Linux Networking: Using Netstat to manage your network on Linux

Tram Ho


netstat (network statistics) is a network tool from the net-tools package, using the command line, used to troubleshoot and configure the network. netstat is a cross-platform tool that is available on Linux, Unix-Like operating systems and available on Windows. It is one of the most basic Unix / Linux network service debugging tools, powerful and very useful for Linux network administrators as well as system administrators in solving problems. related to the network such as number of connections, traffic, speed, status of each port, Ip … It can also be considered as a monitoring tool, helping to monitor network connections (both incoming and outgoing ) by providing information such as the routing table or some network interface statistics.

In the scope of this article, I will together with you learn how to use netstat on Linux operating systems!


Currently the iproute2 toolkit has been replaced by default for net-tools in new Linux distributions such as RHEL7, CentOS 7, … Along with that, the new ss tool is also used instead of netstat. with some advantages simpler and faster than traditional netstat tool. The functions and usage of the ss command are generally similar to netstat .

Netstat command setting options

The netstat command is built with various optional flags, for information on command usage and options, you will use netstat -h or netstat --help

There are a lot of options, some of the most commonly used options that you can pay attention to here are

  • -a : Displays all sockets, including listening and non-listening
  • -l : Displays the sockets that are listening
  • -t : Show only tcp connections
  • -u : Show udp connections only
  • -n : See the digital address (not resolution)
  • -p : Show PID program for each socket
  • -r : Show the routing table
  • -s : Pull and show network statistics sorted by protocol
  • -i : Show a list of network interfaces

Next, I will show you a few specific examples of using this netstat command!

The netstat command examples are commonly used

1. List all the ports

  • netstat -a

This is a checksum too, it includes a lot of information including all ports (of both TCP and UDP protocol), listening and non-listening sockets. Because it includes so many things, in practice, when using it, we will combine options and other options to filter out groups of specific and detailed information as below commands.

  • netstat -at : netstat -at only TCP ports
  • netstat -au : netstat -au only UDP ports
  • netstat -l : This is an option with range less than -a when listing only ports that are listening state. This option also usually comes with the -t or -u to filter out TCP or UDP connections.

Check out the progress

Using netstat’s -p option will show us the program name and their process ID (PID). For example, we use the command netstat -ltupn . This command makes sense to show all TCP and UDP ports that are listening, along with their program name and PID. Here I often use the -n option to display the addresses and port numbers represented as numbers, without displaying a specific name.

Display network statistics

To display network statistics information, we use the netstat -s command or we can also filter information by TCP connections, UDP …

Show routing table

To see the kernel’s IP routing table, use the netstat -r command:

Display network interfaces

To display the network interfaces of the kernel we use the command netstat -i

Netstat in conjunction with other linux commands

Apart from combining the options directive different command, netstat becomes more useful when combined with other linux commands using the pipe mechanism pipe in linux. For example:

  • When you want to test a specific port, such as port 22:

  • Displays the number of connections per ip to the server


  • netstat -apn : Displays all connections with program name and their PID, ip and port addresses in numerical form, without name resolution.
  • grep 'tcp|udp' : Filter for TCP and UDP connections
  • awk '{print $5}' : Just print out column 5 which is column IP: PORT
  • cut -d: -f1 : Divide the resulting rows into columns, the division point is a character: then get column 1 information (IPs have no ports)
  • sort : sort the result
  • uniq -c : group the same IPs, show the first column that shows the number of identical IPs
  • sort -n : sort the results by number, from low to high


Through the above article, I have introduced to you the basic functions and usage of netstat . Hopefully, through this article, you can understand and have a better understanding of netstat – a classic method to troubleshoot network problems on Unix / Linux operating systems.

Thank you for watching my post: 3


Share the news now

Source : Viblo