Netstat Commands Reference
Complete netstat and ss command reference for Linux, macOS, and Windows with searchable examples.
List all connections
netstat -ass -aList listening ports (TCP+UDP)
netstat -tulnss -tulnShow TCP connections
netstat -tnss -tnShow UDP connections
netstat -unss -unShow process PIDs
netstat -tulnpss -tulnp⚠ Linux/macOS may require root for PID visibility
Show routing table
netstat -rip routeShow network statistics
netstat -sss -sCount connections by state
netstat -an | awk '{print $6}' | sort | uniq -c | sort -rnss -tan | awk 'NR>1 {print $1}' | sort | uniq -cFind process using a port
netstat -tulnp | grep :8080ss -tulnp | grep :8080⚠ Replace 8080 with your port number
Show socket summary
netstat -iss -iAbout this tool
Netstat and ss are command-line utilities that display active network connections, routing tables, interface statistics, and socket information on Linux, macOS, and Windows systems. Netstat has been the traditional choice for decades, but ss (socket statistics) is the modern replacement on Linux systems—it's faster, more readable, and shows detailed socket state information. Understanding these tools is essential for network administrators diagnosing connectivity issues, identifying which applications are using network resources, monitoring port activity, or tracking down unexpected connections and listening services.
This reference guide organizes the most useful netstat and ss commands by task: checking which ports are listening, viewing active connections, finding process IDs associated with network activity, analyzing traffic by protocol, listing all sockets in different states, and monitoring network interface statistics. Each command is explained with its purpose and typical output format, making it easy to find the exact syntax you need without memorizing dozens of flags. The searchable format lets you quickly filter by command name, protocol type, or use case—whether you're troubleshooting a hung service, auditing open ports for security, or investigating bandwidth consumption.
System administrators, DevOps engineers, and security professionals rely on these commands daily to understand system network behavior, detect port conflicts, verify that services are properly listening, and identify unauthorized network access. Whether you're new to these tools or need a quick reminder of the correct syntax, this reference saves time by providing real, practical examples that you can copy and adapt immediately for your specific network diagnosis or monitoring task.
Frequently Asked Questions
Code Implementation
import subprocess
import platform
def run_netstat(args: list[str]) -> str:
"""Run netstat command and return output."""
try:
result = subprocess.run(["netstat"] + args, capture_output=True, text=True, timeout=10)
return result.stdout
except FileNotFoundError:
# Try ss on Linux if netstat not found
if platform.system() == "Linux":
result = subprocess.run(["ss"] + args, capture_output=True, text=True, timeout=10)
return result.stdout
return "netstat not found"
# Show all listening TCP ports
print("=== Listening TCP ports ===")
system = platform.system()
if system == "Linux":
print(run_netstat(["-tlnp"])) # or ss -tlnp
elif system == "Darwin": # macOS
print(run_netstat(["-an", "-p", "tcp"]))
elif system == "Windows":
print(run_netstat(["-ano", "-p", "TCP"]))
# Parse listening ports
def get_listening_ports() -> list[dict]:
"""Parse ss output on Linux to get listening ports."""
result = subprocess.run(["ss", "-tlnp"], capture_output=True, text=True)
ports = []
for line in result.stdout.splitlines()[1:]:
parts = line.split()
if len(parts) >= 4 and parts[0] == "LISTEN":
ports.append({"state": parts[0], "local": parts[3], "process": parts[6] if len(parts) > 6 else ""})
return ports
if system == "Linux":
for p in get_listening_ports():
print(p)Comments & Feedback
Comments are powered by Giscus. Sign in with GitHub to leave a comment.