Introduction
Netstat (Network Statistics) is a command-line utility used to monitor and troubleshoot network connections on Linux systems. It provides detailed information about active TCP/UDP connections, listening ports, routing tables, network interfaces, and protocol statistics.
This quick reference guide covers some of the most commonly used netstat commands for system administrators and developers.
View Listening Ports and Associated Processes
Display all TCP and UDP ports currently listening, along with the process ID (PID) and program name.
sudo netstat -lnptuOptions:
-l: Show listening sockets-n: Display numerical addresses instead of resolving hostnames-p: Show PID and process name-t: Show TCP connections-u: Show UDP connections
Display the Routing Table
View the system’s routing table.
netstat -rTo prevent DNS lookups and display numeric addresses:
netstat -rnIdentify Which Process Is Using a Specific Port
Find the process listening on a particular port.
netstat -pln | grep <port> | awk '{print $NF}'Example
netstat -pln | grep 8080 | awk '{print $NF}'Sample Output:
1507/pythonThis indicates that the Python process with PID 1507 is listening on port 8080.
Quickly Display IPv4 TCP Listening Services
Show active IPv4 TCP listening ports and the associated programs.
sudo netstat -vtlnp --listening -4This command is useful for quickly auditing exposed TCP services on a server.
List All Active Connections and Ports
Display all active network connections and listening ports.
netstat -aList All Listening Ports
Show only listening sockets.
netstat -lDisplay TCP Connections
View TCP connections.
netstat -tShow Process IDs and Program Names
Display the process associated with each connection.
netstat -pNote: Root privileges may be required to view all processes.
Monitor Connections Continuously
Refresh network statistics continuously in real time.
netstat -cPress Ctrl + C to stop monitoring.
Display Listening TCP and UDP Ports with Process Information
View listening TCP and UDP ports along with user and process details.
sudo netstat -lepuntThis command is particularly useful during security audits and troubleshooting sessions.
Print the Routing Table
Display the kernel routing table using numeric IP addresses.
netstat -nrSummary
Although modern Linux distributions often recommend using the ss command as a replacement, netstat remains a valuable tool for network diagnostics and system administration. Understanding these commands can help you quickly identify open ports, troubleshoot connectivity issues, and monitor network activity on your servers.
Commonly Used Commands
| Purpose | Command |
|---|---|
| View listening ports and processes | sudo netstat -lnptu |
| Show routing table | netstat -rn |
| Find process using a port | netstat -pln | grep <port> |
| Show IPv4 TCP listeners | sudo netstat -vtlnp --listening -4 |
| List all connections | netstat -a |
| List listening ports | netstat -l |
| Show TCP connections | netstat -t |
| Show process information | netstat -p |
| Continuous monitoring | netstat -c |
| Show listening TCP/UDP ports | sudo netstat -lepunt |
Keep this cheat sheet handy for quick network troubleshooting and server administration tasks.
Conclusion
netstat remains one of the most useful networking tools for Linux administrators, DevOps engineers, and developers. Whether you need to identify which service is listening on a port, inspect active connections, analyze routing tables, or troubleshoot network-related issues, netstat provides valuable insights with simple commands.
While newer tools such as ss offer improved performance and are gradually replacing netstat on modern Linux distributions, understanding netstat is still an essential skill because it is widely documented and commonly found in existing server environments.
By keeping these commands handy, you can quickly diagnose connectivity problems, verify service availability, and maintain better visibility into your system’s network activity.