Hack 98. Netstat Command Examples

Netstat command displays the network related information such as network connections, routing tables, interface statistics. Following are few examples on how to use netstat command.

Display Active Internet Connections and domain sockets using netstat

# netstat –an

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 0.0.0.0:5666                0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:4086                0.0.0.0:*                   LISTEN
skipped..
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     7894   /tmp/.font-unix/fs7100
unix  2      [ ACC ]     STREAM     LISTENING     9662   /tmp/.gdm_socket
unix  2      [ ACC ]     STREAM     LISTENING     10897  @/tmp/fam-root-

Display Active Connections with Process ID and Program Name

This could be very helpful to identify which program has initiated a specific network connection.

# netstat -tap

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 *:nrpe                      *:*                         LISTEN      16277/xinetd
tcp        0      0 localhost.localdomain:smtp  *:*                         LISTEN      7263/sendmail: acce
tcp       34      0 localhost.localdomain:54221 localhost.localdomain:4089  CLOSE_WAIT  29881/httpd
tcp        0   3216 dev-db:ssh                 cpe-76-94-215-154.soca:4682 ESTABLISHED 11717/sshd: ramesh

Display Routing Table

# netstat –-route

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.1.0   *               255.255.255.0   U         0 0          0 eth0
162.244.0.0     *               255.255.0.0     U         0 0          0 eth0
default         192.168.1.1   0.0.0.0         UG        0 0          0 eth0

Display RAW network statistics

# netstat --statistics --raw

Ip:
    11080343 total packets received
    0 forwarded
    1 with unknown protocol
    0 incoming packets discarded
    11037744 incoming packets delivered
    11199763 requests sent out
Icmp:
    577135 ICMP messages received
    64 input ICMP message failed.
    ICMP input histogram:
        destination unreachable: 537
        timeout in transit: 65
        source quenches: 2
        echo requests: 576476
        echo replies: 12
        timestamp request: 3
        address mask request: 3
    581558 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 5079
        echo replies: 576476
        timestamp replies: 3

Misc Netstat Commands

List of TCP connection to and from the machine.

# netstat –-tcp –-numeric

Display TCP port that the server is listening on along with the program that is listening on that particular port.

# netstat --tcp --listening –-programs

Display the routing cache

# netstat –rnC

{ 2 comments… read them below or add one }

1 kmohan June 4, 2010 at 12:46 pm: Hi Ramesh,
awesome stuffs you have been providing.
How could I get the Proxy server IP for a particular application running in a server?
In UNIX environment.
Thanx n Regards
KMohan
2 Kiran March 18, 2011 at 5:51 pm: Hello Ramesh,

Could you please elaborate about the error message “64 input ICMP message failed.”
What does it mean, does it mean that there are some packets dropping at the host end and how to troubleshoot it.

Thanks
Kiran