netstat displays network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. On Linux, netstat (part of “net-tools”) is deprecated, ss@man (part of iproute2) should be used instead of netstat@man.
# output '-n/--numeric' numerical addresses instead of trying to resolve to names '-c/--continuous [delay]' print the selected information every second continuously '-p/--program' Show the PID and name of the program to which each socket belongs # filter by protocol and state '-t' only tcp, '-u' only udp, '-w' only raw, '-x' only unix '-l' only listening, '-a' all sockets # show open sockets, default $ netstat -a or ss -a # show stats, '-s/--statistics [delay]' $ netstat -s or ss -s
ss [ OPTIONS ] [ FILTER ] 'state|exclude [state]' where state is established|syn-sent|syn-recv|fin-wait-1|fin-wait-2|time-wait|closed|close-wait|last-ack|listen|closing|all|connected(all except listen and closed)|synchronized(connected states except syn-sent) 'dst|src prefix:port' filter by src/dst where both prefix and port are optional, e.g.: dst 10.0.0.1/32 'sport|dport >= :num' filter by port expression (>=,<=,=,!=), e.g.: dport != :22 # show all established HTTP connections $ ss -o state established '( dport = :http or sport = :http )' # find all local processes connected To X server $ ss -x src /tmp/.X11-unix/* # show all TCP sockets in state FIN-WAIT-1 for our httpd to network 10.0.0.0/8 $ ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 10.0.0.0/8