netstat quick tips and tricks

Netstat is useful and necessary networking monitor tool for administrator. I will not talking anymore about manual or tutorials for it, but I will note some tips and tricks for quickly understanding/controlling it.

1. To get stat of tcp/udp connections, just use -t/-u or --tcp/--udp, for example:




[cuongpt@cuongpt-laptop ~]$ netstat -t
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 localhost:44508         yx-in-f16.1e100.n:imaps ESTABLISHED
tcp        0      0 localhost:45285         cs212.msg.sp1.yaho:http ESTABLISHED
tcp        0      0 localhost:39657         gh-in-f16.1e100.n:imaps ESTABLISHED
tcp        0      0 localhost:48026         sin04s02-in-f14.1e:http TIME_WAIT  
tcp        0      0 localhost:44509         yx-in-f16.1e100.n:imaps ESTABLISHED



2. To get stat of connections that is LISTENING, just use --listening or -l. But, if you want to show all of it, just use -a or --all, for example:



[cuongpt@cuongpt-laptop ~]$ netstat -tl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 localhost.localdoma:ipp *:*                     LISTEN     
tcp        0      0 localhost.localdom:smtp *:*                     LISTEN     
tcp        0      0 *:ideafarm-door         *:*                     LISTEN     
tcp6       0      0 [::]:ipp                [::]:*                  LISTEN     
[cuongpt@cuongpt-laptop ~]$ 
[cuongpt@cuongpt-laptop ~]$ netstat -a --listening | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 localhost.localdoma:ipp *:*                     LISTEN     
tcp        0      0 localhost.localdom:smtp *:*                     LISTEN     
tcp        0      0 *:ideafarm-door         *:*                     LISTEN     
tcp        0      0 localhost:44508         yx-in-f16.1e100.n:imaps ESTABLISHED
tcp        0      0 localhost:45285         cs212.msg.sp1.yaho:http ESTABLISHED
tcp        0     70 localhost:39657         gh-in-f16.1e100.n:imaps FIN_WAIT1  
tcp        0      0 localhost:53897         sin04s02-in-f9.1e1:http ESTABLISHED
tcp        0      0 localhost:45212         .:https                 ESTABLISHED



3. To get stat of connection and program that socket belong to, just use -p or --program. You can also get PID and program name, like this:



[cuongpt@cuongpt-laptop ~]$ netstat --numeric-host -tap
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:ipp           0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:smtp          0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:ideafarm-door   0.0.0.0:*               LISTEN      -                   
tcp        0      0 27.78.193.214:44508     74.125.45.16:imaps      ESTABLISHED 2801/thunderbird    
tcp        0      0 27.78.193.214:45285     98.136.48.44:http       ESTABLISHED 6742/telepathy-haze 
tcp        0      0 27.78.193.214:45212     76.74.254.120:https     ESTABLISHED 2603/firefox        
tcp        0      0 27.78.193.214:44509     74.125.45.16:imaps      ESTABLISHED 2801/thunderbird    
tcp        0      0 27.78.193.214:48039     69.171.227.:xmpp-client ESTABLISHED 



4. If you do not want to host or port name resolved (because you want to show port number and IP). Just use -n or --numeric option



[cuongpt@cuongpt-laptop ~]$ netstat  -tapn
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:902             0.0.0.0:*               LISTEN      -                   
tcp        0      0 27.78.193.214:44508     74.125.45.16:993        ESTABLISHED 2801/thunderbird    
tcp        0      0 27.78.193.214:45285     98.136.48.44:80         ESTABLISHED 6742/telepathy-haze 
tcp        0      0 27.78.193.214:45212     76.74.254.120:443       ESTABLISHED 2603/firefox        
tcp        0      0 27.78.193.214:44509     74.125.45.16:993        ESTABLISHED 2801/thunderbird    
tcp        0      0 27.78.193.214:48039     69.171.227.26:5222      ESTABLISHED 6740/telepathy-gabb 
tcp        0      0 27.78.193.214:58257     123.30.179.202:993      ESTABLISHED 2801/thunderbird    
tcp        0      0 27.78.193.214:53502     72.233.69.6:443         TIME_WAIT   



5. And the last one, by individual opinion, this is my most use case:



[cuongpt@cuongpt-laptop ~]$ netstat -natp
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:902             0.0.0.0:*               LISTEN      -                   
tcp        0      0 27.78.193.214:44508     74.125.45.16:993        ESTABLISHED 2801/thunderbird    
tcp        0      0 27.78.193.214:45285     98.136.48.44:80         ESTABLISHED 6742/telepathy-haze 
tcp        0      0 27.78.193.214:45212     76.74.254.120:443       ESTABLISHED 2603/firefox        
tcp        0      0 27.78.193.214:44509     74.125.45.16:993        ESTABLISHED 



Have fun with cauhoi.wordpress.com !
Cuong Pham