Netstat command and usage

Netstat is not just command. It is tool that displays network statistics.

Command/Tool is applicable on Windows operating systems as well as on Linux. Only thing in netstat on those two systems could switch to command, which gives you addition info.

I`ll stick to common used switches.

Fist netstat -h will display all available switches. Type this command from terminal in Linux or command prompt in Windows:

test@ubuntu:~$ netstat -h
usage: netstat [-vWeenNcCF] [<Af>] -r         netstat {-V|–version|-h|–help}
netstat [-vWnNcaeol] [<Socket> …]
netstat { [-vWeenNac] -i | [-cWnNe] -M | -s }

-r, –route              display routing table
-i, –interfaces         display interface table
-g, –groups             display multicast group memberships
-s, –statistics         display networking statistics (like SNMP)
-M, –masquerade         display masqueraded connections

-v, –verbose            be verbose
-W, –wide               don’t truncate IP addresses
-n, –numeric            don’t resolve names
–numeric-hosts          don’t resolve host names
–numeric-ports          don’t resolve port names
–numeric-users          don’t resolve user names
-N, –symbolic           resolve hardware names
-e, –extend             display other/more information
-p, –programs           display PID/Program name for sockets
-c, –continuous         continuous listing

-l, –listening          display listening server sockets
-a, –all, –listening   display all sockets (default: connected)
-o, –timers             display timers
-F, –fib                display Forwarding Information Base (default)
-C, –cache              display routing cache instead of FIB

<Socket>={-t|–tcp} {-u|–udp} {-w|–raw} {-x|–unix} –ax25 –ipx –netrom
<AF>=Use ‘-6|-4’ or ‘-A <af>’ or ‘–<af>’; default: inet
List of possible address families (which support routing):
inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25)
netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP)
x25 (CCITT X.25)
***This output is from Linux Ubuntu and can be different then in Windows

In order to find all ports listening on your device as well as all TCP connections established, please use netstat -a (-a = all).

Also very useful syntax is netstat -e, on Windows  or -i on Linux. Both can be combined with -s (statistics) switch.

ddzodan@ubuntu:~$ netstat -s
Ip:
3100 total packets received
3 with invalid addresses
0 forwarded
0 incoming packets discarded
3097 incoming packets delivered
1946 requests sent out
4 outgoing packets dropped
Icmp:
9 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
destination unreachable: 8
echo requests: 1
9 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 8
echo replies: 1
IcmpMsg:
InType3: 8
InType8: 1
OutType0: 1
OutType3: 8
Tcp:
75 active connections openings
2 passive connection openings
46 failed connection attempts
6 connection resets received
0 connections established
2494 segments received
1722 segments send out
0 segments retransmited
0 bad segments received.
55 resets sent
Udp:
267 packets received
8 packets to unknown port received.
0 packet receive errors
280 packets sent
IgnoredMulti: 381
UdpLite:
TcpExt:
3 TCP sockets finished time wait in fast timer
50 delayed acks sent
1 packets directly queued to recvmsg prequeue.
1853 bytes directly received in process context from prequeue
1555 packet headers predicted
17 acknowledgments not containing data payload received
210 predicted acknowledgments
6 connections reset due to early user close
TCPRcvCoalesce: 822
TCPOrigDataSent: 229
IpExt:
InMcastPkts: 21
OutMcastPkts: 23
InBcastPkts: 381
InOctets: 5212381
OutOctets: 137644
InMcastOctets: 3393
OutMcastOctets: 3473
InBcastOctets: 30171
InNoECTPkts: 4847

***This output is from Linux Ubuntu and can be different then in Windows where netstat -es can be used.

Just one more. You can use -r for displaying routing table

C:\Users\usertest>netstat -r
===========================================================================
Interface List
17…54 e1 83 6a 81 15 ……Check Point Virtual Network Adapter For Endpoint VPN Client
16…88 ae 1d ab 8b 63 ……Intel(R) 82577LM Gigabit Network Connection
15…00 27 10 15 e7 e8 ……Intel(R) Centrino(R) Advanced-N 6200 AGN
12…70 f3 95 80 66 9e ……Bluetooth Device (Personal Area Network)
13…0a 00 27 00 00 00 ……VirtualBox Host-Only Ethernet Adapter
24…00 50 56 c0 00 01 ……VMware Virtual Ethernet Adapter for VMnet1
25…00 50 56 c0 00 08 ……VMware Virtual Ethernet Adapter for VMnet8
1………………………Software Loopback Interface 1
26…00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
19…00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
21…00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
14…00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
28…00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
27…00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
29…00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7
23…00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #8
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
0.0.0.0          0.0.0.0     172.30.218.1    172.30.218.87     25
127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
172.30.218.0    255.255.255.0         On-link     172.30.218.87    281
172.30.218.87  255.255.255.255         On-link     172.30.218.87    281
172.30.218.255  255.255.255.255         On-link     172.30.218.87    281
192.168.56.0    255.255.255.0         On-link      192.168.56.1    266
192.168.56.1  255.255.255.255         On-link      192.168.56.1    266
192.168.56.255  255.255.255.255         On-link      192.168.56.1    266
192.168.80.0    255.255.255.0         On-link      192.168.80.1    276
192.168.80.1  255.255.255.255         On-link      192.168.80.1    276
192.168.80.255  255.255.255.255         On-link      192.168.80.1    276
192.168.169.0    255.255.255.0         On-link     192.168.169.1    276
192.168.169.1  255.255.255.255         On-link     192.168.169.1    276
192.168.169.255  255.255.255.255         On-link     192.168.169.1    276
224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
224.0.0.0        240.0.0.0         On-link      192.168.56.1    266
224.0.0.0        240.0.0.0         On-link     172.30.218.87    281
224.0.0.0        240.0.0.0         On-link     192.168.169.1    276
224.0.0.0        240.0.0.0         On-link      192.168.80.1    276
255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
255.255.255.255  255.255.255.255         On-link      192.168.56.1    266
255.255.255.255  255.255.255.255         On-link     172.30.218.87    281
255.255.255.255  255.255.255.255         On-link     192.168.169.1    276
255.255.255.255  255.255.255.255         On-link      192.168.80.1    276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination      Gateway
1    306 ::1/128                  On-link
13    266 fe80::/64                On-link
15    281 fe80::/64                On-link
25    276 fe80::/64                On-link
24    276 fe80::/64                On-link
15    281 fe80::557:ad43:1c2d:e7d0/128
On-link
25    276 fe80::d37:fa87:c24a:f979/128
On-link
13    266 fe80::7160:7d29:413f:1d18/128
On-link
24    276 fe80::b99d:1f5d:568c:ca63/128
On-link
1    306 ff00::/8                 On-link
13    266 ff00::/8                 On-link
15    281 ff00::/8                 On-link
25    276 ff00::/8                 On-link
24    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
None

***This output is from Windows 7 and output can be different in Linux.

Please be welcome to explore netstat tool with single switch or combination of them and find best fitting information.

I hope this tutorial was informative to you and thank you for visiting this website. We are looking for your comments and suggestions.

Dejan Dzodan

Dejan Dzodan

IT professional for more then 15 years, mostly in financial institutions but with experience in ISP and retail. Proven in networking and overall infrastructure projects. Cisco instructor.

Leave a Reply

Your email address will not be published. Required fields are marked *


3 + 8 =