netstat is used to list out all the network(socket) connections of a system. It is a very useful tool for checking system safety.
Here is the list of all the possible flags that we can use with the
-alist all connection
-ndisable DNS lookup
-tlist only TCP connection
-ulisten only UDP connection
-lto view only listening port
-pprocess details of the connection. Root privilege is needed for this option
-sprint total packet received and transmitted by protocols
-ieto print a human-friendly version of the interface
netstat -aList all the connection
netstat -atList only TCP connection
netstat -auList only UDP connection
netstat -anList all connections.
-noption disable DNS name lookup. So it provides faster output.
netstat -an | grep ESTABLISHEDfind only established connection.
netstst -aple | grep ntpto check any running program like NTP, SMTP, HTTP, etc.
netstat output provides four basic columns.
Proto, Local Address, Foreign Address and State
- Proto: The name of the protocol (TCP or UDP)
- Local Address:
0.0.0.0:566means the port
(566)is listening on all network interfaces
127.0.0.1port is only listening for connections from the PC itself. PC regularly does connect itself for IPC or administrative tasks.
Public IP(184.108.40.206:4567)It means the port is only listening for the connection from the internet
Local IP(192.168.0.1). Port is only listening for the connection from the local network
- Foreign Address: The IP address and port number of the remote computer.
LISTENINGThe port is open and listening for inbound connection
ESTABLISHEDThe connection is active between the two machines
TIMED_WAITThe connection has recently ended
SYN_SEND, SYN_RECEIVEDappears during initial connection setup
FIN_WAIT, CLOSE_WAIT, LAST_ACKAppear while a connection is being closed
*) as a wildcard means as follows:
- If the port is not yet established, the port number is shown as an asterisk(
*:*The connection can come from any IP address and originate from any port
*.*All IPv4 addresses
[::]All IPv6 addresses
Leave a comment