Netstat Commands for CentOS/RHEL

Share It!

Netstat (network statistics) is a command line utility that can be used to list out all the all the tcp, udp socket connections and the unix socket connections. So by checking an open port 80 you can confirm if a web server is running on the system or not. It is extremely helpful as far as network troubleshooting and performance measurement. netstat is a standout amongst the most essential system administration troubleshooting tool, letting you know what ports are open and whether any projects are listening on ports.

linux netstat

This tool is essential and much helpful for Linux network administrator and additionally system administrators to monitor and troubleshoot.

Listing all the LISTENING Ports

Show both listening and non-listening (TCP and UDP) sockets.

# netstat -a

Output:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 node1:7788                  *:*                         LISTEN
tcp        0      0 *:9391                      *:*                         LISTEN
tcp        0      0 *:ndmp                      *:*                         LISTEN
tcp        0      0 node1:ssh                   192.168.10.57:53291         ESTABLISHED
udp        0      0 node1:ntp                   *:*
udp        0      0 *:ntp                       *:*
udp        0      0 *:ndmp                      *:*
udp        0      0 fe80::341d:6eff:feff:b40:ntp *:*

Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  10     [ ]         DGRAM                    8256   /dev/log
unix  2      [ ACC ]     STREAM     LISTENING     7933   @ISCSID_UIP_ABSTRACT_NAMESPACE
unix  2      [ ACC ]     STREAM     LISTENING     8943   public/showq
unix  2      [ ACC ]     STREAM     LISTENING     8947   private/error
unix  2      [ ACC ]     STREAM     LISTENING     8951   private/retry
unix  2      [ ACC ]     STREAM     LISTENING     8955   private/discard
unix  2      [ ACC ]     STREAM     LISTENING     8959   private/local
unix  2      [ ACC ]     STREAM     LISTENING     8963   private/virtual

Listen TCP Ports connections

Show only listen TCP (Transmission Control Protocol) port connection using following command:

# netstat -at

Output:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 node1:7788                  *:*                         LISTEN
tcp        0      0 *:otp                       *:*                         LISTEN
tcp        0      0 *:9391                      *:*                         LISTEN
tcp        0      0 *:ndmp                      *:*                         LISTEN
tcp        0      0 *:ssh                       *:*                         LISTEN
tcp        0      0 node1:ssh                   192.168.10.57:53291         ESTABLISHED
tcp        0      0 *:ssh                       *:*                         LISTEN

Listen UDP Ports connections

Show only listen UDP (User Datagram Protocol) port connection using following command:

# netstat -au

Output:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
udp        0      0 node1:ntp                   *:*
udp        0      0 localhost:ntp               *:*
udp        0      0 *:ntp                       *:*
udp        0      0 *:ndmp                      *:*
udp        0      0 fe80::341d:6eff:feff:b40:ntp *:*
udp        0      0 localhost:ntp               *:*
udp        0      0 *:ntp                       *:*

List all LISTENING Connections

Show only all listening ports connections using following command.

# netstat -l

Output:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 node1:7788                  *:*                         LISTEN
tcp        0      0 *:otp                       *:*                         LISTEN
tcp        0      0 *:9391                      *:*                         LISTEN
tcp        0      0 *:ndmp                      *:*                         LISTEN
tcp        0      0 *:9392                      *:*                         LISTEN

Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     7933   @ISCSID_UIP_ABSTRACT_NAMESPACE
unix  2      [ ACC ]     STREAM     LISTENING     8943   public/showq
unix  2      [ ACC ]     STREAM     LISTENING     8947   private/error
unix  2      [ ACC ]     STREAM     LISTENING     8951   private/retry
unix  2      [ ACC ]     STREAM     LISTENING     8955   private/discard

List all TCP Listening Ports

Show all active TCP listening ports using following command:

# netstat -lt

Output:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 node1:7788                  *:*                         LISTEN
tcp        0      0 *:otp                       *:*                         LISTEN
tcp        0      0 *:9391                      *:*                         LISTEN
tcp        0      0 *:ndmp                      *:*                         LISTEN
tcp        0      0 *:9392                      *:*                         LISTEN
tcp        0      0 *:ssh                       *:*                         LISTEN
tcp        0      0 localhost:smtp              *:*                         LISTEN
tcp        0      0 *:ssh                       *:*                         LISTEN
tcp        0      0 localhost:smtp              *:*                         LISTEN

List all UDP Listening Ports

Show all active UDP listening ports using following command:

# netstat -lu

Output:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
udp        0      0 node1:ntp                   *:*
udp        0      0 localhost:ntp               *:*
udp        0      0 *:ntp                       *:*
udp        0      0 *:ndmp                      *:*
udp        0      0 fe80::341d:6eff:feff:b40:ntp *:*
udp        0      0 localhost:ntp               *:*
udp        0      0 *:ntp                       *:*

List all UNIX Listening Ports

Show all UNIX listening ports using following command:

# netstat -lx

Output:

Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     7933   @ISCSID_UIP_ABSTRACT_NAMESPACE
unix  2      [ ACC ]     STREAM     LISTENING     8943   public/showq
unix  2      [ ACC ]     STREAM     LISTENING     8947   private/error
unix  2      [ ACC ]     STREAM     LISTENING     8951   private/retry
unix  2      [ ACC ]     STREAM     LISTENING     8955   private/discard
unix  2      [ ACC ]     STREAM     LISTENING     8959   private/local
unix  2      [ ACC ]     STREAM     LISTENING     8963   private/virtual
unix  2      [ ACC ]     STREAM     LISTENING     8967   private/lmtp
unix  2      [ ACC ]     STREAM     LISTENING     8971   private/anvil

Show Statistics by Protocol

Display summary statistics for each protocol. This is very handy information that netstat command provides.

# netstat -s

Output:

Ip:
    307572 total packets received
    271 with invalid addresses
    0 forwarded
    0 incoming packets discarded
    270037 incoming packets delivered
    80610 requests sent out
Icmp:
    65 ICMP messages received
    21 input ICMP message failed.
    ICMP input histogram:
        destination unreachable: 64
        echo requests: 1
    70 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 69
        echo replies: 1
IcmpMsg:
        InType3: 64
        InType8: 1
        OutType0: 1
        OutType3: 69
Tcp:
    22944 active connections openings
    3 passive connection openings
    22891 failed connection attempts
    0 connection resets received
    1 connections established
    139497 segments received
    79903 segments send out
    82 segments retransmited
    0 bad segments received.
    18 resets sent
Udp:
    548 packets received
    8 packets to unknown port received.
    0 packet receive errors
    555 packets sent
UdpLite:
TcpExt:
    30 TCP sockets finished time wait in fast timer
    1126 delayed acks sent
    2 packets directly queued to recvmsg prequeue.
    1 packets directly received from prequeue
    102966 packets header predicted
    467 acknowledgments not containing data received
    57 predicted acknowledgments
    1 times recovered from packet loss due to SACK data
    1 congestion windows recovered after partial ack
    0 TCP data loss events
    1 fast retransmits
    41 other TCP timeouts
    1 DSACKs received
    TCPSackMerged: 1
    TCPSackShiftFallback: 2
    TCPWantZeroWindowAdv: 4
IpExt:
    InMcastPkts: 3925
    InBcastPkts: 125994
    InOctets: 184695133
    OutOctets: 5417057
    InMcastOctets: 162812
    InBcastOctets: 10411728

Showing Statistics of TCP and UDP Protocol

TCP Protocol
# netstat -st
UDP Protocol
# netstat -su

Displaying Service name with PID

Show all “PID/Program Name” using netstat command. This is very useful while debugging to identify which program is running on a particular port.

# netstat -tp

Output:

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0     64 node1:ssh                   192.168.10.57:53291         ESTABLISHED 9296/sshd

Display Kernel IP routing

Display Kernel IP routing table with following command.

# netstat -r

Output:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.10.0    *               255.255.255.0   U         0 0          0 eth0
link-local      *               255.255.0.0     U         0 0          0 eth0
default         192.168.10.19   0.0.0.0         UG        0 0          0 eth0

A list of flags is given below :
A: Receive all multicast at this interface.
B: OK broadcast.
D: Debugging ON.
M: Promiscuous Mode.
O: No ARP at this interface.
P: P2P connection at this interface.
R: Interface is running.
U: Interface is up.
G: Not a direct entry.

Network Interface Transactions

Show network interface packet transactions including both transferring and receiving packets with MTU size using following command.

# netstat -i

Output:

Kernel Interface table
Iface       MTU Met    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500   0   420383      0      0      0    85412      0      0      0 BMRU
lo        65536   0       65      0      0      0       65      0      0      0 LRU

The RX and TX columns are described as follows :
RX-OK: Correct packets received on this interface.
RX-ERR: Incorrect packets received on this interface
RX-DRP: Packets that were dropped at this interface.
RX-OVR: Packets that this interface was unable to receive.

Similar definition is for the TX columns that describe the transmitted packets.

Display extended information on the interfaces (similar to ifconfig) using netstat

# netstat -ie

Output:

Kernel Interface table
eth0      Link encap:Ethernet  HWaddr 36:1D:6E:FF:B4:07
          inet addr:192.168.10.43  Bcast:192.168.10.255  Mask:255.255.255.0
          inet6 addr: fe80::341d:6eff:feff:b407/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:422645 errors:0 dropped:0 overruns:0 frame:0
          TX packets:85534 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:194274900 (185.2 MiB)  TX bytes:6885477 (6.5 MiB)
          Interrupt:20

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:65 errors:0 dropped:0 overruns:0 frame:0
          TX packets:65 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:5584 (5.4 KiB)  TX bytes:5584 (5.4 KiB)

IPv4 and IPv6 Information

Displays multicast group membership information for both IPv4 and IPv6.

# netstat -g

Output:

IPv6/IPv4 Group Memberships
Interface       RefCnt Group
--------------- ------ ---------------------
lo              1      all-systems.mcast.net
eth0            1      all-systems.mcast.net
lo              1      ff02::1
eth0            1      ff02::1:ffff:b407
eth0            1      ff02::1

Listening Programs

Find out how many programs running on a port.

# netstat -ap | grep http

Output:

tcp        0      0 techoism:51613                  bom05s05-in-f10.1e100:https TIME_WAIT   -
tcp        0      0 techoism:51611                  bom05s05-in-f10.1e100:https TIME_WAIT   -
tcp        0      0 techoism:51612                  bom05s05-in-f10.1e100:https TIME_WAIT   -
tcp        0      0 techoism:51614                  bom05s05-in-f10.1e100:https TIME_WAIT   -
tcp        0      0 techoism:51608                  bom05s05-in-f10.1e100:https TIME_WAIT   -
tcp        0      0 techoism:51610                  bom05s05-in-f10.1e100:https TIME_WAIT   -
tcp        0      0 *:https                     *:*                         LISTEN      1443/httpd

RAW Network Statistics

# netstat --statistics --raw

Output:

Ip:
    323340 total packets received
    277 with invalid addresses
    0 forwarded
    0 incoming packets discarded
    281954 incoming packets delivered
    82053 requests sent out
Icmp:
    65 ICMP messages received
    21 input ICMP message failed.
    ICMP input histogram:
        destination unreachable: 64
        echo requests: 1
    70 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 69
        echo replies: 1
IcmpMsg:
        InType3: 64
        InType8: 1
        OutType0: 1
        OutType3: 69
UdpLite:
IpExt:
    InMcastPkts: 4268
    InBcastPkts: 136106
    InOctets: 185955437
    OutOctets: 5807297
    InMcastOctets: 177616
    InBcastOctets: 11236087

Leave a Reply

Your email address will not be published.