netstat
-
User Interface written by: Fred Baumgarten.
Stands for: network statistics
Used for: Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships
netstat man page: http://bit.ly/2rFqJ81
Notes:- Some options vary between different platforms.
- Some output is different between platforms.
- The under some options the output differs between non-root & root accounts.
- The type of information displayed is controlled by the first option. See table below:
First Option Description noneDisplays all open sockets -r |--routeDisplay the kernel routing tables, netstat -r&route -eprint the same output-g |--groupDisplay multicast group membership information for IPv4 and IPv6. -i |--interfacesDisplay a table of all network interfaces. -M |--masqueradeDisplay a table of masqueraded connections. -s |--statisticsDisplay summary statistics for each protocol. This does not mean you have to use the first option always.
Useful combinations of options. You can combine the single letter options, i.e. you do not need a dash in front it each one, just the first one.
--inet- just displays the raw, udp and tcp protocol sockets. Most people use-tfor tcp or-ufor udp instead.
-a- displays listening & non-listening sockets.$ netstat --inet -a (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost:32000 *:* LISTEN - tcp 0 0 localhost:9000 *:* LISTEN - tcp 0 0 *:9001 *:* LISTEN - tcp 0 0 localhost:mysql *:* LISTEN - tcp 0 0 *:http *:* LISTEN - tcp 0 0 binter:domain *:* LISTEN - tcp 0 0 *:ssh *:* LISTEN - tcp 0 0 localhost:ipp *:* LISTEN - tcp 0 0 10.50.20.15:9001 10.50.20.15:50823 ESTABLISHED - tcp 0 0 localhost:9001 localhost:44770 ESTABLISHED - tcp 0 0 10.50.20.15:829 10.50.20.15:9001 ESTABLISHED - tcp 0 0 localhost:44761 localhost:9001 ESTABLISHED - tcp 0 0 localhost:44758 localhost:9001 ESTABLISHED - ... ... ...-p- display the process id using the socket, when done as root.$ sudo netstat --inet -ap Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost:32000 *:* LISTEN 2853/java tcp 0 0 localhost:9000 *:* LISTEN 3860/java tcp 0 0 *:9001 *:* LISTEN 3450/java tcp 0 0 localhost:mysql *:* LISTEN 1478/mysqld tcp 0 0 *:http *:* LISTEN 3064/lighttpd tcp 0 0 binter:domain *:* LISTEN 925/dnsmasq tcp 0 0 *:ssh *:* LISTEN 1387/sshd tcp 0 0 localhost:ipp *:* LISTEN 860/cupsd tcp 0 0 10.50.20.15:9001 10.50.20.15:823 ESTABLISHED 3450/java tcp 0 0 localhost:9001 localhost:44770 ESTABLISHED 3450/java tcp 0 0 10.50.20.15:50829 10.50.20.15:9001 ESTABLISHED 3450/java tcp 0 0 localhost:44761 localhost:9001 ESTABLISHED 3860/java tcp 0 0 localhost:44758 localhost:9001 ESTABLISHED 3860/java ... ... ...-l- display just the listening sockets.$ netstat --inet -l Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 localhost:32000 *:* LISTEN tcp 0 0 localhost:9000 *:* LISTEN tcp 0 0 *:9001 *:* LISTEN tcp 0 0 localhost:mysql *:* LISTEN tcp 0 0 *:http *:* LISTEN tcp 0 0 binter:domain *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 localhost:ipp *:* LISTEN udp 0 0 *:27701 *:* udp 0 0 *:19656 *:* udp 0 0 diyvb:domain *:* udp 0 0 *:bootpc *:* udp 0 0 *:bootpc *:* udp 0 0 *:37179 *:* udp 0 0 *:ipp *:* udp 0 0 *:9326 *:* udp 0 0 *:mdns *:*-e- provide some extra information, the user and inode.$ sudo netstat --inet -l -e Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode tcp 0 0 localhost:32000 *:* LISTEN root 15681 tcp 0 0 localhost:9000 *:* LISTEN root 20186 tcp 0 0 *:9001 *:* LISTEN root 20058 tcp 0 0 localhost:mysql *:* LISTEN mysql 12476 tcp 0 0 *:http *:* LISTEN root 16048 tcp 0 0 binter:domain *:* LISTEN root 10755 tcp 0 0 *:ssh *:* LISTEN root 11679 tcp 0 0 localhost:ipp *:* LISTEN root 10535 udp 0 0 *:27701 *:* root 10671 udp 0 0 binter:domain *:* root 10754 udp 0 0 *:bootpc *:* root 12931 udp 0 0 *:bootpc *:* root 10707 udp 0 0 *:37179 *:* avahi 9661 udp 0 0 *:ipp *:* root 10598 udp 0 0 *:9326 *:* root 12905 udp 0 0 *:mdns *:* avahi 9659-c- loops the command.
-s- show all the network statistics.The
-noption displays in numeric addresses.$ netstat --inet -an Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:9418 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 10.0.2.15:22 10.0.2.2:45268 ESTABLISHED udp 0 0 0.0.0.0:68 0.0.0.0:* udp 0 0 0.0.0.0:68 0.0.0.0:*Display all tcp/udp sockets, listening and non-listening, and include the program process id.
$ sudo netstat -tapuThe commonly seen states.
ESTABLISHED
The socket has an established connection.LISTEN
The socket is listening for incoming connections. Such sockets are not included in the output unless you specify the --listening (-l) or --all (-a) option.
© Lightnetics 2024