Basics of netstat
Network Security / September 15, 2015 • 1 min read
Netstat is a network tool available in most versions of Windwos, Mac OS X and Linux. You can use Netstat to view network information and statistics about the network you are currently connected to.
You could view information about incoming/outgoing connections, routing table, protocol statistics and interfaces.
On linux netstat has been deprecated, the command
ss should be used instead. The difference between the two is that
ss can display more information about TCP and connection states.
Running netstat is as simple as writing
netstat in your terminal. You should have some like this:
But what does the output mean? I’ll walk you through it.
Indicates which protocol is being used, TCP or UDP for example.
How many bytes the receiver has in their buffer not yet copied by the user program.
Amount of bytes sent but not acknowledged by the remote host.
The port number and address of the local socket. Unless the
-n argument is passed the address is translated to its FQDA and port number is translated to its corresponding service.
Address and port number of remote host. (See local address)
The current state of the socket.
List all ports
List all tcp ports
List all udp ports
List only listening ports
Show statistics for all ports
Netstat can be a great tool for identifying bottlenecks or checking for malicious incoming/outgoing connections. The Recv/Send queue can be great for network programmers to see if any bytes get stuck. Netstat could also be used for forensic analysis.