What is netstat in Linux?

Known as netstat (network statistics) is the command line utility for displaying network connections based on the Transmission Control Protocol routing tables. To measure the performance of the network, it is used for finding problems in the network as well as to determine how much traffic is on the network.

Protocols, Processes, and Ports

Connections between Internet Protocol addresses and network ports are made using protocols called Transport Control Protocol (TCP) and User Datagram Protocol (UDP), which use transport control protocols to establish connections over a network. These protocols use Internet Protocol addresses and networking ports to request a connection.

A socket is a software construct that makes one end of a network data connection possible. It is important to note that sockets can have two different states:

  • Be connected and facilitate ongoing communication with the network. 
  • Wait for an incoming connection to establish communication with them. 

The socket can also be in other states, such as the state in which it is in the middle of establishing a remote connection. But putting transient states into perspective, you can think of the socket as either connected or waiting (often referred to as listening).

The server refers to the socket that listens for connections, while the client refers to the socket that requests connections with the server. These terms have nothing to do with hardware or the roles assigned by computers. Instead, they refer to the role played by each socket at each end of the connection.

netstat allows you to discover which sockets are connected and which sockets are listening through the netstat command. In other words, netstat can tell you which ports are in use and which processes are using them. You can use it to see the following:

  • Routing tables
  • Statistics
  • The state of your multicast connections, network interfaces, and routing tables.

Several Linux utilities, such as ip and ss, have replicated the functionality of netstat over the years. Even though it is available for Linux and Unix-like operating systems, as well as Windows and Mac OS X, it remains one of the most important network analysis commands you should know.

Keep reading to learn how to use the netstat command in Linux.

Installing Net-tools on Linux

On Ubuntu, you can get the netstat package by running the command:

$ sudo apt install net-tools

You will then be able to get the netstat package by running the command:

$ apt install netstat

As soon as Netstat has been installed, run the following command to check the version:

$ netstat -v

Netstat command in Linux

The sections below teach you everything you must know about the netstat command.

Display Routing table

If you want to view the routing table, use the -nr flag with Netstat; it shows the kernel routing table like the route, allowing you to view its details on the terminal. You can use the command below to see more information on the routing table:

$ netstat -nr

Netstat can use the -nr option to print addresses divided by dots instead of symbolic names as a substitute for symbolic address names.

Display interface statistics

To view statistics for the currently configured network interface, use the flag or option '-i' with Netstat.

$ netstat -i

In addition to "-i", if the "-a" flag is also used, all kernel interfaces will be printed.

$ netstat -ai

Display Network connection:

There are various options available in Netstat for viewing active or passive sockets. These include the –t option, the –u option, the –w option, and the –x option, which describes active TCP, UDP, RAW, and Unix sockets.

Enter the following text into your terminal

$ netstat -ta

Display Network Services

If you wish to see a list of networks, as well as their current states, as well as their associated ports, you should run the following command:

$ netstat -pnltu

Display all the listening ports of TCP and UDP connection:

If you use the following commands, you will be able to see all TCP and UDP ports:

$ netstat –a | more

Display TCP Port Connection

Using the following command, you will be able to get the list of only TCP (Transmission Control Protocols) ports that can be connected:

$ netstat -at

Display UDP Port Connection

The following commands can be used to check the connection of the UDP (User Diagram Protocols) port:

$ netstat -au

Display all Listening Connections

By using the "-l" flag with Netstat, you can get a list of all the connections that are currently active:

$ netstat -l

Display all TCP Listening Ports

Using the -lt flag, we can get a list of all TCP ports that are actively listening by using the following command:

$ netstat -lt

Display all UDP listening Ports

When we use the '–lu' option, we can get a list of all the UDP ports that are actively listening to UDP traffic:

$ netstat -lu

Display all Unix Listening Ports

With the help of the –lx option, you can display a list of all UNIX ports that are actively listening:

$ netstat -lx

Showing Statistics by Protocol

The -s option can display a set of protocol-specific statistics. The statistics for TCP, UDP, ICMP, and IP protocols are shown by default. By specifying the -s option, you can display statistics for all different protocols:

$ netstat -s

Showing Statistics by TCP Protocol

When using the '–st' option with Netstat, you will be able to display a list that only includes TCP protocols:

$ netstat -st

Showing Statistics by UDP Protocol

Using the '–su' option on Netstat, you will be able to display only UDP protocols in the results:

$ netstat -su

Showing Process Names and PIDs

The -p (program) option allows us to see the process ID (PID), the name of the process that is using a socket, and information about the state of the socket. Let's look at the PIDs and names for the processes that use a listening socket and see what they are.

To ensure we receive all of the information available on the system, we use sudo to obtain all of the information, including any information that would normally require root access.

sudo netstat -p -at

Finding the Port Used by a Process

Using the grep command, we can identify a process by name and the port it uses by pipetting the output of netstat through grep. We use the -a (all), -n (numeric), and -p (program) options we used previously and used the search term "sshd" to find the process name.

sudo netstat -anp | grep "sshd"

List Multicast Group Memberships

For services such as video streaming, for example, multicasting is a technology that allows a packet to be sent only once, irrespective of the number of recipients. This greatly increases the efficiency from the sender's point of view, particularly concerning multicast transmissions.

Using the -g (groups) option, netstat will list the sockets that are members of the multicast groups on each interface.

sudo netstat -g


  • The netstat (network statistics) command in Linux monitors and analyses every aspect of a device’s networks and connections.
  • The connections that transport control protocols to establish connections are TCP and UDP.
  • TCP and UDP use networking ports to send and receive connections.
  • Using netstat, you can monitor which ports are being used and which process. This allows for monitoring multicast connections and routing cables.

When you buy linux vps, it is important to consider factors such as the level of technical support provided, the security measures in place, and the cost of the hosting plan. we offer you best services.

People also read: