Table of Contents
This tip is about the how to Use the netstat Command in Linux. So read this free guide, How to Use the netstat Command in Linux step by step. If you have query related to same article you may contact us.
How to Use the netstat Command in Linux – Guide
netstat (network stats) is a command-line tool for controlling inbound and outbound network connections as well as displaying routing tables, interface statistics, etc.
netstat is available on all Unix-like operating systems and also available for use on Windows operating system. It is very useful when used during network troubleshooting and performance measurement. netstat is one of the most fundamental network service debugging tools, telling you which ports are open and if any programs are listening on the ports.
Let’s look at uses of the netstat command on Linux.
Viewing the Routing Table
When you invoke netstat with the -r flag, it displays the kernel’s routing table the way we have the route. On vstout, it produces:
# netstat -nr Kernel IP Routing table Destination Gateway Genmask MSS Flags Irtt window Iface 127.0.0.1 * 255.255.255.255 UH 0 0 0 lo 172.16.1.0 * 255.255.255.0 U 0 0 0 eth0 172.16.2.0 172.16.1.1 255.255.255.0 UG 0 0 0 eth0
The -n option makes netstat print addresses as dotted quad IP numbers instead of symbolic host and network names. This option is especially useful when you want to avoid address lookups on the network (for example, to a DNS or NIS server).
The second column of netstat output shows the gateway to which the routing entry points. If no gateway is used, an asterisk will be printed. The third column shows the “generality” of the route, ie the netmask for this route. When given an IP address to find a suitable route to, the kernel goes through each of the routing table entries, taking the bitwise AND of the address and the genmask before comparing it to the destination of the route.
The fourth column displays the following flags describing the route:
G
The route uses a gateway.
you
The interface to use is up.
H
Only a single host can be reached via the route. For example, this is the case for loopback entry 127.0.0.1.
D
This route is dynamically created. It is defined whether the table entry was generated by a routing daemon such as gated or by an ICMP redirect message.
M
This route is defined if the table entry has been modified by an ICMP redirect message.
!
The route is a rejected route and datagrams will be discarded.
The next three columns show the MSS, Window, and irtt that will be applied to TCP connections established through this route. The MSS is the maximum segment size and is the size of the largest datagram the kernel will build for transmission over this route. The window is the maximum amount of data the system will accept in a single burst from a remote host. The acronym irtt stands for “return start time”.
The TCP protocol ensures that data is reliably delivered between hosts by retransmitting a datagram if it has been lost. The TCP protocol keeps a running count of how long it takes a datagram to be delivered to the remote end and an acknowledgment to be received so that it knows how long to wait before assuming that a datagram needs to be retransmitted; this process is called round-trip time. The initial round-trip time is the value the TCP protocol will use when a connection is first established.
For most types of networks, the default value is acceptable, but for some slow networks, notably certain types of amateur packet radio networks, the time is too short and causes unnecessary retransmission. The irtt value can be set using the route command. Zero values in these fields mean the default is being used.
Finally, the last field displays the network interface this route will use.
Viewing interface statistics
When called with the -i flag, netstat displays statistics for currently configured network interfaces. If the -a option is also given, it will print all interfaces present in the kernel, not just those that are currently configured. In vstout, the netstat output will look like this:
# netstat -i Kernel interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flags lo 0 0 3185 0 0 0 0 3185 0 0 0 BLRU eth0 1500 0 972633 17 20 120 628711 217 0 0 BRU
The MTU and Met fields show the current MTU and metric values for that interface. The RX and TX columns show how many packets were received or transmitted without errors (RX-OK / TX-OK) or damaged (RX-ERR / TX-ERR); how many were discarded (RX-DRP / TX-DRP); and how many were lost due to saturation (RX-OVR / TX-OVR).
The last column shows the flags that have been set for this interface. These characters are one-character versions of the long flag names that are printed when you view the interface configuration with ifconfig:
B
A broadcast address has been defined.
me
This interface is a loopback device.
M
All packets are received (promiscuous mode).
O
ARP is disabled for this interface.
FOR
This is a point-to-point connection.
R
Interface is working.
you
interface is up.
showing connections
netstat supports a set of options for displaying active or passive sockets. The -t, -u, -w, and -x options show active TCP, UDP, RAW, or Unix socket connections. If you provide the -a flag additionally, sockets that are waiting for a connection (that is, listening) are also displayed. This view will give you a list of all servers that are currently running on your system.
Invoking netstat -ta on vlager produces this output:
$ netstat -ta Active Internet connections Proto Recv-Q Send-Q Local address Foreign address (state) tcp 0 0 *: domain *: * LISTEN tcp 0 0 *: time *: * LISTEN tcp 0 0 *: smtp * : * LISTEN tcp 0 0 vlager: smtp vstout: 1040 ESTABLISHED tcp 0 0 *: telnet *: * LISTEN tcp 0 0 localhost: 1046 vbardolino: telnet ESTABLISHED tcp 0 0 *: chargen *: * LISTEN tcp 0 0 *: daytime * : * LISTEN tcp 0 0 *: discard *: * LISTEN tcp 0 0 *: echo *: * LISTEN tcp 0 0 *: shell *: * LISTEN tcp 0 0 *: login *: * LISTEN
This output shows most servers simply waiting for an incoming connection. However, the fourth line shows an inbound SMTP connection from vstout and the sixth line says there is an outbound telnet connection to vbardolino.[39]
Using the -a flag by itself will display all sockets from all families.
Final note
I hope you like the guide How to Use the netstat Command in Linux. In case if you have any query regards this article you may ask us. Also, please share your love by sharing this article with your friends.