Introduction to netstat command in Linux

Introduction to netstat command in Linux

The netstat is a command-line monitoring tool in Unix which shows the network statistics of the system.It displays the both incoming and outgoing network connections, routing table, network interface statistics and masquerade connections.

netstat command output fields

The netstat command provides the different fields in their output in two sections.They are

1. Active Internet connections

This section show’s the Internet connections that are active on your Linux box.It display the output with below fields

Proto    ===> The name of the protocol like tcp,udp and raw used by the socket

Recv-Q   ===> The bytes count that not copied by the user program connected to this socket

Send-Q  ===> The bytes count that yet to be Acknowledged by the receiving host

Local Address ===> The Address and port number of the local end of the socket.

Foreign Address ===> The Address and port number of the remote host of the socket.

State ===> The state of the socket connected in between the Local Address and Foreign Address.

User ===> The username or the user id of the owner of the socket.

PID/Program name ===> The process id (PID) and process name of the process that owns the socket are seprated by slash.This identification information is not yet available for IPX sockets.

2.  Active UNIX domain sockets

This section shows the interprocess communication of unix domain sockets

Proto  ===> The name of the protocol used by the socket (generally Unix)

RefCnt  ===> This means the reference count which tells the number of users currently using that particular route

Flags ===> The flags field shows the is SO_ACCEPTON (displayed as ACC), SO_WAITDATA (W) or SO_NOSPACE (N). SO_ACCECPTON is used on unconnected sockets if their corresponding processes are waiting for a connect request.

Type ===> This display the socket type such as SOCK_DGRAM, SOCK_STREAM,   SOCK_RAW,SOCK_RDM,SOCK_SEQPACKET,SOCK_PACKET and UNKNOWN.

State ===> This field shows the socket state such as FREE,LISTENING,CONNECTING,CONNECTED,DISCONNECTING and UNKNOWN

PID/Program name  ===> This is Process ID (PID) and process name of the process that has the socket open, which is same as in Active Internet connections section

Path  ===> This is the path name as which the corresponding processes attached to the socket.

Some basic examples for netstat command

To list all the listening and non listening socket

#netstat -a

To list only the listening ports

#netstat -l

Leave a Reply

Your email address will not be published. Required fields are marked *