Home » 2016 » January » 23 » Some useful examples of netstat command in Linux for network statistics

8:10 PM
Some useful examples of netstat command in Linux for network statistics

netstat - Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships

 By default, netstat displays a list of open sockets.  If you don't specify any  address  families,  then  the  active sockets of all configured address families will be printed.
We shall exercise some examples to make it more clear.

1. List all connections to the system(Listening/ Non-listening)

nestat -a

 

Prompt~> netstat -a|head
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 *:10091                 *:*                     LISTEN
tcp        0      0 *:8235                  *:*                     LISTEN
tcp        0      0 *:5515                  *:*                     LISTEN
tcp        0      0 localhost:8363          *:*                     LISTEN
tcp        0      0 *:10092                 *:*                     LISTEN
tcp        0      0 *:10220                 *:*                     LISTEN
tcp        0      0 *:10380                 *:*                     LISTEN
tcp        0      0 *:6700                  *:*                     LISTEN

unix  3      [ ]         STREAM     CONNECTED     3627
unix  3      [ ]         STREAM     CONNECTED     3626
unix  2      [ ]         DGRAM                    6333
unix  2      [ ]         DGRAM                    6298
unix  3      [ ]         STREAM     CONNECTED     5873   /var/run/dbus/system_bus_socket

2. List all listening connetions only 

netstat -l

Prompt:~> netstat -l|head
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 *:10091                 *:*                     LISTEN
tcp        0      0 *:8235                  *:*                     LISTEN
tcp        0      0 *:5515                  *:*                     LISTEN
tcp        0      0 localhost:8363          *:*                     LISTEN
tcp        0      0 *:10092                 *:*                     LISTEN
tcp        0      0 *:10220                 *:*                     LISTEN
tcp        0      0 *:10380                 *:*                     LISTEN
tcp        0      0 *:6700                  *:*                     LISTEN


3. List all listening connetions using TCP protocol only

netstat -lt

 

Prompt:~> netstat -lt|head
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 *:10091                 *:*                     LISTEN
tcp        0      0 *:8235                  *:*                     LISTEN
tcp        0      0 *:5515                  *:*                     LISTEN
tcp        0      0 localhost:8363          *:*                     LISTEN
tcp        0      0 *:10092                 *:*                     LISTEN
tcp        0      0 *:10220                 *:*                     LISTEN
tcp        0      0 *:10380                 *:*                     LISTEN
tcp        0      0 *:6700                  *:*                     LISTEN

Similarly to list all listening ports/connections with UDP protocol, use:

         netstat -lu

4. To list all listening Unix ports only

         netstat -lx

Prompt:~> netstat -lx
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     6324   /var/run/rpcbind.sock
unix  2      [ ACC ]     STREAM     LISTENING     8242   public/cleanup
unix  2      [ ACC ]     STREAM     LISTENING     8247   private/rewrite
unix  2      [ ACC ]     STREAM     LISTENING     8250   private/bounce
unix  2      [ ACC ]     STREAM     LISTENING     8253   private/defer
unix  2      [ ACC ]     STREAM     LISTENING     8256   private/trace
unix  2      [ ACC ]     STREAM     LISTENING     8259   private/verify
unix  2      [ ACC ]     STREAM     LISTENING     8262   public/flush
unix  2      [ ACC ]     STREAM     LISTENING     8268   private/proxymap
unix  2      [ ACC ]     STREAM     LISTENING     8271   private/smtp
unix  2      [ ACC ]     STREAM     LISTENING     8275   private/relay
unix  2      [ ACC ]     STREAM     LISTENING     8278   public/showq
unix  2      [ ACC ]     STREAM     LISTENING     8281   private/error
unix  2      [ ACC ]     STREAM     LISTENING     8284   private/discard
unix  2      [ ACC ]     STREAM     LISTENING     8287   private/local
unix  2      [ ACC ]     STREAM     LISTENING     1691202302 /var/run/nscd/socket

 


Here the output contains following fields:

  Proto
       The protocol (tcp(t), udp(u), raw(w), unix(x)) used by the socket.

   Recv-Q
       The count of bytes not copied by the user program connected to this socket.

   Send-Q
       The count of bytes not acknowledged by the remote host.

   Local Address
       Address  and  port  number of the local end of the socket.  Unless the --numeric (-n) option is specified, the socket address is resolved to its canonical host name (FQDN), and the port number is translated into the corresponding  service name.

   Foreign Address
       Address and port number of the remote end of the socket.  Analogous to "Local Address."

   State

        The  state of the socket. Since there are no states in raw mode and usually no states used in UDP, this column may be left blank. Normally this can be one of several values:

5. To list all UDP ports/connections:

netstat -au

Prompt:~> netstat -au
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
udp        0      0 *:ns                    *:*
udp        0      0 *:826                   *:*
udp        0      0 *:58307                 *:*
udp        0      0 shankarPC:46062 *:*
udp        0      0 *:44240                 *:*
udp        0      0 *:ndm-requester         *:*

 

6. To display summary statistics of each protocol

netstat -s<protocol>

Protocol can be t(TCP), u(UDP), w(raw).

user@ShankarPC:~> netstat -sw|more
Ip:
    4690609546 total packets received
    26 with invalid addresses
    0 forwarded
    0 incoming packets discarded
    4672343058 incoming packets delivered
    4909466525 requests sent out
    1314 outgoing packets dropped
Icmp:
    19641996 ICMP messages received
    10608 input ICMP message failed.
    ICMP input histogram:
        destination unreachable: 6780867
        timeout in transit: 2423442
        echo requests: 10437166
        echo replies: 466
        timestamp request: 11
        address mask request: 33
    10638001 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 200056
        echo request: 766
        echo replies: 10437166
        timestamp replies: 11
IcmpMsg:

 

8. To get the PID and the program name to which the socket belogs, we can use -p option. 

netstat -p

 

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 localhost:tcp-id-port   localhost:50585         ESTABLISHED 4900/ptserver
tcp        0      0 localhost:44176         localhost:tcp-id-port   ESTABLISHED 7322/strs
tcp        0      0 localhost:52453         localhost:tcp-id-port   ESTABLISHED 28135/strs
tcp        0      0 ShankarPC:55708 tpxddi30:mcs-calypsoicf ESTABLISHED -
tcp        0      0 ShankarPC:39901 shankyPC:cft-5 ESTABLISHED -
tcp        1      0 ShankarPC:48930 shankyPC:cft-5 CLOSE_WAIT  11962/ManagementGat
tcp        0      0 localhost:52463         localhost:tcp-id-port   ESTABLISHED 28135/strs
tcp        0      0 ShankarPC:10910 192.168.44.45:42355     TIME_WAIT   -
tcp        0      0 localhost:tcp-id-port   localhost:60515         ESTABLISHED 4900/ptserver
tcp        1      0 ShankarPC:57402 shankyPC:cft-5 CLOSE_WAIT  12587/SomeServer
tcp        0      0 localhost:tcp-id-port   localhost:52318         ESTABLISHED 4900/ptserver
tcp        0      0 ShankarPC:50781 shankyPC:cft-5 ESTABLISHED 15271/SomeServer
tcp        0      0 localhost:tcp-id-port   localhost:43753         ESTABLISHED 4900/ptserver

 

 
 

Category: Open System-Linux | Views: 1052 | Added by: shanky | Tags: netstat example in linux, netstat command in unix, netstat with examples, netstat, netstat command in linux, netstat -a, netstat examples | Rating: 5.0/1

Related blogs


You may also like to see:


[2014-10-12][Open System-Linux]
GETENT command in linux to get entries from administrative database
[2014-12-22][Open System-Linux]
Key mapping inside VI editor
[2015-06-13][Open System-Linux]
XRANDR command : a command line interface to RandR extension, set screen size and orientation
[2014-01-09][Open System-Linux]
How to send a mail using unix/linux terminal?
[2014-10-04][Open System-Linux]
SYSCTL : A command to configure kernel parameters at runtime in linux

Total comments: 0
avatar