What is `netstat`?
The `netstat` (network statistics) command is a command-line tool that displays active network connections, routing tables, and various network interface statistics. It's a great way to see which programs on your computer are communicating over the network, which ports they are using, and who they are connected to. This is incredibly useful for both troubleshooting and security analysis.
How to Use It
The `netstat` command is powerful because of its various flags (options) that modify its output. One of the most common uses is to see all active and listening ports.
Example Usage
netstat -an
- The -a flag tells `netstat` to show all connections and listening ports.
- The -n flag tells it to display addresses and port numbers in numerical form, which is often faster and easier to read.
Understanding the Output
The output will be a table with several columns, showing you every connection your computer has.
| Column | Description |
|---|---|
| Proto | The protocol being used (e.g., TCP or UDP). |
| Local Address | The IP address and port number on your computer. An address of 0.0.0.0 means it's listening on all available interfaces. |
| Foreign Address | The IP address and port number of the remote computer it's connected to. |
| State | The state of the connection (e.g., LISTENING, ESTABLISHED, TIME_WAIT). |
Using `netstat` is a great way to spot unusual activity. For example, if you see a connection in an ESTABLISHED state that you don't recognize, it could be worth investigating to ensure no unauthorized programs are running.