netstat - Linux Command to Display Networking Information
In linux, one of great commands for finding out information about your network connections is "netstat". It provides you interface information, statistics, connections, and a lot of other really great information about your computer.
There are many intricate commands that you can use with this program, and I won't be discussing all of them. If you would like a full review of the program, check your man or info files for more information. Below I will discuss the basic and most commonly used commands with netstat.
netstat -i (interface)
This command will give you an overview of networking on your PC. It will give you your local loopback (lo) and any network cards in your PC. This information is useful, so later you can specify a specific network interface card (NIC) that you wish to gain information on.
Using netstat alone, will give you some pretty good quick information. It gives you a list of active connections, the protocol that it is using, local and foreign address and the state of the connection. More often than not, you will not just use netstat by itself, most people add -a which gives you all listings, including ports that are actively listening.
netstat -s (statistics)
The statistics command gives you a load of great information about the data passing through your computer. It's broken down in to several main categories, IP, ICMP, TCP, UDP, and TCPEXT. Basically this command gives you a quick summery of your total packets and different kinds of connections and activities. It will give you information on failed packets, malformed packets and much more.
netstat -ap (all and process information / pid)
This is really an excellent command for finding the bulk of the information you want in a hurry. The -a gives you a full listing of all listening and active connections, and the -p gives you the process information, process name, and the pid of the program. This of course helps you trouble shoot or kill a program should you require to do so. It's also a handy way to find and kill pids that you might deem questionable by yours users.
netstat -c (continuous listing of command)
This is a pretty basic feature of the netstat command, all it does is continuously outputs the netstat data you requested over and over, every second. This is a neat little way to monitor your connections if you have a feeling something sneaky might be going on. Just leave a prompt open and running this command if you are in xwindows. Keep in mind the constant refresh will use up some processor time though.
netstat -e (extended listing)
This gives you just that little bit more information about your connections and processes. There isn't a huge difference, the primary differences you will notice right off the bat are it shows the user running the command, and the inode of the program.