Introduction to netstat command in Linux
The netstat is a command-line monitoring tool in Unix which shows the network statistics of the system.It displays the both incoming and outgoing network connections, routing table, network interface statistics and masquerade connections.
netstat command output fields
The netstat command provides the different fields in their output in two sections.They are
1. Active Internet connections
This section show’s the Internet connections that are active on your Linux box.It display the output with below fields
Proto ===> The name of the protocol like tcp,udp and raw used by the socket
Recv-Q ===> The bytes count that not copied by the user program connected to this socket
Send-Q ===> The bytes count that yet to be Acknowledged by the receiving host
Local Address ===> The Address and port number of the local end of the socket.
Foreign Address ===> The Address and port number of the remote host of the socket.
State ===> The state of the socket connected in between the Local Address and Foreign Address.
User ===> The username or the user id of the owner of the socket.
PID/Program name ===> The process id (PID) and process name of the process that owns the socket are seprated by slash.This identification information is not yet available for IPX sockets.
2. Active UNIX domain sockets
This section shows the interprocess communication of unix domain sockets
Proto ===> The name of the protocol used by the socket (generally Unix)
RefCnt ===> This means the reference count which tells the number of users currently using that particular route
Flags ===> The flags field shows the is SO_ACCEPTON (displayed as ACC), SO_WAITDATA (W) or SO_NOSPACE (N). SO_ACCECPTON is used on unconnected sockets if their corresponding processes are waiting for a connect request.
Type ===> This display the socket type such as SOCK_DGRAM, SOCK_STREAM, SOCK_RAW,SOCK_RDM,SOCK_SEQPACKET,SOCK_PACKET and UNKNOWN.
State ===> This field shows the socket state such as FREE,LISTENING,CONNECTING,CONNECTED,DISCONNECTING and UNKNOWN
PID/Program name ===> This is Process ID (PID) and process name of the process that has the socket open, which is same as in Active Internet connections section
Path ===> This is the path name as which the corresponding processes attached to the socket.
Some basic examples for netstat command
To list all the listening and non listening socket
To list only the listening ports