Learn to use netstat by example
Netstat lists network statistics.
Examples are on Dublin. For the infrastructure information see this diagram.jpg
1. To show the state of the
configured interfaces, enter:
$ netstat -i
Kernel Interface table
eth0 Link encap:Ethernet HWaddr 00:B0:D0:D8:FE:09
inet addr:132.177.8.28 Bcast:132.177.8.127 Mask:255.255.255.128
inet6 addr: fe80::2b0:d0ff:fed8:fe09/10 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:108036 errors:0 dropped:0 overruns:0 frame:0
TX packets:10676 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:5 Base address:0xe880
eth1 Link encap:Ethernet HWaddr 00:C0:F0:6A:56:51
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::2c0:f0ff:fe6a:5651/10 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:31115 errors:1 dropped:0 overruns:0 frame:0
TX packets:59252 errors:2 dropped:0 overruns:0 carrier:2
collisions:0 txqueuelen:100
Interrupt:10 Base address:0x4c00
eth2 Link encap:Ethernet HWaddr 00:C0:F0:6A:6D:0C
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::2c0:f0ff:fe6a:6d0c/10 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:11 Base address:0x6800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
This acts like command "ifconfig" does.
2. To show the routing tables, enter:
$ netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.1 * 255.255.255.255 UH 40 0 0 eth2
dublin.cs.unh.e * 255.255.255.255 UH 40 0 0 eth0
192.168.2.1 * 255.255.255.255 UH 40 0 0 eth1
132.177.8.0 * 255.255.255.128 U 40 0 0 eth0
192.168.3.0 192.168.2.2 255.255.255.0 UG 40 0 0 eth1
192.168.2.0 * 255.255.255.0 U 40 0 0 eth1
192.168.1.0 * 255.255.255.0 U 40 0 0 eth2
127.0.0.0 * 255.0.0.0 U 40 0 0 lo
default phub0.cs.unh.ed 0.0.0.0
"netstat -r" acts the same as command "route"
3. To show the routing tables with network
addresses, enter:
$ netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.1 0.0.0.0 255.255.255.255 UH 40 0 0 eth2
132.177.8.28 0.0.0.0 255.255.255.255 UH 40 0 0 eth0
192.168.2.1 0.0.0.0 255.255.255.255 UH 40 0 0 eth1
132.177.8.0 0.0.0.0 255.255.255.128 U 40 0 0 eth0
192.168.3.0 192.168.2.2 255.255.255.0 UG 40 0 0 eth1
192.168.2.0 0.0.0.0 255.255.255.0 U 40 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 40 0 0 eth2
127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo
0.0.0.0 132.177.8.4 0.0.0.0
4. Tooproduce the default
display for network connections, enter:
$netstat
The resulting display might include the following headings:
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 126 dublin.cs.unh.ed:telnet lava.cs.unh.edu:50600 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 9 [ ] DGRAM 581 /dev/log
unix 2 [ ] DGRAM 4266
unix 2 [ ] DGRAM 2296
unix 2 [ ] DGRAM 1937
unix 2 [ ] DGRAM 1534
unix 2 [ ] DGRAM 1196
unix 2 [ ] DGRAM 1028
unix 2 [ ] DGRAM 683
unix 2 [ ] STREAM CONNECTED 309
5.Display multicast group memberships. enter
$ netstat -g
IPv6/IPv4 Group Memberships
Interface RefCnt Group
--------------- ------ ---------------------
lo 1 ALL-SYSTEMS.MCAST.NET
eth0 1 ALL-SYSTEMS.MCAST.NET
eth1 1 ALL-SYSTEMS.MCAST.NET
eth2 1 ALL-SYSTEMS.MCAST.NET
lo 1 0:2ff::100:0
eth0 1 0:2ff::100:0:9fe:d8ff
eth0 1 0:2ff::100:0
eth1 1 0:2ff::100:0:5156:6aff
eth1 1 0:2ff::100:0
eth2 1 0:2ff::100:0:c6d:6aff
eth2 1 0:2ff::100:0
6. display networking statistics (like SNMP),
enter
$ netstat -s
Ip:
52829 total packets received
603 forwarded
0 incoming packets discarded
44784 incoming packets delivered
70156 requests sent out
Icmp:
340 ICMP messages received
218 input ICMP message failed.
ICMP input histogram:
echo requests: 116
echo replies: 6
118 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 2
echo replies: 116
Tcp:
14 active connections openings
0 passive connection openings
0 failed connection attempts
0 connection resets received
2 connections established
44557 segments received
69802 segments send out
8435 segments retransmited
0 bad segments received.
1 resets sent
Udp:
230 packets received
2 packets to unknown port received.
0 packet receive errors
230 packets sent
error parsing /proc/net/snmp: Success
7. display masqueraded connections, enter
$ netstat -M
netstat: no support for `ip_masquerade' on this system.
8.Display in verbose mode
$ netstat -v
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 dublin.cs.unh.ed:telnet lava.cs.unh.edu:50600 ESTABLISHED
tcp 0 126 dublin.cs.unh.ed:telnet lava.cs.unh.edu:50781 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 10 [ ] DGRAM 581 /dev/log
unix 2 [ ] DGRAM 4448
unix 2 [ ] DGRAM 4266
unix 2 [ ] DGRAM 2296
unix 2 [ ] DGRAM 1937
unix 2 [ ] DGRAM 1534
unix 2 [ ] DGRAM 1196
unix 2 [ ] DGRAM 1028
unix 2 [ ] DGRAM 683
unix 2 [ ] STREAM CONNECTED 309
netstat: no support for `AF IPX' on this system.
netstat: no support for `AF AX25' on this system.
netstat: no support for `AF NETROM' on this system.
9. resolve hardware names
$ netstat -N
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 132.177.8.28:23 132.177.4.30:50600 ESTABLISHED
tcp 0 126 132.177.8.28:23 132.177.4.30:50781 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 10 [ ] DGRAM 581 /dev/log
unix 2 [ ] DGRAM 4448
unix 2 [ ] DGRAM 4266
unix 2 [ ] DGRAM 2296
unix 2 [ ] DGRAM 1937
unix 2 [ ] DGRAM 1534
unix 2 [ ] DGRAM 1196
unix 2 [ ] DGRAM 1028
unix 2 [ ] DGRAM 683
unix 2 [ ] STREAM CONNECTED 309
netstat -n means: don't resolve names.
10. display listening server sockets
$ netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:32768 *:* LISTEN
tcp 0 0 *:login *:* LISTEN
tcp 0 0 *:shell *:* LISTEN
tcp 0 0 *:printer *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:auth *:* LISTEN
tcp 0 0 *:ftp *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:telnet *:* LISTEN
udp 0 0 *:32768 *:*
udp 0 0 *:928 *:*
udp 0 0 *:amanda *:*
udp 0 0 *:sunrpc *:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 2498 /tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 2297 /dev/gpmctl
11. display timers
$ netstat -o
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
Timer
tcp 0 0 dublin.cs.unh.ed:telnet lava.cs.unh.edu:50600 ESTABLISHED
keepalive (4673.55/0/0)
tcp 0 132 dublin.cs.unh.ed:telnet lava.cs.unh.edu:50781 ESTABLISHED
on (0.30/0/0)
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 10 [ ] DGRAM 581 /dev/log
unix 2 [ ] DGRAM 4448
unix 2 [ ] DGRAM 4266
unix 2 [ ] DGRAM 2296
unix 2 [ ] DGRAM 1937
unix 2 [ ] DGRAM 1534
unix 2 [ ] DGRAM 1196
unix 2 [ ] DGRAM 1028
unix 2 [ ] DGRAM 683
unix 2 [ ] STREAM CONNECTED 309
12. display Forwarding Information Base (default)
$ netstat -F
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 dublin.cs.unh.ed:telnet lava.cs.unh.edu:50600 ESTABLISHED
tcp 0 126 dublin.cs.unh.ed:telnet lava.cs.unh.edu:50781 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 10 [ ] DGRAM 581 /dev/log
unix 2 [ ] DGRAM 4448
unix 2 [ ] DGRAM 4266
unix 2 [ ] DGRAM 2296
unix 2 [ ] DGRAM 1937
unix 2 [ ] DGRAM 1534
unix 2 [ ] DGRAM 1196
unix 2 [ ] DGRAM 1028
unix 2 [ ] DGRAM 683
unix 2 [ ] STREAM CONNECTED 309
13.display routing cache instead of FIB
$ netstat -C
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 dublin.cs.unh.ed:telnet lava.cs.unh.edu:50600 ESTABLISHED
tcp 0 126 dublin.cs.unh.ed:telnet lava.cs.unh.edu:50781 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 10 [ ] DGRAM 581 /dev/log
unix 2 [ ] DGRAM 4448
unix 2 [ ] DGRAM 4266
unix 2 [ ] DGRAM 2296
unix 2 [ ] DGRAM 1937
unix 2 [ ] DGRAM 1534
unix 2 [ ] DGRAM 1196
unix 2 [ ] DGRAM 1028
unix 2 [ ] DGRAM 683
unix 2 [ ] STREAM CONNECTED 309
For more information see man page
