Linux Network Management with "netstat"
The netstat (short for network statistics) command line tool helps in retrieving information such as network connections, network interfaces in use, routing tables, masquerade connections. It lists out all the TCP, UDP socket connections, and the UNIX socket connections.
The common test case that almost everybody encounters to see whether a given background process says a web server running or not on the specified port. Apart from this kind of simple yet powerful test case, netstat is helpful to administrators, testers, and developers in their day to day work to perform debugging, network troubleshooting and performance measurement.The Linux manual page defines netstat as –
netstat is available on UNIX and UNIX-like systems such as Solaris, AIX, HP-UX, macOS, Linux and BSD flavors. It is even available in Microsoft operating systems such as Windows NT, Vista, 7, 8 and Windows 10. In this article let us focus on some of the useful options provided by netstat with examples tested on Ubuntu 16.04:1 – Show all listening and non-listening sockets of TCP, UDP, and UNIX socket connections, routing table entries, and network interfaces
$ netstat –a
2 – To show only TCP socket connections:
$ netstat –at
3 – Show only UDP socket connections
$ netstat –au
In case to turn off domain names or hostnames and display only IP addresses in the output, just add “–n” option
4 – Show all socket connections which are in listening state:
$ netstat –l | more $ netstat –lt | more <- only TCP sockets $ netstat –lu | more <- only UDP sockets 5 - Finding the port used by a process.
Often we get a situation where we would need to know which port a particular process on server says apache is running. Combining netstat with UNIX common utilities like “grep” we can easily make it out. Note that you need to have root privileges in case you are looking for processes started by root. For instance, if we are looking port number on which apache is running, we can use “-ap” option combined with “grep” as follows:
$ netstat –ap | grep apache
Finding process name when a port is known:
A user can add “–programs” option which indicates which program/process is listening on the specified port in a user-friendly manner.
6 – Show the statistics for each protocol
$ netstat –s $ netstat –st – for TCP only ports $ netstat –su - for UDP only ports
7 – Display process id (pid) and process names in netstat output.
$ netstat -lp | more $ netstat -ltp | more - for listening TCP ports $ netstat -lup | more - for listening UDP ports
8 – Show netstat information continuously. You can add “–c” option to your netstat command in order to display the connections continuously.
$ netstat –c
9 – Find the non-supportive address families in your system.
$ netstat -–verbose
10 – Display the kernel routing information
$ netstat –r
11 – Show the list of network interfaces
$ netstat –i
12 – The above output is more of technical in nature. Using netstat with switch “-ie”, will provide the information in a user-friendly output as below:
$ netstat –ie
At times it is required to display output by netstat for every selected interval. For this, netstat provides the promiscuous mode with “-ac” switch, that enables netstat to show the desired output or refresh the output every “n” seconds as below. Default interval of refresh is one second.
$ netstat –ac 5 | grep tcp
To stop, press “ctrl +c”.14 – Displaying ipv4 and ipv6 information $ netstat –g
Conclusion
Using netstat in bare form might produce huge information that is too much for the need. One should know what options should be used with netstat so that it can produce the information that you are looking for. Following image shows various options in terms of both flags and long names of netstat: