Avoid expensive production outages

Self-Hosted AI Code Reviewer

Hexmos LiveReview AI-Powered Code Review
Live Review
AI-Powered Code Review

Netstat Cheatsheet - View Listening Ports & Network Connections

Master netstat with our cheatsheet. Learn to view listening ports, network connections, and process information. Essential for network troubleshooting.

Netstat Cheatsheet

Netstat Cheatsheet: Understanding Network Connections

The netstat command is a powerful command-line utility for displaying network connections, listening ports, Ethernet statistics, the IP routing table, IPv4 statistics (for IP, ICMP, TCP, and UDP protocols), and network adapter statistics. This cheatsheet focuses on using netstat to identify active network services and troubleshoot connectivity issues.

Viewing Listening Ports

To see which ports are actively listening for incoming connections, you can use the following command. This is crucial for identifying which applications are running network services on your system.

Command to Show Listening Ports

This command displays TCP and UDP ports that are in a LISTEN state, along with the associated process ID (PID) and program name.

netstat -tulpn
Example Output:

The output below shows active internet connections that are listening. Each line details the protocol (TCP/UDP), receive/send queues, local address and port, foreign address and port, state, and the PID/program name.

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      420/sshd
tcp6       0      0 :::9100                 :::*                    LISTEN      402/node_exporter
tcp6       0      0 :::35955                :::*                    LISTEN      405/promtail
tcp6       0      0 :::22                   :::*                    LISTEN      420/sshd
tcp6       0      0 :::9080                 :::*                    LISTEN      405/promtail
udp        0      0 0.0.0.0:36345           0.0.0.0:*                           279/avahi-daemon: r
udp        0      0 0.0.0.0:68              0.0.0.0:*                           401/dhcpcd
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           279/avahi-daemon: r
udp6       0      0 :::59354                :::*                                279/avahi-daemon: r
udp6       0      0 :::5353                 :::*                                279/avahi-daemon: r

Understanding Netstat Output

  • Proto: Protocol used (TCP or UDP).
  • Local Address: The IP address and port number on the local machine. 0.0.0.0 means it's listening on all available network interfaces. ::: indicates an IPv6 address.
  • Foreign Address: The IP address and port number of the remote machine. For listening sockets, this is usually :*.
  • State: The state of the socket (e.g., LISTEN, ESTABLISHED, CLOSE_WAIT).
  • PID/Program name: The Process ID and name of the program that owns the socket. This is invaluable for identifying which application is using a specific port.

Common Netstat Options

  • -t: Show TCP connections.
  • -u: Show UDP connections.
  • -l: Show only listening sockets.
  • -p: Show the PID and name of the program to which each socket belongs.
  • -n: Show numerical addresses instead of trying to determine symbolic host, port or user names.

Further Resources

← Back to cmd cheatsheets All cheatsheets 🙏  Credits & Acknowledgments