17th December 2024

What is Netstat? Example with Netstat Commands

Netstat (network statistics) is a utility for checking network connections from the command line. It allows us to see routing tables as well as incoming and outgoing connections. It helps you check the open Ports on your system, along with statistics on network cards.

Below are several examples of the netstat command. You can view the help document with the netstat -h command. CentOS etc. You may not be able to find the netstat program because the net-tools package is disabled in distributions. You can also use the ss command instead of netstat. Now let’s look at the examples.

Note: To apply Netstat operations in Windows, come to the CMD command screen(Start> Run> Cmd). You can perform operations from the terminal to apply it in Linux.

Netstat Parameters

You can see the Netstat Parameters with the examples below.

netstat -a | more

All Ports Listening on TCP and UDP Protocol show “netstat -a | more” command.

root@omer:~# netstat -a | more
netstat -a | more
netstat -a | more

 

netstat -at

The “netstat -at” command is used to list only TCP ports.

netstat -at
netstat -at
netstat -at

 

netstat -au

“netstat -au” komutu sadece UDP portlarını listelemek için kullanılır.

root@omer:~# netstat -au
netstat -au
netstat -au

 

netstat -l

The “netstat -l” command lists all listening connections.

root@omer:~# netstat -l
netstat -l
netstat -l

 

netstat -lt

The netstat -lt command is used to list TCP listening ports.

netstat -lt
netstat -lt
netstat -lt

 

netstat -lu

The netstat -lu command is used to list UDP listening ports.

netstat -lu
netstat -lu
netstat -lu

 

netstat -lx

Used to list the ports listening in the UNIX protocol.

netstat -lx
netstat -lx
netstat -lx

 

netstat -s

Used to view statistics by protocol.

netstat -s
netstat -s
netstat -s

 

LEARN MORE  How to Disable Enhanced Security Feature in Windows Server 2012?

netstat -st

This command is used to show TCP protocol Statistics.

netstat -st
netstat -st
netstat -st

 

netstat -su

This command is used to show UDP protocol Statistics.

netstat -su
netstat -su
netstat -su

 

netstat -tp

This command is used to view the service using the port with its PID number.

netstat -tp
netstat -tp
netstat -tp

 

netstat -ac 5 | grep tcp

This command is used to display Promiscuous Mode.

netstat -ac 5 | grep tcp
netstat -ac 5 | grep tcp

 

netstat -r

The kernel is used to view IP Routing.

netstat -r
netstat -r

 

netstat -i

Used to view the data transfers of the network card.

netstat -i
netstat -i

 

netstat -ie

Used to display the Kernel Network Interface table.

netstat -ie
netstat -ie

 

netstat -g

Used to display IPv4 and IPv6 information.

netstat -g
netstat -g

 

netstat -c

It is used to continuously display Netstat information.

netstat -c
netstat -c

 

netstat –verbose

Used to display unsupported and unconfigured address types.

netstat --verbose
netstat –verbose

 

netstat -ap | grep http

Used to list the programs that are listening.

netstat -ap | grep http
netstat -ap | grep http

 

netstat -tulpn

Used to Display the system summary and Open UDP / TCP ports.

netstat -tulpn
netstat -tulpn

 

Statistics Provided by Netstat

You can see the statistics Netstat provides in the description below.

Statistics Provided by Netstat
Statistics Provided by Netstat

 

Proto: The protocol name (TCP or UDP).

Local Address: IP address of the computer and ports used.

Foreign Address: IP address and port number of the connected computer.

State: Provides information about the state of the TCP connection.

Meanings of Netstat Connection States

You can see explanations of Netstat connection status below.

Meanings of Netstat Connection States
Meanings of Netstat Connection States

 

ESTABLISHED: Socket connection has been established.

SYN_SENT: Trying to establish a socket connection.

SYN_RECV: A connection request has been received from the network.

FIN_WAIT1: The socket is closed, the connection is about to be terminated.

LEARN MORE  Data Recovery with PhotoRec for Linux in Forensic Examinations

FIN_WAIT2: Connection has been terminated. The socket is waiting for the opposite end to terminate the connection.

TIME_WAIT: After the socket is closed, it is waiting to receive packages that may arrive.

CLOSED: Socket is not used.

CLOSE_WAIT: The other end has closed the connection. The socket is expected to turn off.

LAST_ACK: The opposite end has terminated the connection and closed the socket. Confirmation is pending.

LISTEN: The socket is in listening position for possible connections.

CLOSING: Local and remote sockets are closed but not sending all their data.

 

Leave a Reply

Your email address will not be published. Required fields are marked *