Table of Contents
- Overview
- Installation
- Basic Syntax
- Common Use Cases
- Advanced Options
- Modern Alternatives
- Troubleshooting
Overview
netstat (network statistics) is a command-line tool for monitoring network connections, routing tables, interface statistics, and more. While considered legacy on modern systems, it remains widely used and available.
Key Features
- Display network connections
- Show routing tables
- List interface statistics
- View network protocol statistics
- Monitor listening ports
- Show multicast memberships
Installation
Ubuntu (22.04/24.04)
sudo apt update
sudo apt install net-toolsmacOS
# Pre-installed on macOS
# No installation neededBasic Syntax
Display All Connections
# Show all active connections
netstat -a
 
# Show all TCP connections
netstat -at
 
# Show all UDP connections
netstat -auListening Ports
# Show listening ports (numeric)
netstat -ltn
 
# Show listening ports with process info
sudo netstat -ltpnInterface Statistics
# Show interface statistics
netstat -i
 
# Show extended interface statistics
netstat -ieCommon Use Cases
1. Monitor TCP Connections
# Show all TCP connections with process info
sudo netstat -tap
 
# Show only established connections
netstat -tan | grep ESTABLISHED
 
# Count connections by state
netstat -ant | awk '{print $6}' | sort | uniq -c2. Check Listening Services
# Show all listening TCP ports
sudo netstat -tlpn
 
# Show all listening UDP ports
sudo netstat -ulpn
 
# Show both TCP and UDP listening ports
sudo netstat -tulpn3. Network Statistics
# Show protocol statistics
netstat -s
 
# Show TCP protocol statistics
netstat -st
 
# Show UDP protocol statistics
netstat -su4. Routing Table Information
# Display routing table
netstat -r
 
# Display routing table with numeric addresses
netstat -rnAdvanced Options
Continuous Output
# Update statistics every 2 seconds
netstat -c
 
# Continuous display with specific interface
netstat -ci eth0Custom Display Format
# Show specific columns
netstat -an --tcp | awk '{print $4,$5,$6}'
 
# Show connection states with counts
netstat -ant | grep -v LISTEN | awk '{print $6}' | sort | uniq -cSocket Information
# Display all raw socket information
netstat --raw
 
# Show Unix domain sockets
netstat -xModern Alternatives
SS Command (Recommended)
# Equivalent to netstat -tulpn
ss -tulpn
 
# Show all TCP connections
ss -ta
 
# Show listening sockets
ss -ltIP Command
# Show interface statistics
ip -s link
 
# Show routing table
ip routeCommon Flags Reference
Essential Options
- -a: Show all connections
- -t: TCP connections
- -u: UDP connections
- -l: Listening sockets
- -p: Show process information
- -n: Show numeric addresses
- -r: Show routing table
- -s: Show statistics
- -i: Show interface statistics
- -c: Continuous output
- -v: Verbose output
Output Format
# Numeric output (no name resolution)
netstat -n
 
# Extended information
netstat -e
 
# Wide format display
netstat -WTroubleshooting
Common Issues and Solutions
- Permission Denied
# Use sudo for process information
sudo netstat -tulpn
 
# Check user permissions
id- High CPU Usage
# Use numeric output to avoid DNS lookups
netstat -n
 
# Limit output with grep
netstat -tan | grep ESTABLISHED- Slow Command Response
# Avoid name resolution
netstat -an
 
# Focus on specific protocol
netstat -tanDebug Tips
- Find Programs Using Ports
# Check specific port usage
sudo netstat -tulpn | grep :80
 
# Find all programs with network connections
sudo netstat -tapn- Monitor Connection States
# Watch connection states
watch -n 1 'netstat -ant | grep -v LISTEN | awk "{print \$6}" | sort | uniq -c'Example Scripts
Connection Monitor
#!/bin/bash
# Monitor connection count by state
while true; do
    clear
    echo "Connection States:"
    netstat -ant | awk '{print $6}' | sort | uniq -c
    sleep 2
donePort Scanner
#!/bin/bash
# Check common ports
for port in 80 443 22 21 25 3306; do
    netstat -an | grep ":$port " | grep LISTEN
doneBest Practices
- 
Performance Considerations - Use -nto avoid DNS lookups
- Filter output with grep when possible
- Use modern alternatives (ss) for better performance
 
- Use 
- 
Security Monitoring # Check for unusual ports netstat -tulpn | grep LISTEN # Monitor established connections netstat -antp | grep ESTABLISHED
- 
Regular Monitoring - Monitor connection states
- Track listening ports
- Check for unauthorized services
 
Quick Reference
Most Used Commands
# List all listening ports
sudo netstat -tulpn
 
# Show all active connections
netstat -an
 
# Show process information
sudo netstat -tap
 
# Show routing table
netstat -r
 
# Show interface statistics
netstat -iCommon Combinations
# Full TCP connection details
sudo netstat -tapn
 
# All listening services with processes
sudo netstat -tulpn
 
# Active internet connections
netstat -tunRemember:
- Always use sudowhen process information is needed
- Consider using modern alternatives like ssfor better performance
- Use -nflag to speed up output when hostname resolution isn’t needed
This guide covers the most common and useful netstat commands. For system-specific variations, always consult the man pages (man netstat).