Wednesday, August 15, 2012

What is Netstat Command and with examples?

netstat – show network status
The  netstat  command  displays  the  contents  of   certain network-related  data structures in various formats, depend-ing on the options you select.
 How to view Established connections only?
# netstat -natu | grep ‘ESTABLISHED’
List All Ports (both listening and non listening ports)
List all ports using netstat –a
# netstat –a | more
In order to get the summary statistics for each protocol you would use:
netstat -s | more

List all tcp ports using netstat –at

# netstat –at

List all udp ports using netstat –au

 # netstat –au

List Sockets which are in Listening State

List only listening ports using netstat –l

 # netstat –l

List only listening TCP Ports using netstat –lt

 # netstat –lt

List only listening UDP Ports using netstat –lu

 # netstat –lu

List only the listening UNIX Ports using netstat –lx

 # netstat –lx

Show the statistics for each protocol

Show statistics for all ports using netstat –s

# netstat –s

Show statistics for TCP (or) UDP ports using netstat -st (or) –su

 # netstat -st

# netstat -su

Display PID and program names in netstat output using netstat -p

netstat -p option can be combined with any other netstat option. This will add the “PID/Program Name” to the netstat output. This is very useful while debugging to identify which program is running on a particular port.
# netstat –pt
Don’t resolve host, port and user name in netstat output
When you don’t want the name of the host, port or user to be displayed, use netstat -n option. This will display in numbers, instead of resolving the host name, port name, user name.
This also speeds up the output, as netstat is not performing any look-up.
# netstat -an
If you don’t want only any one of those three items (ports, or hosts, or users) to be resolved, use following commands.

# netsat -a –numeric-ports
# netsat -a –numeric-hosts
# netsat -a –numeric-users
Display Active Connections with Process ID and Program Name
This could be very helpful to identify which program has initiated a specific network connection.
# netstat -tap

Print netstat information continuously

netstat will print information continuously every few seconds.
# netstat –c

Find the non supportive Address families in your system

# netstat –verbose

Display the kernel routing information using netstat -r

# netstat -r
Note: Use netstat -rn to display routes in numeric format without resolving for host-names.
Display the routing cache

 # netstat -rnC

To display all ports open by a process with id PID

 # netstat –aop | grep “56356”

Find out on which port a program is running

 # netstat -ap | grep ssh

Find out which process is using a particular port:

# netstat -an | grep ‘:56356′

How to find out connection count on a particular port using netstat?

 # netstat -ant | grep 56356 | wc –l

# netstat -ant | grep 80 | wc -l
Show the list of network interfaces
# netstat –i
Display extended information on the interfaces (similar to ifconfig) using netstat -ie:
# netstat –ie
How to find the Nature of connections going on my server?
# netstat -ant | awk ‘{print $6}’ | sort | uniq -c | sort -n
How to find the Nature of connections going on my server for a particular port?
# netstat -ant | grep 56356 | awk ‘{print $6}’ | sort | uniq -c | sort –n

No comments:

Post a Comment