Linux netstat command can help you to troubleshoot network RHEL 7

Linux Netstat command stands for Network Statistics. It is a Command-line network utility Tool. By default, netstat displays a list of open sockets. If you don’t specify any address families, then the active sockets of all configured address families will be printed

Linux netstat command is very useful tool for networking issues in Linux system.

netstat command displays information about network (socket) connections for the TCP,UDP,routing tables,services,ports,network interface and network protocol statistics.

If netstat command not found in your Linux system, need to install netstat package using below yum command.

[root@arkit ~]# yum install -y net-tools

After successful installation of Linux netstat command, lets see how to use it to get the information. To see all active connection on TCP, we have to use below command arguments.

[root@arkit ~]# netstat --tcp
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.4.20:ssh 192.168.4.1:49913 ESTABLISHED
tcp 0 64 192.168.4.20:ssh 192.168.4.1:49898 ESTABLISHED
tcp6 0 0 localhost:ssh localhost:59299 ESTABLISHED
tcp6 0 0 localhost:59299 localhost:ssh ESTABLISHED

To display current open connections in your machines and you can see exactly who is connected to your system thorough an incoming and outgoing connections. List all listening services / ports and established connections, if you have more users you will get lengthy output.

# netstat -a

To display only active tcp(-t) connections and the ports which are listening for TCP connection

# netstat -at

netstat -at command output

To display only active udp(-u) connections and the ports which are listening for UDP connection

# netstat -au

netstat -au output

To dispaly active tcp (-t) and udp(-u) connections, with all listening and established connections.

# netstat -aut

You dont want to see hostnames or domain names,just display only IP address

# netstat -autn

Linux netstat command – Listening ports

List out only Listening sockets information which does not other socket information which are inactive state

# netstat -l

List out only current listening TCP ports / Sockets

# netstat -lnt

List out only which are listening UDP ports

# netstat -lun

List out only listening UNIX ports

# netstat -lx

To display summary statistics for all protocols

# netstat -s

To display statistics for only TCP and UDP ports

 # netstat -stu

You want to check particular service is running,you can see the process “master” listening on both IPV4 and IPV6 for incoming “ssh” connection.

# netstat -ntplu |grep ssh

To get the kernel IP routing table

 # netstat -rn

netstat -r to find kernel routing table

To display the multicast group information for IPv4 and IPv6 protocols.

# netstat -g -4
# netstat -g -6

netstat -g -4 -6 command output

Get usage information about the network connections

# netstat -i

netstat -i command output

To get extended usage information on the interfaces

 # netstat -ie

continuously see the connections information until you press an CTRL+c combination key

# nestat -c

If you want to see an timers information along with the Linux netstat command output then use option -o

[root@Techtutorials ~]# netstat -to
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       Timer
tcp        0      0 192.168.4.129:ssh       192.168.4.1:59310       ESTABLISHED keepalive (6151.34/0/0)
tcp        0     64 192.168.4.129:ssh       192.168.4.1:55916       ESTABLISHED on (0.37/0/0)

Masqueraded IP: IP address which will act like a Gateway where external users can see it. Internal devices can be hide behind Masqueraded IP address but external users will receive an traffic from Masqueraded IP.

To display list of masqueraded connections, use below command

# netstat -M

State of the Socket

  • ESTABLISHED  : The socket has an established connection.
  • SYN_SENT : The socket is actively attempting to establish a connection.
  • SYN_RECV  : A connection request has been received from the network.
  • FIN_WAIT1 : The socket is closed, and the connection is shutting down.
  • FIN_WAIT2 : Connection is closed, and the socket is waiting for a shutdown from the remote end.
  • TIME_WAIT  : The socket is waiting after close to handle packets still in the network.
  • CLOSE  : The socket is not being used.
  • CLOSE_WAIT :The remote end has shut down, waiting for the socket to close.
  • LAST_ACK : The remote end has shut down, and the socket is closed. Waiting for acknowledgement.
  • LISTEN : The  socket  is  listening  for incoming connections.  Such sockets are not included in the output unless you specify.
  • CLOSING : Both sockets are shut down but we still don’t have all our data sent.
  • UNKNOWN : The state of the socket is unknown.

That’s it.

Conclusion

Netstat command is used to collect network statistics and troubleshoot network related issues.

Related Articles

Problem Determination tools

Thanks for your wonderful Support and Encouragement

blank

Ravi Kumar Ankam

My Name is ARK. Expert in grasping any new technology, Interested in Sharing the knowledge. Learn more & Earn More

2 Responses

  1. blank gsrikrishna says:

    a good post. but as netstat will be deprecated i guess ‘ss’ and ‘ip’ will be more appropriate.

Leave a Reply

Your email address will not be published. Required fields are marked *