netstat is a network utility that displays a variety of statistics for network connections on a system. It displays incoming and outgoing connections, routing tables, and a number of other network statistics. Under Linux, it is considered deprecated, and you are advised to use dss instead (part of the iproute2 package), although netstat may still work, depending on which distribution you are using.

netstat, without any command-line arguments, will display a list of active sockets for each network protocol. If you invoke netstat under Linux, it will also display a list of active Unix domain sockets. There are several columns of output. Proto stands for protocol, with a 6 in the column denoting use of IPv6. Recv-Q tells you how many packets have not yet been copied from the socket buffer by the application. Send-Q tells you how many packets have been sent, but for which an ACK packet has not yet been received. Local Address indicates the IP address/hostname and port of the local end of the connection, while Foreign Address indicates the IP address/hostname and port of the remote end of the connection. Finally, State indicates the state of the socket. This column may be left blank, since there are no states in RAW and usually no states used in UDP.

For active Unix domain sockets, there are several columns not present under active internet connections. RefCnt stands for reference count, which is the number of attached processes connected via this socket. The Flags column contains a number of flags that are used on both connected and unconnected sockets, such as SO_ACCEPTON (displayed as ACC), SO_WAITDATA (W) and SO_NOSPACE (N). The Type column indicates the type of socket access. DGRAM indicates that the socket is in datagram (connectionless) mode, while STREAM indicates that the socket is a stream (connection) socket. RAW indicates a raw socket. The State column will contain one of several different states: FREE indicates that the socket is not allocated; LISTENING indicates that the socket is listening for a connection request. CONNECTING indicates the socket is about to establish a connection, while CONNECTED indicates the socket is already connected. Finally, DISCONNECTING indicates the socket is disconnecting. The I-Node and the Path columns show the inode and path of the file object representing the process attached to the socket.

As with ping and traceroute, there are many command-line options; here are some of the more useful ones: