Article directory
-
- - show all network connections
- - Show only listening network connections
- - Show only TCP connections
- - Show only UDP connections
- - Display PID (Process ID) and program name
- - Display IP address and port number in numeric format
- - Show routing table
- - Show only IPv4 or IPv6 connections
- - Display the list of group members with multicast function
- - netstat online help
- - Replacement tool 'ss' for netstat
- recommended reading
'netstat' is a command line tool for viewing network-related information.
The 'netstat' command is used to display statistical data related to IP, TCP, UDP and ICMP protocols, and is generally used to check the network connection status of each port of the machine.
This tool is usually pre-installed in the Ubuntu operating system.
- show all network connections
netstat -a
This output shows the currently active Internet connections, including those that are listening and those that have been established.
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:domain 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 pcq-mirror-02v:53416 151.101.128.223:https ESTABLISHED
tcp 25 0 pcq-mirror-02v:44984 151.101.64.223:https CLOSE_WAIT
Each line represents a connection and contains the following information:
Proto:协议类型,这里为tcp。
Recv-Q和Send-Q:接收队列和发送队列中的字节数。
Local Address:本地地址和端口。
Foreign Address:远程地址和端口。
State:连接状态。
This displays all currently active network connections, including listening and established connections.
- Show only listening network connections
netstat -l
The netstat -l command is used to display all TCP and UDP ports in listening state.
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:domain 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp6 0 0 [::]:http [::]:* LISTEN
tcp6 0 0 [::]:sunrpc [::]:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
udp 0 0 localhost:domain 0.0.0.0:*
udp 0 0 0.0.0.0:sunrpc 0.0.0.0:*
udp6 0 0 [::]:sunrpc [::]:*
raw6 0 0 [::]:ipv6-icmp [::]:* 7
raw6 0 0 [::]:ipv6-icmp [::]:* 7
A port in listening state refers to a port that is ready to accept connections. These ports are usually used on the server to wait for connection requests from clients. With the -l option, the netstat command will only display ports that are listening, not established connections.
The output will include the local address, external address and port number, as well as the status of the connection.
- Show only TCP connections
The netstat -t command displays all active TCP connections.
netstat -t
TCP (Transmission Control Protocol, Transmission Control Protocol) is a connection-oriented protocol that provides a reliable data transmission service. With the -t option, the netstat command will only display currently active TCP connections.
The output will include the local address, remote address, and port number, as well as the status of the connection.
This will display details of all TCP connections.
- Show only UDP connections
netstat -u
The netstat -u command is used to display all UDP (User Datagram Protocol) connections and related network statistics. UDP is a connectionless transport protocol typically used to transfer data quickly but does not provide reliability or flow control.
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 0.0.0.0:68 0.0.0.0:*
udp 0 0 0.0.0.0:5353 0.0.0.0:*
udp 0 0 0.0.0.0:5353 0.0.0.0:*
udp 0 0 0.0.0.0:5353 0.0.0.0:*
This output shows information about four UDP connections, including local address, local port, remote address, remote port, and connection status. Usually, the state of UDP connection is simpler, it may be "ESTABLISHED" (established) or some other specific state.
- Display PID (Process ID) and program name
netstat -tuln -p
Running this command will list all listening TCP and UDP connections and display the process name and PID associated with each connection.
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 :::111 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
udp 0 0 127.0.0.53:53 0.0.0.0:* -
udp 0 0 0.0.0.0:111 0.0.0.0:* -
udp6 0 0 :::111 :::* -
This command is useful for troubleshooting network connectivity issues, identifying which processes are using the network, and monitoring network activity.
- Display IP address and port number in numeric format
Running netstat -n will list the network connection information on the current system, including local address, local port, remote address, remote port, etc., but will not display the host name or service name.
netstat -n
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 192.168.1.2:54234 203.0.113.10:80 ESTABLISHED
tcp6 0 0 :::80 :::* LISTEN
udp 0 0 0.0.0.0:53 0.0.0.0:*
The above output can see the network connection protocol (such as TCP, UDP, TCP6), local address and port, remote address and port, and connection status, but there is no host name or service name resolution.
Using netstat -n can speed up viewing your network connections and make it easier to analyze and understand what's going on when needed.
- Show detailed network statistics:
netstat -s
The output shows various network statistics, including the number of packets received and sent, errors, etc.
These statistics provide information about the usage of network protocols, including number of packets received, number of packets sent, errors, connection status, etc.
- Show routing table
netstat -r
Running the netstat -r command will list the system's routing table, including destination network address, gateway, interface, flags, and more.
Destination Gateway Genmask Flags MSS Window irtt Iface
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
- Show only IPv4 or IPv6 connections
netstat -4 # 仅显示IPv4连接
netstat -6 # 仅显示IPv6连接
After executing this command: netstat -4, the information related to IPv4 network connection will be output. Output typically includes local address and port, remote address and port, protocol type, status, etc.
If netstat -6 is executed, information related to IPv6 network connections is output.
- Display the list of group members with multicast function
netstat -g
After executing this command, output related to the system's networking statistics will be output. This information includes multicast statistics, interface statistics, IP statistics, etc.
IPv6/IPv4 Group Memberships
Interface RefCnt Group
--------------- ------ ---------------------
lo 1 all-systems.mcast.net
ens160 1 all-systems.mcast.net
ens192 1 all-systems.mcast.net
lo 1 ip6-allnodes
lo 1 ff01::1
ens160 1 ff02::1:ffbe:94d8
ens160 2 ip6-allnodes
ens160 1 ff01::1
ens192 1 ff02::1:ffbe:1ea3
ens192 2 ip6-allnodes
ens192 1 ff01::1
- netstat online help
netstat --help
netstat --help is replaced by man ss in some versions.
- Replacement tool 'ss' for netstat
The ss command is an alternative to the netstat command and is used to view socket statistics. Unlike netstat, ss is faster, more efficient, and supports more options.
Execute 'man ss' in Ubuntu system
man ss
recommended reading
- Install SQL Server on Ubuntu 20.04
- Easy to take notes-Ubuntu upgrade software package and precautions
- Easy Notes-Ubuntu system time change
- Ubuntu installation DHCP service and troubleshooting tutorial
- Ubuntu multipath service error handling method
- Ubuntu Samba high-risk security vulnerability repaired
- Practical tutorial on installing Ubuntu on Windows 11