The netstat command can display an overwhelming amount of network statistics. Ready to make your focus a little easier with a series of aliases? The netstat command provides a tremendous amount on information on network activity. With the -s option (netstat -s), it will display summaries for various protocols such as packets received, active connections, failed connections and a lot more. While the data is extensive enough to make you dizzy, the more you get used to what the command’s output looks like, the more you’ll become familiar with what to expect and maybe even get better at spotting what’s unusual. In this post, we’re going to look at various portions of the netstat -s command’s output using crafted aliases to make it easier. What kind of stats does the netstat -s command provide? To list the various types of statistics the netstat -s command provides, I ran a command like that shown below to list the protocols it displays. The grep -v “^ “ portion of the command selects only lines that don’t start with a blank. Since the details are all indented, this command shows just the protocols. $ netstat -s | grep -v "^ " Ip: Icmp: IcmpMsg: Tcp: Udp: UdpLite: TcpExt: IpExt: MPTcpExt: The following command shows the protocol headings with their line numbers included by requiring colons and omitting lines with tabs. The line numbers will help isolate the sections for the aliases. $ netstat -s | nl | grep "[A-Za-z]:$" | grep -Pv 't ' 1 Ip: 10 Icmp: 19 IcmpMsg: 22 Tcp: 33 Udp: 41 UdpLite: 42 TcpExt: 93 IpExt: 104 MPTcpExt: This command counts the overall lines on the output: $ netstat -s | w -l 104 From the above output, I could determine the starting line and the length of each section and create the aliases for each as well. start section lines head command ====================================================== 1 Ip: 1-9 head -9 10 Icmp: 10-18 head -18 | tail -9 19 IcmpMsg: 19-21 head -21 | tail -3 22 Tcp: 22-32 head -32 | tail -11 33 Udp: 33-40 head -40 | tail -8 41 UdpLite: 41-41 head -41 | tail -1 42 TcpExt: 42-92 head -88 | tail -47 93 IpExt: 93-103 head -99 | tail -11 104 MPTcpExt: 104-104 head -100 | tail -1 After this, it was fairly easy to construct aliases like these because I knew where each section began and ended. alias Ip='netstat -s | head -9' alias Icmp='netstat -s | head -18 | tail -9' On the other hand, knowing that the number of lines in each section might not always be the same, I resorted to building a script that would construct the aliases for me. A key component in this script is the case statement, which contains commands to be run for each section of the netstat -s output. Note that each section of the script collects its starting point and calculates the ending point for the prior protocol (the line before its beginning). Only MPTcpExt section defines its own alias and does this by calculating the lines in the file containing the netstat -s output. #!/bin/bash # save netstat -s output in file netstat -s > netstat-s # count lines lines=`wc -l netstat-s | awk '{print $1}'` n=0 while IFS= read -r line do ((n=n+1)) w=`echo $line | wc -w` if [ $w == 1 ]; then # echo $line $n protocol=`echo $line | sed 's/://'` case $protocol in Ip) Ip=$n;; Icmp) Icmp=$n; Ip2=`expr $n - 1`; echo alias IP="'netstat -s | head -$Ip2'";; IcmpMsg) IcmpMsg=$n; Icmp2=`expr $n - 1` len=`expr $IcmpMsg - $Icmp`; echo alias Icmp="'netstat -s | head -$Icmp2 | tail -$len'";; Tcp) Tcp=$n; IcmpMsg2=`expr $n - 1`; len=`expr $Tcp - $IcmpMsg`; echo alias IcmpMsg="'netstat -s | head -$IcmpMsg2 | tail -$len'";; Udp) Udp=$n; Tcp2=`expr $n - 1`; len=`expr $Udp - $Tcp`; echo alias Tcp="'netstat -s | head -$Tcp2 | tail -$len'";; UdpLite) UdpLite=$n; Udp2=`expr $n - 1`; len=`expr $UdpLite - $Udp`; echo alias Udp="'netstat -s | head -$Udp2 | tail -$len'";; TcpExt) TcpExt=$n; UdpLite2=`expr $n - 1`; len=`expr $TcpExt - $UdpLite`; echo alias UdpLite="'netstat -s | head -$UdpLite2 | tail -$len'";; IpExt) IpExt=$n; TcpExt2=`expr $n - 1`; len=`expr $IpExt - $TcpExt`; echo alias TcpExt="'netstat -s | head -$TcpExt2 | tail -$len'";; MPTcpExt) MPTcpExt=$n; IpExt2=`expr $n - 1`; len=`expr $MPTcpExt - $IpExt`; echo alias IpExt="'netstat -s | head -$IpExt2 | tail -$len'"; len=`expr $n - $MPTcpExt + 1`; echo alias MPTcpExt="'netstat -s | head -$MPTcpExt | tail -$len'";; # rest=`expr $lines - $MPTcpExt`; echo $rest;; esac fi done On running the script, I got the following output – a list of the aliases that I then added to my ~/.bashrc file and regenerate as needed. They could have been added to a separate file that I sourced whenever I wanted to used them. alias IP='netstat -s | head -9' alias Icmp='netstat -s | head -18 | tail -9' alias IcmpMsg='netstat -s | head -21 | tail -3' alias Tcp='netstat -s | head -32 | tail -11' alias Udp='netstat -s | head -40 | tail -8' alias UdpLite='netstat -s | head -41 | tail -1' alias TcpExt='netstat -s | head -92 | tail -51' alias IpExt='netstat -s | head -103 | tail -11' alias MPTcpExt='netstat -s | head -104 | tail -1' Using the aliases will allow me to look at any section of the netstat -s command very easily. Note that you should expect to see considerable changes every time you use these aliases, because the number of connections and packets grows very quickly. In addition, since the number of lines in the netstat -s will not necessarily remain the same, regenerating the aliases from time to time is a good idea. Here are some examples of the output the aliases will provide: $ Ip Ip: Forwarding: 2 511618 total packets received 159 with invalid addresses 0 forwarded 0 incoming packets discarded 502163 incoming packets delivered 247145 requests sent out 2 outgoing packets dropped $ Tcp Tcp: 5124 active connection openings 26 passive connection openings 0 failed connection attempts 6 connection resets received 1 connections established 333116 segments received 235631 segments sent out 519 segments retransmitted 6 bad segments received 3558 resets sent $ Udp Udp: 111008 packets received 6 packets to unknown port received 0 packet receive errors 12794 packets sent 0 receive buffer errors 0 send buffer errors IgnoredMulti: 58026 Wrap-up The netstat command provides a huge number of network stats. With the -s option, it displays network statistics in nine different categories. The aliases included in this post should make becoming familiar with these statistics easier. Related content how-to Compressing files using the zip command on Linux The zip command lets you compress files to preserve them or back them up, and you can require a password to extract the contents of a zip file. By Sandra Henry-Stocker May 13, 2024 4 mins Linux opinion NSA, FBI warn of email spoofing threat Email spoofing is acknowledged by experts as a very credible threat. By Sandra Henry-Stocker May 13, 2024 3 mins Linux how-to The logic of && and || on Linux These AND and OR equivalents can be used in scripts to determine next actions. By Sandra Henry-Stocker May 02, 2024 4 mins Linux how-to Using the apropos command on Linux By Sandra Henry-Stocker Apr 24, 2024 3 mins Linux PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe