In this tutorial, I show usages of netstat command from basic to advance via My example. Now, let’s go Netstat command in Linux with examples.
What does netstat mean?
Netstat is a command-line utility that can be used to list out all the network (socket) connections on a system. This tool is available on both Unix, Linux, and Windows NT-based systems operating.
netstat command man page the details: [root@DevopsRoles ~]# man netstat | more
netstat command in Linux with examples
1. List all LISTENING Ports of TCP and UDP connections using netstat -a option

2. List all Open TCP sockets connections
[root@DevopsRoles ~]# netstat -nplt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:8088 0.0.0.0:* LISTEN 659/influxd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 792/master
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 319/rpcbind
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 655/sshd
tcp6 0 0 :::3000 :::* LISTEN 662/grafana-server
tcp6 0 0 ::1:25 :::* LISTEN 792/master
tcp6 0 0 :::111 :::* LISTEN 319/rpcbind
tcp6 0 0 :::8086 :::* LISTEN 659/influxd
tcp6 0 0 :::22 :::* LISTEN 655/sshd
3. List all Open UDP sockets connections
[root@DevopsRoles ~]# netstat -nplu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 127.0.0.1:323 0.0.0.0:* 313/chronyd
udp 0 0 0.0.0.0:68 0.0.0.0:* 464/dhclient
udp 0 0 0.0.0.0:111 0.0.0.0:* 319/rpcbind
udp 0 0 0.0.0.0:906 0.0.0.0:* 319/rpcbind
udp6 0 0 ::1:323 :::* 313/chronyd
udp6 0 0 :::111 :::* 319/rpcbind
udp6 0 0 :::906 :::* 319/rpcbind
4. List all TCP Listening Ports
[root@DevopsRoles ~]# netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 DevopsRoles:radan-http 0.0.0.0:* LISTEN
tcp 0 0 DevopsRoles:smtp 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp6 0 0 [::]:hbci [::]:* LISTEN
tcp6 0 0 localhost:smtp [::]:* LISTEN
tcp6 0 0 [::]:sunrpc [::]:* LISTEN
tcp6 0 0 [::]:d-s-n [::]:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
4. List all UDP Listening Ports
[root@DevopsRoles ~]# netstat -lu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 DevopsRoles:323 0.0.0.0:*
udp 0 0 0.0.0.0:bootpc 0.0.0.0:*
udp 0 0 0.0.0.0:sunrpc 0.0.0.0:*
udp 0 0 0.0.0.0:906 0.0.0.0:*
udp6 0 0 localhost:323 [::]:*
udp6 0 0 [::]:sunrpc [::]:*
udp6 0 0 [::]:906 [::]:*
5. Show Statistics by Protocol
[root@DevopsRoles ~]# netstat -s
Ip:
9607 total packets received
0 forwarded
0 incoming packets discarded
9605 incoming packets delivered
4614 requests sent out
7 outgoing packets dropped
Icmp:
16 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
destination unreachable: 16
16 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 16
IcmpMsg:
InType3: 16
OutType3: 16
Tcp:
267 active connections openings
412 passive connection openings
2 failed connection attempts
3 connection resets received
3 connections established
20699 segments received
19546 segments send out
66 segments retransmited
0 bad segments received.
13 resets sent
Udp:
184 packets received
16 packets to unknown port received.
0 packet receive errors
200 packets sent
0 receive buffer errors
0 send buffer errors
UdpLite:
TcpExt:
255 TCP sockets finished time wait in fast timer
245 delayed acks sent
16 delayed acks further delayed because of locked socket
Quick ack mode was activated 66 times
6400 packet headers predicted
2503 acknowledgments not containing data payload received
8067 predicted acknowledgments
TCPLossProbes: 66
TCPLossProbeRecovery: 65
66 DSACKs sent for old packets
66 DSACKs received
TCPDSACKIgnoredNoUndo: 65
TCPRcvCoalesce: 3322
TCPOrigDataSent: 14558
TCPHystartTrainDetect: 7
TCPHystartTrainCwnd: 124
IpExt:
InNoRoutes: 2
InOctets: 1806054
OutOctets: 7957156
InNoECTPkts: 9899
6. Displaying Service name with PID
[root@DevopsRoles ~]# netstat -tp
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 DevopsRoles:ssh gateway:52836 ESTABLISHED 2434/sshd: vagrant
tcp6 0 0 localhost:44918 localhost:d-s-n ESTABLISHED 654/telegraf
tcp6 0 0 localhost:d-s-n localhost:44918 ESTABLISHED 659/influxd
7. Displaying Promiscuous Mode
[root@DevopsRoles ~]# netstat -ac 6 | grep tcp
tcp 0 0 DevopsRoles:radan-http 0.0.0.0:* LISTEN
tcp 0 0 DevopsRoles:smtp 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 DevopsRoles:ssh gateway:52836 ESTABLISHED
tcp6 0 0 [::]:hbci [::]:* LISTEN
tcp6 0 0 localhost:smtp [::]:* LISTEN
tcp6 0 0 [::]:sunrpc [::]:* LISTEN
tcp6 0 0 [::]:d-s-n [::]:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 localhost:44918 localhost:d-s-n ESTABLISHED
tcp6 0 0 localhost:d-s-n localhost:44918 ESTABLISHED
8. Show Network Interface Transactions
[root@DevopsRoles ~]# netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 10190 0 0 0 8724 0 0 0 BMRU
lo 65536 12237 0 0 0 12237 0 0 0 LRU
9. Find Listening Programs
[root@DevopsRoles ~]# netstat -ap | grep grafana
tcp6 0 0 [::]:hbci [::]:* LISTEN 662/grafana-server
unix 3 [ ] STREAM CONNECTED 14247 662/grafana-server
Conclusion
Through the article, you can use netstat command in Linux with examples as above. I hope will this your helpful. Thank you for reading the DevopsRoles page!