netstat
What is netstat?
In computing, netstat (network statistics) is a command-line network utility that displays network connections for Transmission control protocol (TCP) (both incoming and outgoing), routing tables, and a number of network interface (Network interface card (NIC) or software defined network interface) and network protocol statistics.
How to use netstat
Netstat command explained
proto (protocol)
Transport layer protocol used, e.g. tcp or udp (osi layer 4)
TCP stands for Transport control protocol, this is used when a packet MUST arrive (e.g. : http, https, mysql)
UDP stands for User-datagram protocol, this is used when a packet can lose some of it contents, but it does not matter if a part of the packet goes lost, for example : streaming a movie
Recv-Q/Send-Q
Recv-Q
means that process 34390 has a connection open, between port 9503 on the local host, and port 47654 on the local host, and that 8216172 bytes of data have been received by the kernel on port 9503 but haven’t yet been copied by the process.
Send-Q
means that process 34379 has a connection open, between port 47686 on the local host, and port 9503 on the local host, and that 4189632 bytes of data have been sent from port 47686 but not acknowledged yet (so they’re still in the TCP window).
Local Address
process is bound to <host>:<port>, so for example; a process can be bound to 127.0.0.1:8381 (localhost on port 8381)
Foreign Address
The address and port number of the remote end of the connection. (what ip's with which ports can connect to the service)
State
The state of the local socket. For UDP sockets, this is usually blank. See the state table, below.
PID/Program name
This is what the name says, the process id and the name of the program.
Last updated
Was this helpful?
