Ubuntu netstat Command: View Network Connection Status

Ubuntu常用命令 Ubuntu netstat命令 Linux网络工具 查看网络连接 netstat使用教程 端口占用排查 2025-12-19 0 views

In Ubuntu systems, we often need to check network connection status, troubleshoot network issues, or understand current network activities. At this point, the netstat command comes in handy. It is a powerful network tool that can display all network connections, routing tables, interface statistics, and key network data such as listening ports in the system.

1. Install netstat (if needed)

Ubuntu may not have the netstat command installed by default because it belongs to the net-tools tool package. If executing netstat prompts “command not found”, please install it first:

sudo apt update && sudo apt install net-tools

2. Basic Syntax of netstat

The basic syntax of netstat is:

netstat [options] [protocol/parameters]

Common options (parameters) and their functions are described below, with simple examples for each option:

3. Common Parameters and Examples

1. Show all connections (-a)

  • Function: Display all network connections in the system (including TCP, UDP, established, listening, closed, etc.).
  • Command: netstat -a
  • Description: The output is quite detailed, including local address, foreign address, connection state, etc. For example:
  Active Internet connections (servers and established)
  Proto Recv-Q Send-Q Local Address           Foreign Address         State
  tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN
  tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
  tcp        0      52 192.168.1.100:22        192.168.1.101:54321     ESTABLISHED

2. Show only TCP protocol connections (-t)

  • Function: Filter out all TCP protocol connections (ignore other protocols like UDP).
  • Command: netstat -t
  • Description: To view listening TCP connections, combine with the -l (listening) parameter: netstat -tl

3. Show only UDP protocol connections (-u)

  • Function: Only display UDP protocol connections (commonly used for troubleshooting UDP services like DNS, NTP).
  • Command: netstat -u

4. Display ports and IPs in numerical format (-n)

  • Function: Do not resolve IP addresses to hostnames or port numbers to service names (avoids DNS query delays and produces more concise output).
  • Command: netstat -tn (for TCP) or netstat -un (for UDP)
  • Description: For example, port 80 will be displayed as “80” instead of “http”, and IP addresses will be in numerical format (e.g., 192.168.1.100).

5. Show process ID and program name (-p)

  • Function: Check which process is occupying a specific port or connection (requires root privileges).
  • Command: sudo netstat -tunp
  • Description: Regular users may not see process information when executing this command; use sudo. For example:
  tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      1234/mysqld

Here, 1234/mysqld indicates that the MySQL process (PID 1234) is occupying port 3306.

6. Show routing table (-r)

  • Function: View the system’s routing rules (determine how packets are forwarded to other networks).
  • Command: netstat -r
  • Description: Commonly used for troubleshooting network connectivity or routing configuration issues.

4. Practical Application Scenarios

1. Quickly check all listening ports

To find out which ports are listening for connections (e.g., port 80 for web services, port 22 for SSH):

sudo netstat -tuln
  • -t: TCP listening ports
  • -u: UDP listening ports
  • -l: Listening state
  • -n: Numerical format
  • Output Example:
  Active Internet connections (only servers)
  Proto Recv-Q Send-Q Local Address           Foreign Address         State
  tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN
  tcp6       0      0 :::22                   :::*                    LISTEN
  udp        0      0 127.0.0.1:53            0.0.0.0:*

2. Troubleshoot if a specific port is occupied

For example, to confirm if port 80 is occupied by a web server (e.g., Apache):

sudo netstat -tulnp | grep 80
  • Description: If the output includes the LISTEN state, it indicates that port 80 is being monitored by a service.

3. View established TCP connections

To understand current established connections between the system and external devices (e.g., SSH connections to remote servers):

netstat -tan | grep ESTABLISHED
  • -a: All connections
  • -n: Numerical format
  • grep ESTABLISHED: Only display established connection states

5. Summary

netstat is a basic tool for Ubuntu network management. Mastering the following core usages can handle most scenarios:
- View listening ports: sudo netstat -tuln
- View processes occupying ports: sudo netstat -tunp
- View TCP connections: netstat -tan (or combine with grep to filter states)
- View routing table: netstat -r

For more detailed network analysis, you can further filter data by combining with tools like grep and awk. Remember that adding sudo is necessary when using the -p parameter to obtain process information, which is a key step in troubleshooting port occupancy issues.

Related Articles

Ubuntu Newbie Guide: How to Use the cd Command? 2025-12-19 Nanny-Level Tutorial: Detailed Explanation of the ls Command in Ubuntu 2025-12-19 Essential Ubuntu: Using the pwd Command to View Current Directory Path 2025-12-19 Quick Start: Creating Folders with Ubuntu mkdir 2025-12-19 Ubuntu rm Command: The Correct Way to Delete Files/Directories 2025-12-19
Xiaoye