netstat - Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships
By default, netstat displays a list of open sockets. If you don't specify any address families, then the active sockets of all configured address families will be printed.
We shall exercise some examples to make it more clear.
1. List all connections to the system(Listening/ Non-listening)
nestat -a
Prompt~> netstat -a|head
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:10091 *:* LISTEN
tcp 0 0 *:8235 *:* LISTEN
tcp 0 0 *:5515 *:* LISTEN
tcp 0 0 localhost:8363 *:* LISTEN
tcp 0 0 *:10092 *:* LISTEN
tcp 0 0 *:10220 *:* LISTEN
tcp 0 0 *:10380 *:* LISTEN
tcp 0 0 *:6700 *:* LISTEN
unix 3 [ ] STREAM CONNECTED 3627
unix 3 [ ] STREAM CONNECTED 3626
unix 2 [ ] DGRAM 6333
unix 2 [ ] DGRAM 6298
unix 3 [ ] STREAM CONNECTED 5873 /var/run/dbus/system_bus_socket
2. List all listening connetions only
netstat -l
Prompt:~> netstat -l|head
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:10091 *:* LISTEN
tcp 0 0 *:8235 *:* LISTEN
tcp 0 0 *:5515 *:* LISTEN
tcp 0 0 localhost:8363 *:* LISTEN
tcp 0 0 *:10092 *:* LISTEN
tcp 0 0 *:10220 *:* LISTEN
tcp 0 0 *:10380 *:* LISTEN
tcp 0 0 *:6700 *:* LISTEN
3. List all listening connetions using TCP protocol only
netstat -lt
Prompt:~> netstat -lt|head
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:10091 *:* LISTEN
tcp 0 0 *:8235 *:* LISTEN
tcp 0 0 *:5515 *:* LISTEN
tcp 0 0 localhost:8363 *:* LISTEN
tcp 0 0 *:10092 *:* LISTEN
tcp 0 0 *:10220 *:* LISTEN
tcp 0 0 *:10380 *:* LISTEN
tcp 0 0 *:6700 *:* LISTEN
Similarly to list all listening ports/connections with UDP protocol, use:
netstat -lu
4. To list all listening Unix ports only
netstat -lx
Prompt:~> netstat -lx
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 6324 /var/run/rpcbind.sock
unix 2 [ ACC ] STREAM LISTENING 8242 public/cleanup
unix 2 [ ACC ] STREAM LISTENING 8247 private/rewrite
unix 2 [ ACC ] STREAM LISTENING 8250 private/bounce
unix 2 [ ACC ] STREAM LISTENING 8253 private/defer
unix 2 [ ACC ] STREAM LISTENING 8256 private/trace
unix 2 [ ACC ] STREAM LISTENING 8259 private/verify
unix 2 [ ACC ] STREAM LISTENING 8262 public/flush
unix 2 [ ACC ] STREAM LISTENING 8268 private/proxymap
unix 2 [ ACC ] STREAM LISTENING 8271 private/smtp
unix 2 [ ACC ] STREAM LISTENING 8275 private/relay
unix 2 [ ACC ] STREAM LISTENING 8278 public/showq
unix 2 [ ACC ] STREAM LISTENING 8281 private/error
unix 2 [ ACC ] STREAM LISTENING 8284 private/discard
unix 2 [ ACC ] STREAM LISTENING 8287 private/local
unix 2 [ ACC ] STREAM LISTENING 1691202302 /var/run/nscd/socket
Here the output contains following fields:
Proto
The protocol (tcp(t), udp(u), raw(w), unix(x)) used by the socket.
Recv-Q
The count of bytes not copied by the user program connected to this socket.
Send-Q
The count of bytes not acknowledged by the remote host.
Local Address
Address and port number of the local end of the socket. Unless the --numeric (-n) option is specified, the socket address is resolved to its canonical host name (FQDN), and the port number is translated into the corresponding service name.
Foreign Address
Address and port number of the remote end of the socket. Analogous to "Local Address."
State
The state of the socket. Since there are no states in raw mode and usually no states used in UDP, this column may be left blank. Normally this can be one of several values:
5. To list all UDP ports/connections:
netstat -au
Prompt:~> netstat -au
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 *:ns *:*
udp 0 0 *:826 *:*
udp 0 0 *:58307 *:*
udp 0 0 shankarPC:46062 *:*
udp 0 0 *:44240 *:*
udp 0 0 *:ndm-requester *:*
6. To display summary statistics of each protocol
netstat -s<protocol>
Protocol can be t(TCP), u(UDP), w(raw).
user@ShankarPC:~> netstat -sw|more
Ip:
4690609546 total packets received
26 with invalid addresses
0 forwarded
0 incoming packets discarded
4672343058 incoming packets delivered
4909466525 requests sent out
1314 outgoing packets dropped
Icmp:
19641996 ICMP messages received
10608 input ICMP message failed.
ICMP input histogram:
destination unreachable: 6780867
timeout in transit: 2423442
echo requests: 10437166
echo replies: 466
timestamp request: 11
address mask request: 33
10638001 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 200056
echo request: 766
echo replies: 10437166
timestamp replies: 11
IcmpMsg:
8. To get the PID and the program name to which the socket belogs, we can use -p option.
netstat -p
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost:tcp-id-port localhost:50585 ESTABLISHED 4900/ptserver
tcp 0 0 localhost:44176 localhost:tcp-id-port ESTABLISHED 7322/strs
tcp 0 0 localhost:52453 localhost:tcp-id-port ESTABLISHED 28135/strs
tcp 0 0 ShankarPC:55708 tpxddi30:mcs-calypsoicf ESTABLISHED -
tcp 0 0 ShankarPC:39901 shankyPC:cft-5 ESTABLISHED -
tcp 1 0 ShankarPC:48930 shankyPC:cft-5 CLOSE_WAIT 11962/ManagementGat
tcp 0 0 localhost:52463 localhost:tcp-id-port ESTABLISHED 28135/strs
tcp 0 0 ShankarPC:10910 192.168.44.45:42355 TIME_WAIT -
tcp 0 0 localhost:tcp-id-port localhost:60515 ESTABLISHED 4900/ptserver
tcp 1 0 ShankarPC:57402 shankyPC:cft-5 CLOSE_WAIT 12587/SomeServer
tcp 0 0 localhost:tcp-id-port localhost:52318 ESTABLISHED 4900/ptserver
tcp 0 0 ShankarPC:50781 shankyPC:cft-5 ESTABLISHED 15271/SomeServer
tcp 0 0 localhost:tcp-id-port localhost:43753 ESTABLISHED 4900/ptserver
| 
What is runlevel in Linux? 
Some funny and cool commands in Linux 
lwp-download: A command in linux to downlaod large files from internet 
Guide for working with zipped and archived files in Linux/AIX