Linux Tutorials - Herong's Tutorial Examples - v5.44, by Herong Yang
"netstat" - Display Network Statistics
This section provides a tutorial example on how to use 'netstat' command to display network statistics
"netstat" is a command line tool that allows you to see network statistics. Here are some examples on using the "netstat" command:
1. Display network traffic on all connections of all protocols:
herong$ netstat Active Internet connections (w/o servers) Proto Local Address Foreign Address State tcp localhost:37124 hy.lcl:opsession-prxy ESTABLISHED tcp localhost:imaps 192.168.1.4:64389 ESTABLISHED tcp localhost:49482 192.168.1.:microsoft-ds ESTABLISHED tcp localhost:ssh 192.168.1.3:59077 ESTABLISHED tcp6 localhost:http 192.168.1.6:49649 SYN_RECV tcp6 hy.lcl:opsession-prxy 192.168.1.7:65013 ESTABLISHED Active UNIX domain sockets (w/o servers) Proto Type State I-Node Path unix DGRAM 28443 /var/run/chrony/chronyd.sock unix DGRAM 304 /run/systemd/notify unix STREAM CONNECTED 13695366 /run/dbus/system_bus_socket unix STREAM CONNECTED 50540 /run/user/1000/bus unix STREAM CONNECTED 48302 @/tmp/dbus-YGMQX5OB ... Active Bluetooth connections (w/o servers) Proto Destination Source State PSM DCID SCID IMTU OMTU Security Proto Destination Source State Channel
There are some special connections in the output:
# this is a Microsoft file share connection tcp localhost:49482 192.168.1.:microsoft-ds ESTABLISHED # this is an IMAP client connection tcp localhost:imaps 192.168.1.4:64389 ESTABLISHED # this is an SSH client connection tcp localhost:ssh 192.168.1.3:59077 ESTABLISHED # this is an HTTP client connection tcp6 localhost:http 192.168.1.6:49649 SYN_RECV # remove app connects to local MySQL server tcp6 hy.lcl:opsession-prxy 192.168.1.7:65013 ESTABLISHED # local app connects to local MySQL server tcp localhost:37124 hy.lcl:opsession-prxy ESTABLISHED
2. Show TCP ports the local host is listening. Looks like I have so many network services that are running. I need to close some of them.
herong$ netstat -lt Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:imap 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:urd 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN tcp 0 0 localhost:ipp 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:smtp 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:pptp 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:imaps 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:pop3s 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:submission 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:pop3 0.0.0.0:* LISTEN tcp6 0 0 [::]:sunrpc [::]:* LISTEN tcp6 0 0 [::]:imap [::]:* LISTEN tcp6 0 0 [::]:http [::]:* LISTEN tcp6 0 0 [::]:urd [::]:* LISTEN tcp6 0 0 [::]:ftp [::]:* LISTEN tcp6 0 0 [::]:ssh [::]:* LISTEN tcp6 0 0 localhost:ipp [::]:* LISTEN tcp6 0 0 [::]:smtp [::]:* LISTEN tcp6 0 0 [::]:https [::]:* LISTEN tcp6 0 0 [::]:imaps [::]:* LISTEN tcp6 0 0 [::]:websm [::]:* LISTEN tcp6 0 0 [::]:pop3s [::]:* LISTEN tcp6 0 0 [::]:mysqlx [::]:* LISTEN tcp6 0 0 [::]:mysql [::]:* LISTEN tcp6 0 0 [::]:submission [::]:* LISTEN tcp6 0 0 [::]:opsession-prxy [::]:* LISTEN tcp6 0 0 [::]:pop3 [::]:* LISTEN
3. Show UDP ports the local host is listening. Looks like I have so many network services that are running. I need to close some of them.
herong$ netstat -lu Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 localhost:domain 0.0.0.0:* udp 0 0 0.0.0.0:bootps 0.0.0.0:* udp 0 0 localhost:bootpc 0.0.0.0:* udp 0 0 0.0.0.0:sunrpc 0.0.0.0:* udp 0 0 localhost:323 0.0.0.0:* udp 0 0 0.0.0.0:54488 0.0.0.0:* udp 0 0 0.0.0.0:mdns 0.0.0.0:* udp6 0 0 [::]:sunrpc [::]:* udp6 0 0 localhost:323 [::]:* udp6 0 0 [::]:mdns [::]:* udp6 0 0 [::]:35424 [::]:*
4. Show TCP connections with their PIDs and program names:
herong$ netstat -tp Active Internet connections (w/o servers) Proto Local Address Foreign Address PID/Program name tcp localhost:37124 hy.lcl:opsession-prxy 2906969/python3 tcp localhost:imaps 192.168.1.7:64389 2906300/dovecot/imap tcp localhost:49482 192.168.1.:microsoft-ds - tcp localhost:urd 192.168.1.6:60248 2910580/smtpd tcp localhost:37122 hy.lcl:opsession-prxy 2906969/python3 tcp localhost:ssh 192.168.1.4:59077 2906443/sshd: herong tcp6 hy.lcl:opsession-prxy localhost:37124 5067/mysqld tcp6 hy.lcl:opsession-prxy 192.168.1.7:65013 5067/mysqld
Table of Contents
Cockpit - Web Portal for Administrator
SELinux - Security-Enhanced Linux
Setup Ethernet Connection on CentOS
Network Firewall Tools on CentOS
"firewalld" and "firewall-cmd" on CentOS
Manage Multiple Firewall Zones
"nftables" and "nft" on CentOS
"nmap" - Network Mapper on CentOS
Monitor Network Services on CentOS
"ifconfig" - Trace Routes to Remote Host
"traceroute" - Trace Routes to Remote Host
►"netstat" - Display Network Statistics
SSH Protocol and ssh/scp Commands
Software Package Manager on CentOS - DNF and YUM
vsftpd - Very Secure FTP Daemon