~2 min read • Updated Jul 20, 2025
1. What Is netstat?
netstat (network statistics) is a command-line tool that provides detailed information about active network connections, ports in listening mode, protocol activity (TCP, UDP, ICMP), and routing tables. It’s part of the deprecated net-tools package and often replaced by the newer ss utility in modern Linux systems.
2. Installing netstat
If not already installed, use your package manager:
sudo apt install net-tools # Debian / Ubuntusudo yum install net-tools # CentOS / RHEL3. Basic Syntax
netstat [options]Example: show active connections:
netstat -tuln4. Common netstat Options
| Option | Description | Example |
|---|---|---|
| -t | Show TCP connections | |
| -u | Show UDP connections | |
| -l | Show listening ports | |
| -n | Do not resolve hostnames | |
| -p | Show PID and program name | |
| -a | Show all connections | |
| -r | Show routing table | |
| -s | Show protocol statistics | |
5. Combining Options
To view listening ports with process info:
netstat -tulnpSample output:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1234/mysqld
6. Modern Alternative: ss
Modern Linux systems use ss for faster, richer socket inspection:
ss -tulnss -p7. Practical Tips and Use Cases
- Use
-pto identify which process owns a port - Check for unnecessary open ports during security audits
- Skip hostname resolution with
-nto improve performance
8. Conclusion
netstat remains a valuable tool for network diagnostics, despite being replaced by ss in many distributions. Its ability to list open ports, view process associations, and display routing information makes it essential for system administrators. Mastering netstat builds a strong foundation for managing Linux network security and performance.
Written & researched by Dr. Shahin Siami