LabEx
Log In Join For Free

Linux netstat Command with Practical Examples

LinuxLinuxBeginner
Practice Now

Introduction

In this lab, you will learn how to use the Linux netstat command to monitor and troubleshoot network connections and network interface statistics. The lab covers the purpose and syntax of the netstat command, explores network connections using netstat, and analyzes network statistics and troubleshoots network issues. You will gain practical experience in using netstat to understand the state of your network and identify potential problems.

The lab starts by introducing the netstat command, its purpose, and its basic syntax. It then guides you through exploring network connections using netstat, including displaying active connections, listening ports, and the processes associated with each connection. Finally, the lab covers using netstat to analyze network statistics and troubleshoot network issues, such as identifying high network utilization or connection problems.

Linux Commands Cheat Sheet

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL linux(("`Linux`")) -.-> linux/TextProcessingGroup(["`Text Processing`"]) linux(("`Linux`")) -.-> linux/SystemInformationandMonitoringGroup(["`System Information and Monitoring`"]) linux(("`Linux`")) -.-> linux/RemoteAccessandNetworkingGroup(["`Remote Access and Networking`"]) linux/TextProcessingGroup -.-> linux/grep("`Pattern Searching`") linux/SystemInformationandMonitoringGroup -.-> linux/ps("`Process Displaying`") linux/RemoteAccessandNetworkingGroup -.-> linux/ifconfig("`Network Configuring`") linux/RemoteAccessandNetworkingGroup -.-> linux/netstat("`Network Monitoring`") linux/RemoteAccessandNetworkingGroup -.-> linux/ping("`Network Testing`") subgraph Lab Skills linux/grep -.-> lab-422837{{"`Linux netstat Command with Practical Examples`"}} linux/ps -.-> lab-422837{{"`Linux netstat Command with Practical Examples`"}} linux/ifconfig -.-> lab-422837{{"`Linux netstat Command with Practical Examples`"}} linux/netstat -.-> lab-422837{{"`Linux netstat Command with Practical Examples`"}} linux/ping -.-> lab-422837{{"`Linux netstat Command with Practical Examples`"}} end

Understand the Purpose and Syntax of the netstat Command

In this step, you will learn about the purpose and basic syntax of the netstat command in Linux. The netstat command is a powerful tool for monitoring and troubleshooting network connections and network interface statistics.

To start, let's explore the basic syntax of the netstat command:

$ netstat [options]

The most common options used with netstat are:

  • -a: Display all network connections and listening ports
  • -n: Display numerical addresses instead of resolving hostnames
  • -t: Display TCP connections
  • -u: Display UDP connections
  • -p: Display the process ID and name associated with each connection
  • -s: Display networking statistics

Let's try some examples to understand the output of the netstat command:

$ sudo netstat -antp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1234/sshd
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      5678/mysqld
tcp        0      0 192.168.1.100:22        192.168.1.101:50036     ESTABLISHED 1234/sshd

Example output:

  • The netstat -antp command displays all active TCP connections, including listening ports and established connections.
  • The output shows the protocol, local and foreign addresses, connection state, and the process ID and program name associated with each connection.

This gives you a basic understanding of the netstat command and its syntax. In the next step, you will explore more advanced usage of netstat to analyze network connections.

Explore Network Connections Using the netstat Command

In this step, you will learn how to use the netstat command to explore and analyze network connections on your system.

Let's start by displaying all active network connections, including both listening ports and established connections:

$ sudo netstat -antp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1234/sshd
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      5678/mysqld
tcp        0      0 192.168.1.100:22        192.168.1.101:50036     ESTABLISHED 1234/sshd

Example output:

  • The netstat -antp command displays all active TCP connections, including listening ports and established connections.
  • The output shows the protocol, local and foreign addresses, connection state, and the process ID and program name associated with each connection.

Now, let's filter the output to show only the listening ports:

$ sudo netstat -antp | grep LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1234/sshd
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      5678/mysqld

Example output:

  • The grep LISTEN filter shows only the network connections that are in the LISTEN state, which indicates that the system is listening for incoming connections on those ports.

To display only the established connections, you can use the following command:

$ sudo netstat -antp | grep ESTABLISHED
tcp        0      0 192.168.1.100:22        192.168.1.101:50036     ESTABLISHED 1234/sshd

Example output:

  • The grep ESTABLISHED filter shows only the network connections that are in the ESTABLISHED state, which indicates that the connection is active and data can be exchanged.

By using different options and filters with the netstat command, you can explore and analyze the network connections on your system in detail.

Analyze Network Statistics and Troubleshoot Network Issues

In this final step, you will learn how to use the netstat command to analyze network statistics and troubleshoot network issues on your system.

First, let's display the overall network statistics using the -s option:

$ sudo netstat -s
Ip:
    Forwarding: 2
    ...
Tcp:
    Active opens: 10
    Passive opens: 5
    ...
Udp:
    InDatagrams: 100
    NoPorts: 20
    ...

Example output:

  • The netstat -s command displays a wide range of network statistics, including IP, TCP, and UDP statistics.
  • This information can be useful for identifying potential network performance issues or anomalies.

Next, let's take a closer look at the network interface statistics using the -i option:

$ sudo netstat -i
Kernel Interface table
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
enp0s3  1500 0     12345   0      0       0      54321     0       0       0 BMRU
lo     65536 0     54321   0      0       0      12345     0       0       0 LRU

Example output:

  • The netstat -i command displays detailed statistics for each network interface, including the number of packets received and transmitted, as well as error and drop counts.
  • This information can help you identify potential network interface issues, such as high error or drop rates.

Finally, let's use the netstat command to troubleshoot a network connection issue. Suppose you're experiencing connectivity problems with a remote server. You can use the following command to investigate the issue:

$ sudo netstat -antp | grep 192.168.1.101
tcp        0      0 192.168.1.100:22        192.168.1.101:50036     ESTABLISHED 1234/sshd

Example output:

  • The netstat -antp | grep 192.168.1.101 command searches for any active connections to the IP address 192.168.1.101.
  • The output shows that there is an established SSH connection between the local system (192.168.1.100) and the remote server (192.168.1.101).
  • This information can help you determine if the connection issue is on the local or remote system, or if the issue is with the network infrastructure between the two systems.

By using the various options and features of the netstat command, you can effectively analyze network statistics and troubleshoot network issues on your Linux system.

Summary

In this lab, you first learned about the purpose and basic syntax of the netstat command in Linux. The netstat command is a powerful tool for monitoring and troubleshooting network connections and network interface statistics. You explored the most common options used with netstat, such as -a to display all network connections and listening ports, -n to display numerical addresses instead of resolving hostnames, and -p to display the process ID and name associated with each connection.

Next, you learned how to use the netstat command to explore and analyze network connections on your system. You started by displaying all active network connections, including both listening ports and established connections, using the netstat -antp command. This provided you with detailed information about the protocol, local and foreign addresses, connection state, and the process ID and program name associated with each connection.

Linux Commands Cheat Sheet

Other Linux Tutorials you may like

Related Linux Courses
Quick Start with Linux

Quick Start with Linux

LinuxShell
Beginner
Linux for Noobs

Linux for Noobs

LinuxShell
Intermediate
Practice Linux Commands

Practice Linux Commands

LinuxShell
Beginner

We use cookies for a number of reasons, such as keeping the website reliable and secure, to improve your experience on our website and to see how you interact with it. By accepting, you agree to our use of such cookies. Privacy Policy