by Netstat (network statistics) is a utility for checking network connections from the command line. It allows us to see routing tables as well as incoming and outgoing connections. It helps you check the open Ports on your system, along with statistics on network cards.
Below are several examples of the netstat command. You can view the help document with the netstat -h command. CentOS etc. You may not be able to find the netstat program because the net-tools package is disabled in distributions. You can also use the ss command instead of netstat. Now let’s look at the examples.
Note: To apply Netstat operations in Windows, come to the CMD command screen(Start> Run> Cmd). You can perform operations from the terminal to apply it in Linux.
Netstat Parameters
You can see the Netstat Parameters with the examples below.
netstat -a | more
All Ports Listening on TCP and UDP Protocol show “netstat -a | more” command.
root@omer:~# netstat -a | more
netstat -at
The “netstat -at” command is used to list only TCP ports.
netstat -at
netstat -au
“netstat -au” komutu sadece UDP portlarını listelemek için kullanılır.
root@omer:~# netstat -au
netstat -l
The “netstat -l” command lists all listening connections.
root@omer:~# netstat -l
netstat -lt
The netstat -lt command is used to list TCP listening ports.
netstat -lt
netstat -lu
The netstat -lu command is used to list UDP listening ports.
netstat -lu
netstat -lx
Used to list the ports listening in the UNIX protocol.
netstat -lx
netstat -s
Used to view statistics by protocol.
netstat -s
netstat -st
This command is used to show TCP protocol Statistics.
netstat -st
netstat -su
This command is used to show UDP protocol Statistics.
netstat -su
netstat -tp
This command is used to view the service using the port with its PID number.
netstat -tp
netstat -ac 5 | grep tcp
This command is used to display Promiscuous Mode.
netstat -r
The kernel is used to view IP Routing.
netstat -i
Used to view the data transfers of the network card.
netstat -ie
Used to display the Kernel Network Interface table.
netstat -g
Used to display IPv4 and IPv6 information.
netstat -c
It is used to continuously display Netstat information.
netstat –verbose
Used to display unsupported and unconfigured address types.
netstat -ap | grep http
Used to list the programs that are listening.
netstat -tulpn
Used to Display the system summary and Open UDP / TCP ports.
Statistics Provided by Netstat
You can see the statistics Netstat provides in the description below.
Proto: The protocol name (TCP or UDP).
Local Address: IP address of the computer and ports used.
Foreign Address: IP address and port number of the connected computer.
State: Provides information about the state of the TCP connection.
Meanings of Netstat Connection States
You can see explanations of Netstat connection status below.
ESTABLISHED: Socket connection has been established.
SYN_SENT: Trying to establish a socket connection.
SYN_RECV: A connection request has been received from the network.
FIN_WAIT1: The socket is closed, the connection is about to be terminated.
FIN_WAIT2: Connection has been terminated. The socket is waiting for the opposite end to terminate the connection.
TIME_WAIT: After the socket is closed, it is waiting to receive packages that may arrive.
CLOSED: Socket is not used.
CLOSE_WAIT: The other end has closed the connection. The socket is expected to turn off.
LAST_ACK: The opposite end has terminated the connection and closed the socket. Confirmation is pending.
LISTEN: The socket is in listening position for possible connections.
CLOSING: Local and remote sockets are closed but not sending all their data.
