Skip to main content

Network Monitoring Commands

netstat Command Examples

Netstat is one of the most common networking commands in Linux. Learn some useful examples of netstat in this tutorial.

The netstat is one of the most popular utilities to monitor connections over your network.

It allows you to easily monitor incoming and outgoing connections, listening ports, statistics, and more.

In this tutorial, I will show you some of the most examples of the netstat command on Linux.

1. Find all the listening ports

To find all the ports (TCP and UDP), you will have to append the -l flag with the netstat command: 

netstat -l
Find all the listening ports using the netstat command

2. List listening and non-listening ports

If you want to get a list of available sockets on your system, you can use the -a flag with the netstat command:

netstat -a
List listening and non-listening ports using the netstat command

Now, let's get to more specific ones.

3. Find TCP listening ports

If you want to list ports using TCP protocol and in the listening state, you will have to use -l flag for listening and -t flag for TCP connections:

netstat -lt
Find TCP listening ports using the netstat command on linux

4. Find UDP listening ports

To list every listening UDP port on your system, you will have to append -l and -u flag with the netstat command:

netstat -lu
find listening UDP ports on linux using netstat command

5. List all TCP port connections

If you want to list every socket using a TCP connection including listening and non-listening, use the -at flag with the netstat command:

netstat -at
List all TCP port connections

Want to know the difference between listening and an established state?

  • LISTENING means it is listening for incoming connections.
  • ESTABLISHED indicates that the socket has an established connection.

6. List all UDP connections

If you want to list every socket utilizing the UDP, you can use the combination of -a and -u flag:

netstat -au
List all UDP connections using the netstat command

7. Get a statistical summary of each protocol

This is one of the handiest features of netstat which allows you to find the number of connections established, the number of messages sent and received, and a lot more.

To get a summary of each protocol, all you need to do is append the -s flag:

netstat -s
Get a statistical summary of each protocol using the netstat command

But what if you want statistics on specific protocols? Here's how you do it.

8. Get statistics for a specific connection

Let's start with the TCP.

To get the statistics of TCP connections, all you need to do is use the -s and -t flag with the netstat command:

netstat -st
get statistics for TCP connections using the netstat command

Similarly, if you want the same for UDP, you will have to use the -su flag:

netstat -su
get statistics for UDP connections using the netstat command on linux

9. Get raw network statistics

If you are looking for raw data rather than filtered one, it can easily be produced using the -s (for statistics) and --raw (for raw):

netstat -s --raw
get raw network statistics using the netstat command

10. Find services with PID

If you are into troubleshooting, getting the PID of the service can be very handy. To get PID, all you need to do is use the -p flag:

sudo netstat -p
get PID of network services using the netstat command

11. Find a specific listening service on the network

To find a specific listening, you can use the grep command which makes a killer combination while troubleshooting.

So let's suppose, I want to look for an HTTPS service on listening state which can be done through the following command:

sudo netstat -apl | grep -w https
Find a specific listening service on network using the netstat command

Want to know how to get more out of grep? you can refer to our detailed guide on that topic:

Explained: What is Grep Command in Linux?
Grep is perhaps one of the most used commands in Linux. Learn why it was created and how it s used in this explainer article.
Linux HandbookChristopher Murray

12. Show transactions of network interfaces

The netstat utility can also be used to list available network interfaces and to get transactions of each one.

For that, all you need to do is append the -i flag to the netstat:

netstat -i
Show network interfaces using the netstat command on linux

13. Monitor the network continuously using the netstat command

If you want to monitor the network continuously, you can do it with -c the option:

netstat -c
Monitor the network continuously using the netstat command

You can use appropriate flags such as -lt with -c and it will look for listening TCP connections continuously:

netstat -ltc
monitor listening ports continuesly using the netstat command

Pretty handy. Right?

More on Networking in Linux

If you have just started your carries or studies on networking, we have a detailed guide on most basic networking commands:

21 Basic Linux Networking Commands You Should Know
It’s not every day at It’s FOSS that we talk about the “command line side” of Linux. But as some of you readers pointed out in the internal survey (exclusive for It’s FOSS newsletter subscribers), you would also like to learn some command line tricks. So I
It's FOSSSagar Sharma

Want to know more about ports? We got you covered on that too:

Common Networking Port Numbers in Linux
Here are the common networking ports you’ll encounter in Linux.
Linux HandbookSagar Sharma

That was it from my side. And if you have any doubts or have tips for beginners, you can share your precious knowledge through the comments.

Sagar Sharma
Sagar Sharma

A software engineer who loves to tinker with hardware till it gets crashed. While reviving my crashed system, you can find me reading literature, manga, or watering my plants.