netstat in macOS
The netstat command, which stands for “network statistics”, can show you a lot of information about your network including statistics on connections to and from others on the network, used network interfaces, services, ports, and routing tables.
So what could all this information be used for? Just running netstat alone will give you an overview of your network, which will show a list of addresses connected to your system, over which port they’re connected, and what services or programs they’re talking to.
Here are five relatively simple examples of what you can actually do with netstat.
One of the most useful things you can do with netstat is show exactly who is connected to your system either through an incoming or outgoing connection (whether it is your system which initiated it or the other system). This will simply list all of them:
Look at the “Foreign Address” column to see where the connection is coming from, and “Local Address” to see what on the local machine is it connected.
The following command will show just the TCP (-t) and UDP (-u) connections:
If you want to turn off hostnames, or domain names, and display only IP numbers just add the -n option.
If you want it to display this continuously to see as connections come and go add the -c option.
Needless to say, perhaps, with IP addresses of everyone connecting revealed you can use other tools like traceroute to determine where exactly is it coming from.
If you’d like to see which services are actually listening for incoming connections, perhaps to ensure you don’t have something listening that you don’t want to be listening, just use the -l option.
You can also limit this to only a specific type of traffic, like TCP in this example (for UDP just use -u):
We can get a little bit more specific by combining the netstat command with other common UNIX utilities like grep, in this example, where we make it easier to find which port is used by a program. We use grep to conveniently dig this info out of the netstat output:
In this example we get a list of all connections mentioning ZNC with the ports it is using, and addresses it is connected to.
With netstat you can easily see the kernel IP routing table being used on your system using the -r option:
Being a statistics utility you can of course see a summary of a great number of statistics about your system’s networking. Just run the netstat command with the -s option:
This will display a huge list of statistics, but you’ll immediately recognize the most interesting ones depending on what you’re looking for. For example you can see a total number of packets received, number of active TCP connections, and a number of extended more detailed statistics for each protocol.
NOTE: These examples are based on netstat in Linux, where it has been succeeded by the ss command from the iproute2 package, but it should apply to most UNIX and UNIX like systems. You can also check the manual page readily available via the man netstat command for more information.