Network statistics & connections
Linux# All connections
netstat -a
# TCP connections
netstat -at
# UDP connections
netstat -au
# Show numeric addresses (no DNS)
netstat -n
# Show PID and program
netstat -p
# Common combo: all tcp, numeric, with PID
netstat -tulnp
# Continuous monitoring
netstat -c# All listening sockets
netstat -l
# TCP listening
netstat -lt
# UDP listening
netstat -lu
# With PIDs (needs sudo)
sudo netstat -tlnp
# Find what's on port 80
netstat -tlnp | grep :80
# Unix socket listening
netstat -lx# Count by state
netstat -ant | awk '{print $6}' | sort | uniq -c
# TCP states:
ESTABLISHED Active connection
SYN_SENT Waiting for remote
SYN_RECV Connection request received
FIN_WAIT1 Closing initiated
FIN_WAIT2 Half-closed
TIME_WAIT Waiting after close
CLOSE_WAIT Remote side closed
LAST_ACK Waiting for final ACK
LISTEN Listening for connections
CLOSED Not in use
# Filter by state
netstat -ant | grep ESTABLISHED
netstat -ant | grep TIME_WAIT# Show routing table
netstat -r
netstat -rn # numeric
# Kernel routing cache
netstat -rC
# Interface table
netstat -i
# Extended interface info
netstat -ie # like ifconfig# Protocol statistics
netstat -s
# TCP stats only
netstat -st
# UDP stats only
netstat -su
# Interface statistics
netstat -i
# Top connections by IP
netstat -ntu | awk '{print $5}' | \
cut -d: -f1 | sort | uniq -c | sort -rn | head# ss is faster than netstat (preferred on modern Linux)
# All TCP sockets
ss -t -a
# Listening
ss -tlnp
# Established connections
ss -t state established
# By port
ss -tlnp sport = :80
# By process
ss -tlnp | grep nginx
# Summary statistics
ss -s
# Filter by state
ss state time-wait
ss state established dst 10.0.0.0/24