Quickly identify listening services and active connections to diagnose and secure a Linux host. 16.11.2025 | reading time: 2 min When a service will not respond or when a firewall rule looks wrong, netstat is the quick first check to see sockets that listen and connections that exist; here you will learn which command to run and how to read the results. Hands-on trace Run the command to list listening ports and the owning processes: ```sudo netstat -tulpen\nProto Recv-Q Send-Q Local Address Foreign Address State PID/Program name\ntcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1234/sshd\ntcp6 0 0 :::80 :::* LISTEN 2345/nginx\nudp 0 0 0.0.0.0:68 0.0.0.0:* 567/dhclient\n```If he wants a single port, pipe to grep: ```sudo netstat -tulpen | grep :80\ntcp6 0 0 :::80 :::* LISTEN 2345/nginx\n``` Useful switches to know Try combinations to change the view: -t for TCP, -u for UDP, -l for listening sockets, -n for numeric addresses and ports, -p to show PID/program (requires sudo to see all), and -a to include non-listening sockets; he can combine these to focus on what matters and use grep to filter by port, address, or program. When netstat falls short On many modern distributions netstat is part of the legacy net-tools package, so he may need to install it; for higher performance or richer output prefer `ss` for socket inspection, `lsof -i` to map files to network endpoints, `nmap` to probe remote hosts, and packet captures like `tcpdump` for deep analysis. A clear next step Mastering netstat is a fast win for troubleshooting and auditing, but combining it with newer tools and firewall inspection will give a fuller picture; explore deeper networking topics and consider certs like CompTIA Linux+ or LPIC-1, with bitsandbytes.academy being an intensive exam preparation. Join Bits & Bytes Academy First class LINUX exam preparation. network utilities security troubleshooting
