The netstat command is not limited to Linux. It can also be used on Windows and macOS to get information about network connections, routing tables, interface statistics, masquerade connections, and more. Netstat is quite helpful in listing network connections and further identifying the IP address of remote hosts to which our systems are connected.
Why Use Netstat?
Knowing how to use Netstat can be helpful for:
- Monitoring network connections.
- Troubleshooting network issues.
- Identifying unauthorized connections.
- Checking open ports and associated IP addresses.
Basic Usage
The netstat command, without any options, displays a list of open sockets. The basic syntax to use it is:
netstat
Common netstat
Options
-a
: Show all connections and listening ports.-n
: Show numerical addresses instead of resolving hostnames.-t
: Show TCP connections.-u
: Show UDP connections.-p
: Show the PID and name of the program to which each socket belongs.-r
: Display the routing table.-i
: Display network interfaces.
Finding Remote IP Addresses
To find the IP addresses of remote hosts our system is connected to, we can use the following command:
netstat -tn
This command combines the -t
option (for TCP connections) and the -n
option (to show numerical addresses).
Detailed Information
To have more detailed information along with the process ID (PID) and program name using the connection, we can use the “-p” option in the command:
sudo netstat -tnp
Monitoring Network Connections in Real-Time
To monitor network connections in real-time, you can combine netstat with the watch command:
sudo watch -d -n 2 netstat -tnp
watch -d -n 2 will run the netstat -tnp command every 2 seconds, highlighting differences.
Filtering Specific Connections
We can use grep to filter connections for a specific port or address. This command filters and displays connections involving port 443.
netstat -tn | grep ':443'
Resolve the Domain Name to an IP Address
Well, resolving a Domain name to get the IP address using Netstat is not straightforward because it primarily deals with existing network connections and doesn’t perform DNS resolution directly on input domain names. Nevertheless, we can use other tools like nslookup, dig, or host to first get the IP address of the domain and then check whether we have any active connection on our system for that domain using NetStat.
Let’s say you want to get the IP address of a domain name – google.com
nslookup google.com
Check Network Connections
Example:
Let’s assume google.com resolves to 93.184.216.34. Then, to check if we have any active connection on our system to this domain, we can use the netstat as follows:
netstat -tn | grep '93.184.216.34'
This command will filter the netstat output to show only the connections involving the IP address 93.184.216.34.
Combined Approach in a Script
The above process can be lengthy. We can create a shell script to automate it and speed it up.
You can automate this process with a simple shell script. Here’s an example:
Create a file:
nano findip.sh
Paste the following code in it:
#!/bin/bash
# Check if a domain name was provided as an argument
if [ -z "$1" ]; then
echo "Usage: $0 <domain_name>"
exit 1
fi
# Resolve the domain name to an IP address
IP=$(dig +short "$1" | head -n 1)
# Check if an IP address was found
if [ -z "$IP" ]; then
echo "Could not resolve domain name."
exit 1
fi
# Use netstat to find connections involving the resolved IP address
netstat -tn | grep "$IP"
Save this script as “findip.sh” by pressing Ctrl+X, typing Y, and hitting the Enter key.
Once done, make it executable and run it with a domain name as an argument:
chmod +x find_ip.sh
Run the script along with the domain name that IP address you want to find along with its connection status:
./findip.sh google.com
In this script, we first resolved the domain name to an IP address using dig. Then, we used Netstat to find connections involving that IP address.
So, we have seen how versatile and valuable the tool Netstat is for network administrators. It can be used to find the active network connections on the system and monitor them in real-time. Although direct domain name resolving to find the IP address is not the specialization of this tool, it can still be used with other tools to know whether there is any active connection through that domain or IP address on our system. Hence, one should learn to get detailed information about network activity, aiding in troubleshooting and network management…
Other Articles: