netstat Command: Tutorial & Examples

Display network statistics

The netstat command is a versatile networking tool that is used to display detailed network statistics. It allows you to monitor incoming and outgoing network packets, as well as troubleshoot any issues related to the network. It's a vital tool for system and network administrators to understand what's happening on their servers.

Understanding How the netstat Command Works

The netstat command works by querying the network stack of the Linux Kernel to provide statistics about the network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. If you're curious about any particular network activity, netstat is your go-to command.

Importance of the netstat Command

The netstat command is important because it helps you monitor and diagnose network-related issues. For instance, if your server is experiencing high load, netstat can help you identify the connection that is causing the problem. The command is also useful for security audits as it can help identify unauthorized connections.

Typical Problems Solved by the netstat Command

netstat can be used to troubleshoot a variety of network-related issues. For instance, it can help identify why a connection to a certain server is failing, reveal which services are listening on which ports, and identify potential network failures.

Examples of Using the netstat Command

Here are some examples of how you can use the netstat command:


This basic command will display a list of active connections.

netstat -a

This command will show all active listening ports and non-listening ports.

netstat -r

This command will display the routing table.

netstat -n

This command will show numerical addresses instead of trying to determine symbolic host, port or user names.

Common Parameters of the netstat Command

Here are some common parameters you might use with the netstat command:

  • -a: Displays all connections and listening ports.
  • -n: Shows numerical addresses.
  • -r: Displays the kernel routing tables.
  • -t: Displays TCP connections.
  • -u: Displays UDP connections.

Typical Output of the netstat Command

Here's an example of typical output from the netstat command:

Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0*               LISTEN
tcp        0      0    *               LISTEN
udp        0      0    *

Each line represents a network connection, and the columns provide information about that connection, such as the protocol being used, the local and foreign address, and the state of the connection.

Common Issues When Using the netstat Command

While netstat is a powerful tool, there are a few common issues you might encounter. For example, if you see a lot of connections in the TIME_WAIT state, it could mean that your system is being targeted by a SYN flood attack. Also, be aware that netstat might take a long time to resolve hostnames if you have a slow DNS server. This can be avoided by using the -n option to display numerical addresses instead.

Except where otherwise noted, content on this site is licensed under a CC BY-SA 4.0 license CC BY SA