Hack 98. Netstat Command Examples

by Ramesh

Netstat command displays the network related information such as network connections, routing tables, interface statistics. Following are few examples on how to use netstat command.

Display Active Internet Connections and domain sockets using netstat

  1. # netstat –an
  2.  
  3. Active Internet connections (servers and established)
  4. Proto Recv-Q Send-Q Local Address               Foreign Address             State      
  5. tcp        0      0 0.0.0.0:5666                0.0.0.0:*                   LISTEN      
  6. tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      
  7. tcp        0      0 0.0.0.0:4086                0.0.0.0:*                   LISTEN      
  8. skipped..
  9. Active UNIX domain sockets (servers and established)
  10. Proto RefCnt Flags       Type       State         I-Node Path
  11. unix  2      [ ACC ]     STREAM     LISTENING     7894   /tmp/.font-unix/fs7100
  12. unix  2      [ ACC ]     STREAM     LISTENING     9662   /tmp/.gdm_socket
  13. unix  2      [ ACC ]     STREAM     LISTENING     10897  @/tmp/fam-root-

Display Active Connections with Process ID and Program Name

This could be very helpful to identify which program has initiated a specific network connection. 

  1. # netstat -tap
  2.  
  3. Active Internet connections (servers and established)
  4. Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
  5. tcp        0      0 *:nrpe                      *:*                         LISTEN      16277/xinetd        
  6. tcp        0      0 localhost.localdomain:smtp  *:*                         LISTEN      7263/sendmail: acce 
  7. tcp       34      0 localhost.localdomain:54221 localhost.localdomain:4089  CLOSE_WAIT  29881/httpd         
  8. tcp        0   3216 dev-db:ssh                 cpe-76-94-215-154.soca:4682 ESTABLISHED 11717/sshd: ramesh

Display Routing Table

  1. # netstat –-route
  2.  
  3. Kernel IP routing table
  4. Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
  5. 192.168.1.0   *               255.255.255.0   U         0 0          0 eth0
  6. 162.244.0.0     *               255.255.0.0     U         0 0          0 eth0
  7. default         192.168.1.1   0.0.0.0         UG        0 0          0 eth0

Display RAW network statistics

  1. # netstat --statistics --raw
  2.  
  3. Ip:
  4.     11080343 total packets received
  5.     0 forwarded
  6.     1 with unknown protocol
  7.     0 incoming packets discarded
  8.     11037744 incoming packets delivered
  9.     11199763 requests sent out
  10. Icmp:
  11.     577135 ICMP messages received
  12.     64 input ICMP message failed.
  13.     ICMP input histogram:
  14.         destination unreachable: 537
  15.         timeout in transit: 65
  16.         source quenches: 2
  17.         echo requests: 576476
  18.         echo replies: 12
  19.         timestamp request: 3
  20.         address mask request: 3
  21.     581558 ICMP messages sent
  22.     0 ICMP messages failed
  23.     ICMP output histogram:
  24.         destination unreachable: 5079
  25.         echo replies: 576476
  26.         timestamp replies: 3

Misc Netstat Commands

List of TCP connection to and from the machine.

  1. # netstat –-tcp –-numeric

Display TCP port that the server is listening on along with the program that is listening on that particular port.

  1. # netstat --tcp --listening –-programs

Display the routing cache

  1. # netstat –rnC