netstat   -   Print  network  connections,  routing  tables,  interface
   statistics, masquerade connections, and multicast memberships


   netstat [address_family_options] [--tcp|-t]  [--udp|-u]  [--udplite|-U]
   [--sctp|-S]   [--raw|-w]  [--l2cap|-2]  [--rfcomm|-f]  [--listening|-l]
   [--all|-a]    [--numeric|-n]    [--numeric-hosts]     [--numeric-ports]
   [--numeric-users]       [--symbolic|-N]      [--extend|-e[--extend|-e]]
   [--timers|-o]    [--program|-p]    [--verbose|-v]     [--continuous|-c]

   netstat              {--route|-r}              [address_family_options]
   [--extend|-e[--extend|-e]]        [--verbose|-v]         [--numeric|-n]
   [--numeric-hosts] [--numeric-ports] [--numeric-users] [--continuous|-c]

   netstat    {--interfaces|-i}    [--all|-a]   [--extend|-e[--extend|-e]]
   [--verbose|-v]    [--program|-p]    [--numeric|-n]    [--numeric-hosts]
   [--numeric-ports] [--numeric-users] [--continuous|-c]

   netstat       {--groups|-g}       [--numeric|-n]      [--numeric-hosts]
   [--numeric-ports] [--numeric-users] [--continuous|-c]

   netstat      {--masquerade|-M}       [--extend|-e]       [--numeric|-n]
   [--numeric-hosts] [--numeric-ports] [--numeric-users] [--continuous|-c]

   netstat    {--statistics|-s}   [--tcp|-t]   [--udp|-u]   [--udplite|-U]
   [--sctp|-S] [--raw|-w]

   netstat {--version|-V}

   netstat {--help|-h}


   [-4|--inet]                                                [-6|--inet6]
   [--protocol={inet,inet6,unix,ipx,ax25,netrom,ddp,bluetooth,   ...  }  ]
   [--unix|-x] [--inet|--ip|--tcpip]  [--ax25]  [--x25]  [--rose]  [--ash]
   [--bluetooth] [--ipx] [--netrom] [--ddp|--appletalk] [--econet|--ec]


   This  program  is  mostly  obsolete.   Replacement  for  netstat is ss.
   Replacement for netstat -r is ip route.  Replacement for netstat -i  is
   ip -s link.  Replacement for netstat -g is ip maddr.


   Netstat  prints  information about the Linux networking subsystem.  The
   type of information printed is controlled by  the  first  argument,  as

   By  default,  netstat  displays  a  list of open sockets.  If you don't
   specify any address families, then the active sockets of all configured
   address families will be printed.

   --route, -r
   Display  the kernel routing tables. See the description in route(8) for
   details.  netstat -r and route -e produce the same output.

   --groups, -g
   Display multicast group membership information for IPv4 and IPv6.

   --interfaces, -i
   Display a table of all network interfaces.

   --masquerade, -M
   Display a list of masqueraded connections.

   --statistics, -s
   Display summary statistics for each protocol.


   --verbose, -v
   Tell the user what is going on by being verbose. Especially print  some
   useful information about unconfigured address families.

   --wide, -W
   Do not truncate IP addresses by using output as wide as needed. This is
   optional for now to not break existing scripts.

   --numeric, -n
   Show numerical addresses instead of trying to determine symbolic  host,
   port or user names.

   shows  numerical  host  addresses but does not affect the resolution of
   port or user names.

   shows numerical port numbers but does not affect the resolution of host
   or user names.

   shows  numerical user IDs but does not affect the resolution of host or
   port names.

   --protocol=family, -A
   Specifies the address families (perhaps better described as  low  level
   protocols)  for  which  connections are to be shown.  family is a comma
   (',') separated list of address family keywords like inet, inet6, unix,
   ipx,  ax25,  netrom,  econet,  ddp,  and  bluetooth.  This has the same
   effect as using the --inet|-4, --inet6|-6,  --unix|-x,  --ipx,  --ax25,
   --netrom, --ddp, and --bluetooth options.

   The  address  family  inet  (Iv4)  includes  raw,  udp, udplite and tcp
   protocol sockets.

   The address family bluetooth (Iv4) includes l2cap and  rfcomm  protocol

   -c, --continuous
   This  will cause netstat to print the selected information every second

   -e, --extend
   Display additional information.  Use  this  option  twice  for  maximum

   -o, --timers
   Include information related to networking timers.

   -p, --program
   Show the PID and name of the program to which each socket belongs.

   -l, --listening
   Show only listening sockets.  (These are omitted by default.)

   -a, --all
   Show  both  listening and non-listening sockets.  With the --interfaces
   option, show interfaces that are not up

   Print routing information from the FIB.  (This is the default.)

   Print routing information from the route cache.


   Active Internet connections (TCP, UDP, UDPLite, raw)
   The protocol (tcp, udp, udpl, raw) used by the socket.

   Established: The  count  of  bytes  not  copied  by  the  user  program
   connected  to  this socket.  Listening: Since Kernel 2.6.18 this column
   contains the current syn backlog.

   Established: The count of bytes not acknowledged by  the  remote  host.
   Listening: Since Kernel 2.6.18 this column contains the maximum size of
   the syn backlog.

   Local Address
   Address and port number of the local end of  the  socket.   Unless  the
   --numeric  (-n)  option is specified, the socket address is resolved to
   its canonical host name (FQDN), and the port number is translated  into
   the corresponding service name.

   Foreign Address
   Address  and port number of the remote end of the socket.  Analogous to
   "Local Address".

   The state of the socket. Since there are no  states  in  raw  mode  and
   usually  no  states  used  in  UDP and UDPLite, this column may be left
   blank. Normally this can be one of several values:

          The socket has an established connection.

          The socket is actively attempting to establish a connection.

          A connection request has been received from the network.

          The socket is closed, and the connection is shutting down.

          Connection is closed, and the socket is waiting for  a  shutdown
          from the remote end.

          The socket is waiting after close to handle packets still in the

   CLOSE  The socket is not being used.

          The remote end has shut down, waiting for the socket to close.

          The remote end has shut down, and the socket is closed.  Waiting
          for acknowledgement.

   LISTEN The  socket is listening for incoming connections.  Such sockets
          are  not  included  in  the  output  unless  you   specify   the
          --listening (-l) or --all (-a) option.

          Both  sockets are shut down but we still don't have all our data

          The state of the socket is unknown.

   The username or the user id (UID) of the owner of the socket.

   PID/Program name
   Slash-separated pair of the process id (PID) and process  name  of  the
   process  that  owns  the  socket.   --program  causes this column to be
   included.   You  will  also  need  superuser  privileges  to  see  this
   information  on sockets you don't own.  This identification information
   is not yet available for IPX sockets.

   (this needs to be written)

   Active UNIX domain Sockets
   The protocol (usually unix) used by the socket.

   The reference count (i.e. attached processes via this socket).

   The flags displayed is SO_ACCEPTON (displayed as ACC), SO_WAITDATA  (W)
   or  SO_NOSPACE  (N).   SO_ACCECPTON  is  used on unconnected sockets if
   their corresponding processes are waiting for a  connect  request.  The
   other flags are not of normal interest.

   There are several types of socket access:

          The socket is used in Datagram (connectionless) mode.

          This is a stream (connection) socket.

          The socket is used as a raw socket.

          This one serves reliably-delivered messages.

          This is a sequential packet socket.

          Raw interface access socket.

          Who ever knows what the future will bring us - just fill in here

   This field will contain one of the following Keywords:

   FREE   The socket is not allocated

          The socket is listening for a connection request.  Such  sockets
          are  only  included in the output if you specify the --listening
          (-l) or --all (-a) option.

          The socket is about to establish a connection.

          The socket is connected.

          The socket is disconnecting.

          The socket is not connected to another one.

          This state should never happen.

   PID/Program name
   Process ID (PID) and process name of the process that  has  the  socket
   open.   More  info  available  in  Active  Internet connections section
   written above.

   This is the path name as which the corresponding processes attached  to
   the socket.

   Active IPX sockets
   (this needs to be done by somebody who knows it)

   Active NET/ROM sockets
   (this needs to be done by somebody who knows it)

   Active AX.25 sockets
   (this needs to be done by somebody who knows it)


   /etc/services -- The services translation file

   /proc  --  Mount  point  for the proc filesystem, which gives access to
   kernel status information via the following files.

   /proc/net/dev -- device information

   /proc/net/raw -- raw socket information

   /proc/net/tcp -- TCP socket information

   /proc/net/udp -- UDP socket information

   /proc/net/udplite -- UDPLite socket information

   /proc/net/igmp -- IGMP multicast information

   /proc/net/unix -- Unix domain socket information

   /proc/net/ipx -- IPX socket information

   /proc/net/ax25 -- AX25 socket information

   /proc/net/appletalk -- DDP (appletalk) socket information

   /proc/net/nr -- NET/ROM socket information

   /proc/net/route -- IP routing information

   /proc/net/ax25_route -- AX25 routing information

   /proc/net/ipx_route -- IPX routing information

   /proc/net/nr_nodes -- NET/ROM nodelist

   /proc/net/nr_neigh -- NET/ROM neighbours

   /proc/net/ip_masquerade -- masqueraded connections

   /sys/kernel/debug/bluetooth/l2cap -- Bluetooth L2CAP information

   /sys/kernel/debug/bluetooth/rfcomm -- Bluetooth serial connections

   /proc/net/snmp -- statistics


   route(8), ifconfig(8), iptables(8), proc(5) ss(8) ip(8)


   Occasionally strange information may appear if a socket changes  as  it
   is viewed. This is unlikely to occur.


   The   netstat   user   interface   was   written   by  Fred  Baumgarten
   <>, the man  page  basically  by  Matt
   Welsh    <>.    It    was   updated   by   Alan   Cox
   <>,     updated     again     by      Tuan      Hoang
   <>.  The  man  page  and the command included in the
   net-tools   package   is   totally   rewritten   by   Bernd   Eckenfels
   <>.    UDPLite   options   were   added   by  Brian  Micek

More Linux Commands

ustat(2) - get file system statistics - Linux manual page...
ustat() returns information about a mounted filesystem. dev is a device number identifying a device containing a mounted filesystem. ubuf is a pointer to a usta

systemd-hybrid-sleep.service(8) System sleep state logic....
systemd-suspend.service is a system service that is pulled in by and is responsible for the actual system suspend. Similarly, systemd-hibernate.s

plymouth-set-default-theme(1) Set the plymouth theme........
When called with a THEME argument, the plymouth-set-default-theme command changes the preferred boot theme and also performs the necessary regeneration of the i

mgrep.1 - 301 Moved Permanently.......................

genpkey(1ssl) generate a private key - Linux manual page....
The genpkey command generates a private key. OPTIONS -out filename the output filename. If this argument is not specified then standard output is used. -outform

XkbFreeGeomOutlines(3) - Free geometry outlines (Man Page)
If free_all is True, all outlines are freed regardless of the value of first or count. Otherwise, count outlines are freed beginning with the one specified by f

wineconsole(1) - The Wine console - Linux manual page.......
wineconsole is the Wine console manager, used to run console commands and applications. It allows running the console either in the current terminal (curses) or

Tk_CanvasTagsOption(3) - utility procedures for canvas type
These procedures are called by canvas type managers to perform various utility functions. Tk_CanvasTkwin returns the Tk_Window associated with a particular canv

XFreeColors(3) - allocate and free colors - Linux man page
The XAllocColor function allocates a read-only colormap entry corresponding to the closest RGB value supported by the hardware. XAllocColor returns the pixel va

insserv(8) - Enable an installed system init script.........
This version of insserv is just a stub for compatibility. It only reads the Default-Start property of LSB init script headers to enable init scripts. Anything e

innfeed.conf(5) - configuration file for innfeed (Man Page)
This man page describes the configuration file for version 1.0 of innfeed. This format has changed dramatically since version 0.9.3. The file innfeed.conf is us

perlsynology(1) Perl 5 on Synology DSM systems (Man Page)...
Synology manufactures a vast number of Network Attached Storage ( NAS ) devices that are very popular in large organisations as well as small businesses and hom

We can't live, work or learn in freedom unless the software we use is free.