Netstat Commands for CentOS/RHEL
Netstat (network statistics) is a command line utility that can be used to list out all the all the tcp, udp socket connections and the unix socket connections. So by checking an open port 80 you can confirm if a web server is running on the system or not. It is extremely helpful as far as network troubleshooting and performance measurement. netstat is a standout amongst the most essential system administration troubleshooting tool, letting you know what ports are open and whether any projects are listening on ports.
This tool is essential and much helpful for Linux network administrator and additionally system administrators to monitor and troubleshoot.
Listing all the LISTENING Ports
Show both listening and non-listening (TCP and UDP) sockets.
# netstat -a
Output:
Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 node1:7788 *:* LISTEN tcp 0 0 *:9391 *:* LISTEN tcp 0 0 *:ndmp *:* LISTEN tcp 0 0 node1:ssh 192.168.10.57:53291 ESTABLISHED udp 0 0 node1:ntp *:* udp 0 0 *:ntp *:* udp 0 0 *:ndmp *:* udp 0 0 fe80::341d:6eff:feff:b40:ntp *:* Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 10 [ ] DGRAM 8256 /dev/log unix 2 [ ACC ] STREAM LISTENING 7933 @ISCSID_UIP_ABSTRACT_NAMESPACE unix 2 [ ACC ] STREAM LISTENING 8943 public/showq unix 2 [ ACC ] STREAM LISTENING 8947 private/error unix 2 [ ACC ] STREAM LISTENING 8951 private/retry unix 2 [ ACC ] STREAM LISTENING 8955 private/discard unix 2 [ ACC ] STREAM LISTENING 8959 private/local unix 2 [ ACC ] STREAM LISTENING 8963 private/virtual
Listen TCP Ports connections
Show only listen TCP (Transmission Control Protocol) port connection using following command:
# netstat -at
Output:
Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 node1:7788 *:* LISTEN tcp 0 0 *:otp *:* LISTEN tcp 0 0 *:9391 *:* LISTEN tcp 0 0 *:ndmp *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 node1:ssh 192.168.10.57:53291 ESTABLISHED tcp 0 0 *:ssh *:* LISTEN
Listen UDP Ports connections
Show only listen UDP (User Datagram Protocol) port connection using following command:
# netstat -au
Output:
Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 node1:ntp *:* udp 0 0 localhost:ntp *:* udp 0 0 *:ntp *:* udp 0 0 *:ndmp *:* udp 0 0 fe80::341d:6eff:feff:b40:ntp *:* udp 0 0 localhost:ntp *:* udp 0 0 *:ntp *:*
List all LISTENING Connections
Show only all listening ports connections using following command.
# netstat -l
Output:
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 node1:7788 *:* LISTEN tcp 0 0 *:otp *:* LISTEN tcp 0 0 *:9391 *:* LISTEN tcp 0 0 *:ndmp *:* LISTEN tcp 0 0 *:9392 *:* LISTEN Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 7933 @ISCSID_UIP_ABSTRACT_NAMESPACE unix 2 [ ACC ] STREAM LISTENING 8943 public/showq unix 2 [ ACC ] STREAM LISTENING 8947 private/error unix 2 [ ACC ] STREAM LISTENING 8951 private/retry unix 2 [ ACC ] STREAM LISTENING 8955 private/discard
List all TCP Listening Ports
Show all active TCP listening ports using following command:
# netstat -lt
Output:
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 node1:7788 *:* LISTEN tcp 0 0 *:otp *:* LISTEN tcp 0 0 *:9391 *:* LISTEN tcp 0 0 *:ndmp *:* LISTEN tcp 0 0 *:9392 *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 localhost:smtp *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 localhost:smtp *:* LISTEN
List all UDP Listening Ports
Show all active UDP listening ports using following command:
# netstat -lu
Output:
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 node1:ntp *:* udp 0 0 localhost:ntp *:* udp 0 0 *:ntp *:* udp 0 0 *:ndmp *:* udp 0 0 fe80::341d:6eff:feff:b40:ntp *:* udp 0 0 localhost:ntp *:* udp 0 0 *:ntp *:*
List all UNIX Listening Ports
Show all UNIX listening ports using following command:
# netstat -lx
Output:
Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 7933 @ISCSID_UIP_ABSTRACT_NAMESPACE unix 2 [ ACC ] STREAM LISTENING 8943 public/showq unix 2 [ ACC ] STREAM LISTENING 8947 private/error unix 2 [ ACC ] STREAM LISTENING 8951 private/retry unix 2 [ ACC ] STREAM LISTENING 8955 private/discard unix 2 [ ACC ] STREAM LISTENING 8959 private/local unix 2 [ ACC ] STREAM LISTENING 8963 private/virtual unix 2 [ ACC ] STREAM LISTENING 8967 private/lmtp unix 2 [ ACC ] STREAM LISTENING 8971 private/anvil
Show Statistics by Protocol
Display summary statistics for each protocol. This is very handy information that netstat command provides.
# netstat -s
Output:
Ip:
307572 total packets received
271 with invalid addresses
0 forwarded
0 incoming packets discarded
270037 incoming packets delivered
80610 requests sent out
Icmp:
65 ICMP messages received
21 input ICMP message failed.
ICMP input histogram:
destination unreachable: 64
echo requests: 1
70 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 69
echo replies: 1
IcmpMsg:
InType3: 64
InType8: 1
OutType0: 1
OutType3: 69
Tcp:
22944 active connections openings
3 passive connection openings
22891 failed connection attempts
0 connection resets received
1 connections established
139497 segments received
79903 segments send out
82 segments retransmited
0 bad segments received.
18 resets sent
Udp:
548 packets received
8 packets to unknown port received.
0 packet receive errors
555 packets sent
UdpLite:
TcpExt:
30 TCP sockets finished time wait in fast timer
1126 delayed acks sent
2 packets directly queued to recvmsg prequeue.
1 packets directly received from prequeue
102966 packets header predicted
467 acknowledgments not containing data received
57 predicted acknowledgments
1 times recovered from packet loss due to SACK data
1 congestion windows recovered after partial ack
0 TCP data loss events
1 fast retransmits
41 other TCP timeouts
1 DSACKs received
TCPSackMerged: 1
TCPSackShiftFallback: 2
TCPWantZeroWindowAdv: 4
IpExt:
InMcastPkts: 3925
InBcastPkts: 125994
InOctets: 184695133
OutOctets: 5417057
InMcastOctets: 162812
InBcastOctets: 10411728
Showing Statistics of TCP and UDP Protocol
TCP Protocol # netstat -st UDP Protocol # netstat -su
Displaying Service name with PID
Show all “PID/Program Name” using netstat command. This is very useful while debugging to identify which program is running on a particular port.
# netstat -tp
Output:
Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 64 node1:ssh 192.168.10.57:53291 ESTABLISHED 9296/sshd
Display Kernel IP routing
Display Kernel IP routing table with following command.
# netstat -r
Output:
Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.10.0 * 255.255.255.0 U 0 0 0 eth0 link-local * 255.255.0.0 U 0 0 0 eth0 default 192.168.10.19 0.0.0.0 UG 0 0 0 eth0
A list of flags is given below :
A: Receive all multicast at this interface.
B: OK broadcast.
D: Debugging ON.
M: Promiscuous Mode.
O: No ARP at this interface.
P: P2P connection at this interface.
R: Interface is running.
U: Interface is up.
G: Not a direct entry.
Network Interface Transactions
Show network interface packet transactions including both transferring and receiving packets with MTU size using following command.
# netstat -i
Output:
Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 420383 0 0 0 85412 0 0 0 BMRU lo 65536 0 65 0 0 0 65 0 0 0 LRU
The RX and TX columns are described as follows :
RX-OK: Correct packets received on this interface.
RX-ERR: Incorrect packets received on this interface
RX-DRP: Packets that were dropped at this interface.
RX-OVR: Packets that this interface was unable to receive.
Similar definition is for the TX columns that describe the transmitted packets.
Display extended information on the interfaces (similar to ifconfig) using netstat
# netstat -ie
Output:
Kernel Interface table
eth0 Link encap:Ethernet HWaddr 36:1D:6E:FF:B4:07
inet addr:192.168.10.43 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::341d:6eff:feff:b407/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:422645 errors:0 dropped:0 overruns:0 frame:0
TX packets:85534 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:194274900 (185.2 MiB) TX bytes:6885477 (6.5 MiB)
Interrupt:20
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:65 errors:0 dropped:0 overruns:0 frame:0
TX packets:65 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5584 (5.4 KiB) TX bytes:5584 (5.4 KiB)
IPv4 and IPv6 Information
Displays multicast group membership information for both IPv4 and IPv6.
# netstat -g
Output:
IPv6/IPv4 Group Memberships Interface RefCnt Group --------------- ------ --------------------- lo 1 all-systems.mcast.net eth0 1 all-systems.mcast.net lo 1 ff02::1 eth0 1 ff02::1:ffff:b407 eth0 1 ff02::1
Listening Programs
Find out how many programs running on a port.
# netstat -ap | grep http
Output:
tcp 0 0 techoism:51613 bom05s05-in-f10.1e100:https TIME_WAIT - tcp 0 0 techoism:51611 bom05s05-in-f10.1e100:https TIME_WAIT - tcp 0 0 techoism:51612 bom05s05-in-f10.1e100:https TIME_WAIT - tcp 0 0 techoism:51614 bom05s05-in-f10.1e100:https TIME_WAIT - tcp 0 0 techoism:51608 bom05s05-in-f10.1e100:https TIME_WAIT - tcp 0 0 techoism:51610 bom05s05-in-f10.1e100:https TIME_WAIT - tcp 0 0 *:https *:* LISTEN 1443/httpd
RAW Network Statistics
# netstat --statistics --raw
Output:
Ip:
323340 total packets received
277 with invalid addresses
0 forwarded
0 incoming packets discarded
281954 incoming packets delivered
82053 requests sent out
Icmp:
65 ICMP messages received
21 input ICMP message failed.
ICMP input histogram:
destination unreachable: 64
echo requests: 1
70 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 69
echo replies: 1
IcmpMsg:
InType3: 64
InType8: 1
OutType0: 1
OutType3: 69
UdpLite:
IpExt:
InMcastPkts: 4268
InBcastPkts: 136106
InOctets: 185955437
OutOctets: 5807297
InMcastOctets: 177616
InBcastOctets: 11236087
