LISTEN

tcp 0 0 localhost:63342 *:* LISTEN

tcp 0 0 *:http *:* LISTEN

tcp 0 0 192.168.1.115:42722 server-xx-xx-xxx-x:http ESTABLISHED

List all tcp ports using netstat -at

Output:

tcp 0 0 192.168.1.115:45966 kul06s14-in-f195.:https ESTABLISHED

tcp 0 0 192.168.1.115:46602 maa03s22-in-f14.1:https ESTABLISHED

tcp 0 0 192.168.1.115:42204 maa03s21-in-f68.1:https ESTABLISHED

tcp 0 0 192.168.1.115:58846 maa03s21-in-f67.1:https ESTABLISHED

tcp 0 0 192.168.1.115:47272 maa03s22-in-f14.1:https ESTABLISHED

tcp 0 0 192.168.1.115:59862 maa03s22-in-f6.1e:https ESTABLISHED

tcp 0 0 192.168.1.115:60154 maa03s23-in-f3.1e:https ESTABLISHED

tcp 0 0 192.168.1.115:47182 maa03s22-in-f14.1:https ESTABLISHED

tcp 0 0 192.168.1.115:44704 a23-211-219-225.d:https ESTABLISHED

tcp 0 0 192.168.1.115:49298 bom05s08-in-f2.1e:https ESTABLISHED

List all udp ports using netstat -au

Output:

udp 0 0 *:54159 *:*

udp 0 0 *:mdns *:*

udp 0 0 *:mdns *:*

udp 0 0 *:mdns *:*

udp 0 0 *:58882 *:*

List only listening ports using netstat -l

Output:

unix 2 [ ACC ] STREAM LISTENING 21383 @/tmp/.ICE-unix/1520

unix 2 [ ACC ] STREAM LISTENING 22950 /run/user/1000/systemd/private

unix 2 [ ACC ] SEQPACKET LISTENING 11529 /run/udev/control

unix 2 [ ACC ] STREAM LISTENING 20420 /run/user/1000/keyring/control

unix 2 [ ACC ] STREAM LISTENING 21185 /run/user/1000/keyring/pkcs11

unix 2 [ ACC ] STREAM LISTENING 19715 /tmp/.X11-unix/X0

List only listening TCP Ports using netstat -lt

Output:

Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 0 localhost:6942 *:* LISTEN

tcp 0 0 *:58882 *:* LISTEN

tcp 0 0 *:9191 *:* LISTEN

tcp 0 0 localhost:27017 *:* LISTEN

tcp 0 0 localhost:mysql *:* LISTEN

tcp 0 0 *:9292 *:* LISTEN

tcp 0 0 localhost:63342 *:* LISTEN

tcp 0 0 *:http *:* LISTEN

List only listening UDP Ports using netstat -lu

Output:

Proto Recv-Q Send-Q Local Address Foreign Address State

udp 0 0 *:54159 *:*

udp 0 0 *:mdns *:*

udp 0 0 *:mdns *:*

udp 0 0 *:mdns *:*

udp 0 0 *:58882 *:*

udp 0 0 localhost:59209 *:*

List only the listening UNIX Ports using netstat -lx

Output:

Proto RefCnt Flags Type State I-Node Path

unix 2 [ ACC ] STREAM LISTENING 21383 @/tmp/.ICE-unix/1520

unix 2 [ ACC ] STREAM LISTENING 22950 /run/user/1000/systemd/private

unix 2 [ ACC ] SEQPACKET LISTENING 11529 /run/udev/control

unix 2 [ ACC ] STREAM LISTENING 20420 /run/user/1000/keyring/control

unix 2 [ ACC ] STREAM LISTENING 21185 /run/user/1000/keyring/pkcs11

unix 2 [ ACC ] STREAM LISTENING 19715 /tmp/.X11-unix/X0

unix 2 [ ACC ] STREAM LISTENING 21186 /run/user/1000/keyring/ssh

unix 2 [ ACC ] STREAM LISTENING 21384 /tmp/.ICE-unix/1520

unix 2 [ ACC ] STREAM LISTENING 23734 /run/user/1000/pulse/native

Show the statistics for each protocol

Show statistics for all ports using netstat -s

Output:

Ip:

258229 total packets received

23 with invalid addresses

0 forwarded

0 incoming packets discarded

258083 incoming packets delivered

228944 requests sent out

124 outgoing packets dropped

2 dropped because of missing route

Show statistics for TCP netstat -st

Output:

IcmpMsg:

InType3: 433

InType11: 38

OutType3: 466

Tcp:

7352 active connections openings

98 passive connection openings

125 failed connection attempts

1396 connection resets received

18 connections established

211357 segments received

190589 segments send out

2857 segments retransmited

355 bad segments received.

5957 resets sent

Show statistics for UDP netstat -su

Output:

IcmpMsg:

InType3: 433

InType11: 38

OutType3: 466

Udp:

37594 packets received

466 packets to unknown port received.

0 packet receive errors

35126 packets sent

IgnoredMulti: 11474

Display PID and program names in netstat output using netstat -p

# netstat -ltp

netstat -p option can be combined with any other netstat option. This will add the “PID/Program Name” to the netstat output. This is very useful while debugging to identify which program is running on a particular port.

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 localhost:6942 *:* LISTEN 3329/java

tcp 0 0 *:58882 *:* LISTEN 1689/skype

tcp 0 0 *:9191 *:* LISTEN –

tcp 0 0 localhost:27017 *:* LISTEN –

tcp 0 0 localhost:mysql *:* LISTEN –

Don’t resolve host, port and user name in netstat output

# netstat -ltpn

When you don’t want the name of the host, port or user to be displayed, use netstat -n option. This will display in numbers, instead of resolving the host name, port name, user name.

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 127.0.0.1:6942 0.0.0.0:* LISTEN 3329/java

tcp 0 0 0.0.0.0:58882 0.0.0.0:* LISTEN 1689/skype

tcp 0 0 0.0.0.0:9191 0.0.0.0:* LISTEN –

tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN –

tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN –

tcp 0 0 0.0.0.0:9292 0.0.0.0:* LISTEN –

tcp 0 0 127.0.0.1:63342 0.0.0.0:* LISTEN 3329/java

Print netstat information continuously

netstat will print information continuously every few seconds.

netstat -c

Find the non supportive Address families in your system

# netstat –verbose

At the end, you will have something like this.

unix 2 [ ] STREAM CONNECTED 39668

unix 3 [ ] STREAM CONNECTED 21486 @/tmp/.X11-unix/X0

unix 3 [ ] STREAM CONNECTED 21353

unix 3 [ ] STREAM CONNECTED 21292

netstat: no support for `AF IPX’ on this system.

netstat: no support for `AF AX25′ on this system.

netstat: no support for `AF X25′ on this system.

netstat: no support for `AF NETROM’ on this system.

Display the kernel routing information using netstat -r

# netstat -r

Kernel IP routing table

Destination Gateway Genmask Flags MSS Window irtt Iface

default 192.168.1.1 0.0.0.0 UG 0 0 0 wlp4s0

link-local * 255.255.0.0 U 0 0 0 wlp4s0

192.168.1.0 * 255.255.255.0 U 0 0 0 wlp4s0

Find out on which port a program is running

# sudo netstat -ap | grep ssh

unix 2 [ ACC ] STREAM LISTENING 21186 1255/gnome-keyring- /run/user/1000/keyring/ssh

Find out which process is using a particular port:

# netstat -an|grep 80

Show the list of network interfaces

# netstat -i

Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg

enp0s25 1500 0 0 0 0 0 0 0 0 0 BMU

lo 65536 0 24768 0 0 0 24768 0 0 0 LRU

wlp4s0 1500 0 307452 0 0 0 207356 0 0 0 BMRU

Display extended information on the interfaces (similar to ifconfig) using netstat -ie:

# netstat -ie

enp0s25 Link encap:Ethernet HWaddr 50:7b:9d:70:4c:15

UP BROADCAST MULTICAST MTU:1500 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

Interrupt:20 Memory:e1200000-e1220000

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:65536 Metric:1

RX packets:24787 errors:0 dropped:0 overruns:0 frame:0

DevOps, Netstat Unix/Linux
Tagged on:                         
Show Buttons
Hide Buttons