Linux commands for system administrators

Understanding netstat

| netstat |

| network connections |

1. What Is netstat?

netstat (network statistics) is a command-line tool that provides detailed information about active network connections, ports in listening mode, protocol activity (TCP, UDP, ICMP), and routing tables. It’s part of the deprecated net-tools package and often replaced by the newer ss utility in modern Linux systems.

2. Installing netstat

If not already installed, use your package manager:

sudo apt install net-tools      # Debian / Ubuntu

sudo yum install net-tools      # CentOS / RHEL

3. Basic Syntax

netstat [options]

Example: show active connections:

netstat -tuln

4. Common netstat Options

Option	Description	Example
-t	Show TCP connections	`netstat -t`
-u	Show UDP connections	`netstat -u`
-l	Show listening ports	`netstat -l`
-n	Do not resolve hostnames	`netstat -n`
-p	Show PID and program name	`sudo netstat -p`
-a	Show all connections	`netstat -a`
-r	Show routing table	`netstat -r`
-s	Show protocol statistics	`netstat -s`

5. Combining Options

To view listening ports with process info:

netstat -tulnp

Sample output:


Proto Recv-Q Send-Q Local Address   Foreign Address State    PID/Program name
tcp   0      0 127.0.0.1:3306       0.0.0.0:*       LISTEN   1234/mysqld

6. Modern Alternative: ss

Modern Linux systems use ss for faster, richer socket inspection:

ss -tuln

ss -p

7. Practical Tips and Use Cases

Use -p to identify which process owns a port
Check for unnecessary open ports during security audits
Skip hostname resolution with -n to improve performance

8. Conclusion

netstat remains a valuable tool for network diagnostics, despite being replaced by ss in many distributions. Its ability to list open ports, view process associations, and display routing information makes it essential for system administrators. Mastering netstat builds a strong foundation for managing Linux network security and performance.