Hong's Tech Blog

Hong's Tech Blog

Cheatsheet & Examples: netstat

UpdatedAugust 12, 2025

•4 min read

I am a developer from Malaysia. I work with PHP most of the time, recently I fell in love with Go. When I am not working, I will be ballroom dancing :-)

Part of seriesCommon Tasks

netstat is a command-line tool used to display network connections, routing tables, interface statistics, and more. It helps monitor and troubleshoot network-related issues on a system.

Display all active network connections and their states

Example Usage:
netstat -a

What it does:
Shows all active network connections, including those in listening, established, and other states, along with their local and remote addresses.

Command-line Arguments Explained:

-a: Displays all connections (both listening and non-listening).
--all: Same as -a, but less commonly used.

Show listening ports and their associated process IDs

Example Usage:
sudo netstat -tulnp

What it does:
Lists TCP and UDP ports that are in a listening state, along with the process ID (PID) and program name using each port.

Command-line Arguments Explained:

-t: Show TCP connections.
-u: Show UDP connections.
-l: Display only listening ports.
-n: Show numerical addresses and port numbers instead of resolving them.
-p: Display the process ID (PID) and name associated with each connection.

Display network connections in numerical format

Example Usage:
netstat -n

What it does:
Shows connection addresses and port numbers in numerical form instead of resolving them to hostnames or service names.

Command-line Arguments Explained:

-n: Prevents DNS lookups and displays addresses and ports as numbers.
--numeric: Equivalent to -n.

Display protocol statistics

Example Usage:
netstat -s

What it does:
Provides detailed statistics for each network protocol (e.g., TCP, UDP, IP, ICMP) in use.

Command-line Arguments Explained:

-s: Displays protocol statistics (e.g., packets sent/received, errors).

Display the routing table

Example Usage:
netstat -r

What it does:
Shows the kernel's routing table, including the destination, gateway, netmask, and other routing information.

Command-line Arguments Explained:

-r: Displays the routing table.
--route: Same as -r.

Show interface statistics

Example Usage:
netstat -i

What it does:
Lists statistics for each network interface (e.g., packets transmitted/received, errors, collisions).

Command-line Arguments Explained:

-i: Displays interface statistics.
--interfaces: Same as -i.

Display detailed connection information

Example Usage:
netstat -e

What it does:
Shows extended information such as the user ID, PID, and other details for each connection.

Command-line Arguments Explained:

-e: Displays extended information.
--extend: Same as -e.

Show TCP connections only

Example Usage:
netstat -t

What it does:
Lists only TCP (Transmission Control Protocol) connections, including their states.

Command-line Arguments Explained:

-t: Filters to show only TCP connections.

Show UDP connections only

Example Usage:
netstat -u

What it does:
Lists only UDP (User Datagram Protocol) connections, which are connectionless and often used for streaming or broadcasting.

Command-line Arguments Explained:

-u: Filters to show only UDP connections.

Show connections with timestamps

Example Usage:
netstat -atv

What it does:
Displays active TCP connections along with timestamps for each connection, useful for analyzing idle or established connections.

Command-line Arguments Explained:

-t: TCP connections.
-a: All connections.
-v: Verbose output, including additional details.

Count established connections

Example Usage:
netstat -ant | grep ESTABLISHED | wc -l

What it does:
Counts the number of established TCP connections by filtering the output of netstat -ant (all TCP connections) for the "ESTABLISHED" state and piping to wc -l.

Command-line Arguments Explained:

-t: TCP connections.
-a: All connections.
-n: Numerical addressing.

Display all connections in a human-readable format

Example Usage:
netstat -atop

What it does:
Lists active TCP connections with process and port information, making it easier to interpret without numeric conversion.

Command-line Arguments Explained:

-t: TCP connections.
-a: All connections.
-o: Shows timers for each connection.
-p: Displays process information.

Show connections to a specific port (e.g., port 80)

Example Usage:
netstat -an | grep :80

What it does:
Filters and displays connections involving port 80 (HTTP) in numerical format.

Command-line Arguments Explained:

-a: All connections.
-n: Numerical addressing.
grep: A separate utility used to filter output by the port number.

Monitor network activity in real time

Example Usage:
netstat -antp --interval=1

What it does:
Updates network connection information every second, useful for real-time monitoring of active connections.

Command-line Arguments Explained:

-t: TCP connections.
-a: All connections.
-n: Numerical addressing.
-p: Process information.
--interval=1: Refreshes the output every 1 second.

Display connections with symbolic names

Example Usage:
netstat -a -p

What it does:
Shows connections with hostnames and service names resolved (if possible), which is the opposite of -n (numeric form).

Command-line Arguments Explained:

-a: All connections.
-p: Show process information.
--symbolic: Resolves hostnames and service names instead of using numeric values.

#cheatsheet #cli #netstat

16 views

Comments

Join the discussion

No comments yet. Be the first to comment.

Common Tasks

Part 46 of 50

Quick reference for performing common tasks in Linux/Mac OS.

Cheatsheet & Examples: awk

Basic Text Processing and Pattern MatchingExample Usage:awk '{ print }' file.txt What it does:Prints every line of the input file. Command-line Arguments Explained: { print }: The default awk script that outputs each line. file.txt: The inpu...

More from this blog

Da Ma Cai 大马彩 API

TL;DR Scarp draw result, host on GitHub, retrieve it like API at damacai.hongineer.com. Data Scraping I have previously shared a technique for scraping Da Ma Cai draw result. Now I finally have time t

Feb 26, 20261 min read17

Da Ma Cai 大马彩 API

Monitor MySQL Replication Status with a Bash Script

This is a Bash script that check if the replica (slave) health status. If there is an issue, it will exist with non-zero status. This is useful when used with monitoring tools like [Monit](https://mmo

Feb 24, 20262 min read15

Monitor MySQL Replication Status with a Bash Script

Cheatsheet & Examples: chmod

chmod is a command-line utility used to change the access permissions of file system objects such as files and directories. It allows you to control who can read, write, and execute those objects. Changing Permissions Using Octal Notation Example Usa...

Jan 23, 20263 min read9

Cheatsheet & Examples: chown

chown changes the ownership of files and directories. This involves modifying the user and/or group associated with a file, determining who has access and permissions. Changing File Ownership to a Specific User Example Usage: chown user file.txt What...

Jan 20, 20263 min read6

Cheatsheet & Examples: usermod

The usermod command modifies a user account's properties on a Linux system. It allows administrators to change various attributes associated with a user, such as the user's login name, home directory, shell, groups, and password expiry information. C...

Jan 16, 20263 min read11

Hong's Tech Blog

110 posts

The blog is older than you know. I prefer counting from the emergence of one integral anomaly to the emergence of the next, in which case this is the forth version.