netstat command is a highly useful network tool in Linux systems, providing statistics on the network system, including network connections, routing tables, interface status, masquerade connections, and multicast membership. It is an essential tool for diagnosing network issues and configuration problems.
Basic Usage of the netstat Command
When using the netstat command, you can view different network data by adding various options. For example:
-a: Show all connections and listening ports-t: Display only TCP connections-u: Display only UDP connections-n: Show IP addresses and port numbers instead of attempting to resolve hostnames and service names-p: Show which process is using which socket
Viewing All Established TCP Connections
If you want to view all established TCP connections, you can use the following command:
netstat -nat | grep ESTABLISHED
Here's the explanation of the options:
-n: Use numeric addresses and port numbers instead of attempting to resolve domain names and service names.-t: Specify to display only TCP connections.grep ESTABLISHED: Filters to display connections with the statusESTABLISHED, which are already established connections.
Example
Suppose after running the above command, you might see the following output:
tcp 0 0 192.168.1.5:51672 203.0.113.76:443 ESTABLISHED tcp 0 0 192.168.1.5:51673 198.51.100.5:22 ESTABLISHED
This indicates that your machine (with IP address 192.168.1.5) has established TCP connections with the machine at IP address 203.0.113.76 on port 443 (typically HTTPS service) and the machine at IP address 198.51.100.5 on port 22 (typically SSH service).
By using such commands and examining the output, system administrators can quickly identify which services are communicating with external devices, enabling further network security analysis and troubleshooting.