Linux netstat command can help you to troubleshoot network RHEL 7
Linux Netstat command stands for Network Statistics. It is a Command-line network utility Tool. By default, netstat displays a list of open sockets. If you don’t specify any address families, then the active sockets of all configured address families will be printed
Linux netstat command is very useful tool for networking issues in Linux system.
netstat command displays information about network (socket) connections for the TCP,UDP,routing tables,services,ports,network interface and network protocol statistics.
If netstat command not found in your Linux system, need to install netstat package using below yum command.
[root@arkit ~]# yum install -y net-tools
After successful installation of Linux netstat command, lets see how to use it to get the information. To see all active connection on TCP, we have to use below command arguments.
[root@arkit ~]# netstat --tcp Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 192.168.4.20:ssh 192.168.4.1:49913 ESTABLISHED tcp 0 64 192.168.4.20:ssh 192.168.4.1:49898 ESTABLISHED tcp6 0 0 localhost:ssh localhost:59299 ESTABLISHED tcp6 0 0 localhost:59299 localhost:ssh ESTABLISHED
To display current open connections in your machines and you can see exactly who is connected to your system thorough an incoming and outgoing connections. List all listening services / ports and established connections, if you have more users you will get lengthy output.
# netstat -a
To display only active tcp(-t) connections and the ports which are listening for TCP connection
# netstat -at
To display only active udp(-u) connections and the ports which are listening for UDP connection
# netstat -au
To dispaly active tcp (-t) and udp(-u) connections, with all listening and established connections.
# netstat -aut
You dont want to see hostnames or domain names,just display only IP address
# netstat -autn
Linux netstat command – Listening ports
List out only Listening sockets information which does not other socket information which are inactive state
# netstat -l
List out only current listening TCP ports / Sockets
# netstat -lnt
List out only which are listening UDP ports
# netstat -lun
List out only listening UNIX ports
# netstat -lx
To display summary statistics for all protocols
# netstat -s
To display statistics for only TCP and UDP ports
# netstat -stu
You want to check particular service is running,you can see the process “master” listening on both IPV4 and IPV6 for incoming “ssh” connection.
# netstat -ntplu |grep ssh
To get the kernel IP routing table
# netstat -rn
To display the multicast group information for IPv4 and IPv6 protocols.
# netstat -g -4 # netstat -g -6
Get usage information about the network connections
# netstat -i
To get extended usage information on the interfaces
# netstat -ie
continuously see the connections information until you press an CTRL+c combination key
# nestat -c
If you want to see an timers information along with the Linux netstat command output then use option -o
[root@Techtutorials ~]# netstat -to Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State Timer tcp 0 0 192.168.4.129:ssh 192.168.4.1:59310 ESTABLISHED keepalive (6151.34/0/0) tcp 0 64 192.168.4.129:ssh 192.168.4.1:55916 ESTABLISHED on (0.37/0/0)
Masqueraded IP: IP address which will act like a Gateway where external users can see it. Internal devices can be hide behind Masqueraded IP address but external users will receive an traffic from Masqueraded IP.
To display list of masqueraded connections, use below command
# netstat -M
State of the Socket
- ESTABLISHED : The socket has an established connection.
- SYN_SENT : The socket is actively attempting to establish a connection.
- SYN_RECV : A connection request has been received from the network.
- FIN_WAIT1 : The socket is closed, and the connection is shutting down.
- FIN_WAIT2 : Connection is closed, and the socket is waiting for a shutdown from the remote end.
- TIME_WAIT : The socket is waiting after close to handle packets still in the network.
- CLOSE : The socket is not being used.
- CLOSE_WAIT :The remote end has shut down, waiting for the socket to close.
- LAST_ACK : The remote end has shut down, and the socket is closed. Waiting for acknowledgement.
- LISTEN : The socket is listening for incoming connections. Such sockets are not included in the output unless you specify.
- CLOSING : Both sockets are shut down but we still don’t have all our data sent.
- UNKNOWN : The state of the socket is unknown.
Netstat command is used to collect network statistics and troubleshoot network related issues.