netstat

List all ports

$ netstat [[-a|--all]]

$ netstat [[-l|--listening]]

$ netstat [[-t|--tcp]]

$ netstat [[-p|--program]]

$ netstat [[-c|--continuous]]

$ netstat [[-rn|--route --numeric]]

$ netstat [[-tulpne|--tcp --udp --listening --program --numeric --extend]]

netstat [options]

-a, --all
    Displays all sockets, including both listening and non-listening (established) connections.

-l, --listening
    Shows only listening sockets (i.e., servers waiting for connections).

-t, --tcp
    Displays only TCP (Transmission Control Protocol) connections.

-u, --udp
    Displays only UDP (User Datagram Protocol) connections.

-n, --numeric
    Shows numerical addresses and port numbers instead of resolving hostnames, service names, and user IDs. This speeds up output.

-p, --programs
    Displays the PID (Process ID) and name of the program owning the socket. Requires root privileges to see all processes.

-r, --route
    Shows the kernel IP routing table. This is equivalent to using the route -e command.

-i, --interfaces
    Displays a table of all network interfaces and their statistics, including bytes sent/received and error counts.

-s, --statistics
    Presents per-protocol statistics for various network protocols (e.g., IP, ICMP, TCP, UDP).

-c, --continuous
    Displays the selected information continuously, updating every one second until interrupted (Ctrl+C).

The netstat (network statistics) command is a command-line utility used to display network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. It provides a comprehensive overview of network activity on a Linux system.

Historically, netstat has been an essential tool for system administrators and network engineers for troubleshooting network connectivity issues, monitoring network performance, and identifying open ports or suspicious connections. It can show both active and passive sockets, including TCP, UDP, raw, and Unix domain sockets. Although widely used for decades, netstat is now considered deprecated in many modern Linux distributions. Its functionality has largely been superseded by tools from the iproute2 suite, primarily ss for socket information and ip for routing and interface details, which offer more robust features and better performance.

The netstat command is part of the net-tools package, which has been largely superseded by the iproute2 suite in modern Linux distributions. While still present for backward compatibility, new development and features are focused on ss and ip. Users are encouraged to transition to these newer tools for more efficient and robust network management. Parsing netstat output in scripts can be fragile due to its text-based, human-readable format.

Here are some common ways to use netstat:
- To list all active TCP connections: netstat -atn
- To list all listening UDP ports with associated programs: netstat -ulpn
- To view the routing table: netstat -rn
- To monitor interface statistics continuously: netstat -ic

netstat output often includes TCP socket states, which are crucial for understanding connection lifecycles:
- LISTEN: The server is waiting for a connection request.
- ESTABLISHED: A connection is actively open and data is being exchanged.
- TIME_WAIT: The client has closed its end of the connection, but is waiting for the server to acknowledge.
- CLOSE_WAIT: The server has received a FIN from the client and is waiting for the application to close the socket.
- SYN_SENT: A connection request has been sent.
- SYN_RECV: A connection request has been received and a SYN-ACK has been sent.

The netstat utility has been a staple in Unix-like operating systems for decades, providing essential network diagnostic capabilities. It was historically bundled as part of the net-tools package. With the advent of IPv6 and the need for more efficient and scriptable network management tools, the iproute2 suite began to replace net-tools. Commands like ss and ip were developed to offer superior performance, better IPv6 support, and more machine-parseable output, leading to netstat's eventual deprecation in many contemporary Linux systems.

ss(8), ip(8), lsof(8), route(8)