Linux guide to the netstat command: netstat cheat sheet

netstat is used to list out all the network(socket) connections of a system and it is a very useful tool for checking system safety.

Here is the list of all the possible flags that we can use with the netstat command.

Flags

-a list all connection
-n disable DNS lookup
-t list only TCP connection
-u listen only to UDP connection
-l to view only listening port
-p process details of the connection. Root privilege is needed for this option
-s print total packet received and transmitted by protocols
-i interface name
-ie to print a human-friendly version of the interface

netstat -a List all the connection
netstat -at List only TCP connection
netstat -au List only UDP connection
netstat -an List all connections. -n option disable DNS name lookup. So it provides faster output.
netstat -an | grep ESTABLISHED find only established connection.
netstst -aple | grep ntp to check any running program like NTP, SMTP, HTTP, etc.

The netstat output provides four basic columns.

✡️ Proto, Local Address, Foreign Address, and State

1. Proto

The name of the protocol (TCP or UDP)

2. Local Address

0.0.0.0:566 means the port(566) is listening on all network interfaces
127.0.0.1 port is only listening for connections from the PC itself. PC regularly does connect itself for IPC or administrative tasks.
Public IP(226.178.2.3:4567) It means the port is only listening for the connection from the internet
Local IP(192.168.0.1). Port is only listening for the connection from the local network

3. Foreign Address

The IP address and port number of the remote computer.

4. State

Wildcards

Asterisk(*) as a wildcard means any

If the port is yet not established, the port number is shown as an asterisk( * )
*:* The connection can come from any IP address and originate from any port
*.* All IPv4 addresses
[::] All IPv6 addresses