Master the netstat Command: Monitor Network Connections in Linux

Analyze network activity with the netstat command! (Note: Consider ss for modern systems.)

What is the netstat Command?

Think of the netstat command as a window into your network, displaying active connections, routing tables, and interface statistics. While powerful, it’s often replaced by ss in modern Linux.

Why netstat is Essential

Connection Monitoring

View active network connections.

Network Diagnostics

Check routing and interface stats.

Security Auditing

Identify open ports and services.

Syntax and Options

The netstat command displays network information:

netstat [options]

Key options:

  • -a: Show all connections, including listening.
  • -t: Display TCP connections.
  • -u: Display UDP connections.
  • -r: Show routing table.
  • -p: Show program names and PIDs.

Alternative: Use ss for faster output (e.g., ss -tuln).

Real-World Examples

1. List All Connections

Type this:

netstat -a

Output: Lists all active and listening connections.

2. Show TCP Connections

View TCP connections:

netstat -t

Output: Lists TCP connections with state (e.g., ESTABLISHED).

3. Display Routing Table

Check routing information:

netstat -r

Output: Shows routing table with gateways.

4. Show Listening Ports

List listening ports with programs:

netstat -tulnp

Output: Shows TCP/UDP listening ports with PIDs.

5. Filter by Program

Find connections by a program:

netstat -ap | grep ssh

Output: Lists SSH-related connections.

Advanced Usage

Master netstat with these techniques:

  • Continuous Monitoring: Use -c for real-time updates.
  • Filter Output: Combine with grep or awk.
  • Port Security: Use -tulnp to audit open ports.
  • Modern Alternative: Use ss -tuln for faster results.

Example: Continuous monitoring:

netstat -c -t

Pro Tips

Security Checks: Use -tulnp to find open ports.

Debugging: Filter with grep for specific services.

Switch to ss: Use ss -tuln for modern systems.

Common Mistakes to Avoid

Avoid these pitfalls with netstat:

  • Overwhelming Output: Use specific flags like -t or -u.
  • Missing sudo: Some options require root privileges.
  • Using on Modern Systems: Prefer ss for efficiency.

Explore More Linux Commands

Master Linux with our expert guides!