Discover 15 practical Netstat command examples for Linux administrators. Master network troubleshooting and monitoring with these tips!
Linux system administrators often rely on various network tools to troubleshoot, monitor, and secure their servers. Among these tools, the netstat (network statistics) command stands out. It provides valuable information about network connections, routing tables, and interface statistics. In this article, we’ll walk through 15 useful netstat command examples for Linux administrators, suitable for both beginners and seasoned professionals. These examples will help streamline your daily administration tasks and assist in solving common network-related issues on Oracle Linux 8/9, Red Hat 8/9, and Ubuntu.
1. Show All Network Connections
To list all network connections, both listening and non-listening, use:
netstat -a
This command displays all active sockets and their associated addresses. It’s a great starting point when troubleshooting issues related to network connectivity.
Real-Life Use Case:
- Identify any unexpected or unauthorized connections on your server. This can help in detecting potential security issues like port scanning or unauthorized services.
2. Display Listening Ports
To see which ports your system is listening on, use:
netstat -l
This shows only the listening ports and their associated IP addresses.
Real-Life Use Case:
- As an administrator, you can quickly verify which services are running on your server, especially after making configuration changes or installing new software.
3. Show Specific Protocol (TCP/UDP) Connections
To filter the connections by protocol, use the -t for TCP and -u for UDP:
netstat -t
netstat -u
The first command lists active TCP connections, and the second shows active UDP connections.
Real-Life Use Case:
- Use this to verify if certain services that rely on a specific protocol, like HTTP (TCP), are functioning correctly.
4. Show Network Statistics
For a summary of network statistics, including interface and protocol-specific data, use:
netstat -s
This will provide detailed information about errors, packet counts, and protocol-specific data.
Real-Life Use Case:
- Helps diagnose network problems by providing a breakdown of error rates, collisions, and drops at the protocol level, essential when troubleshooting performance issues.
5. Show Network Connections by Program (PID)
To display network connections and identify the program using each connection, use:
netstat -tulnp
This command displays active listening ports along with the program’s PID and name.
Real-Life Use Case:
- Find out which service or application is occupying a specific port, aiding in identifying potential conflicts or unauthorized services.
6. Display Routing Table
To show the kernel routing table, which is essential for understanding how data is routed across the network, use:
netstat -r
Real-Life Use Case:
- Useful for verifying network routing and diagnosing issues related to network communication between different subnets or external networks.
7. Show Interface Statistics
To display statistics about network interfaces (e.g., packet transfer rates, errors), use:
netstat -i
Real-Life Use Case:
- When managing high-traffic servers, you can use this command to monitor interface activity and identify potential bottlenecks or hardware issues.
8. Display Specific IP Address Connections
To display all connections involving a particular IP address, use:
netstat -an | grep 192.168.1.1
Replace 192.168.1.1 with the IP you are interested in.
Real-Life Use Case:
- You may want to trace connections from a specific IP to investigate network traffic or potential attacks from a suspicious source.
9. Display Open Ports with Numerical Addresses
To list open ports with numeric addresses, avoiding the use of hostnames, use:
netstat -n
Real-Life Use Case:
- When DNS resolution might be slow or misconfigured, use this command to speed up the connection check by bypassing DNS lookups.
10. Display TCP Connections with State Information
To view active TCP connections along with their states (e.g., ESTABLISHED, LISTEN), use:
netstat -t -a
Real-Life Use Case:
- Identify which services are currently active or in the process of establishing a connection, helping in troubleshooting application connectivity.
11. Check for High Number of Connections
If your server is experiencing issues with excessive connections, use:
netstat -an | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
This shows how many connections are made from each IP address, sorted by frequency.
Real-Life Use Case:
- When investigating a server under DDoS attack or simply experiencing high traffic, this command helps pinpoint which IPs are responsible for most connections.
12. Show UDP Port Usage
To list UDP ports in use, which is important for monitoring services like DNS or DHCP, use:
netstat -u -a
Real-Life Use Case:
- Helpful in a DNS server setup, ensuring the required UDP ports (like 53) are properly bound and open for communication.
13. Show Summary of Network Connections and Statistics
For a quick network summary that includes all protocols, listening ports, and more, use:
netstat -tuln
This shows all TCP/UDP connections in numerical form, useful for a quick overview.
Real-Life Use Case:
- Great for quick monitoring in live environments to verify if any unexpected services are listening.
14. Display Specific Application Connection Stats
To list only the network connections made by a specific application, use:
netstat -tulnp | grep [application-name]
Replace [application-name] with the name or PID of the application.
Real-Life Use Case:
- For instance, if troubleshooting a web server (e.g., Apache), use this to check all the connections made by the web server process.
15. Use ** in Combination with ** for Real-Time Monitoring
To monitor network connections in real-time, you can use watch to repeat a netstat command periodically:
watch -n 1 'netstat -tulnp'
This command will update the network statistics every second.
Real-Life Use Case:
- Useful when you need to monitor the status of connections or ports in real time, especially during troubleshooting or security auditing.
Conclusion
The netstat command is an indispensable tool for every Linux administrator. Whether you’re working with Oracle Linux 8/9, Red Hat 8/9, or Ubuntu, mastering these 15 netstat command examples will help you keep track of network activity, troubleshoot issues, and secure your system. By leveraging the power of netstat, you’ll enhance your ability to streamline day-to-day network management and resolve problems with ease.