Netstat command is helpful for display information related to network connections, both incoming and outgoing , routing tables, interface statistics security issues connections and so on . Netstat command supporting in Linux, Unix as well as the windows Operating system. 

--tcp          (or)     -t     Shows TCP connections

--udp         (or)    -u     Shows UDP connections

 --all           (or)    -a     Display  both listening and non-listening sockets

--program  (or)    -p     Display process id (PID) and program name

--listening  (or)     -l     Display  only listening sockets.

                            -I     Display a table of all network interfaces

                            -c    print the selected information every second continuously.

                            -s    Display summary statistics for each protocol.

1. To check active TCP ports :

# netstat –tnlp

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address     Foreign Address           State       PID/Program name   
tcp        0      0 0.0.0.0:20000     0.0.0.0:*                 LISTEN      1414/perl           
tcp        0      0 0.0.0.0:5666      0.0.0.0:*                 LISTEN      1245/xinetd         
tcp        0      0 0.0.0.0:3306      0.0.0.0:*                 LISTEN      1332/mysqld      

2.To check active UDP ports

# netstat -unlp

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address      Foreign Address      State       PID/Program name   
udp        0      0 0.0.0.0:10000      0.0.0.0:*                        1420/perl           
udp        0      0 0.0.0.0:20000      0.0.0.0:*                        1414/perl           
udp        0      0 184.107.29.18:53   0.0.0.0:*                        1033/named          
udp        0      0 127.0.0.1:53       0.0.0.0:*                        1033/named          
udp        0      0 0.0.0.0:11211      0.0.0.0:*                        1217/memcached      
udp        0      0 :::11211                    :::*                    1217/memcached 

3.Do you like to check kernel’s routing table

# netstat -r

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.0.240   *               255.255.255.0   U         0 0          0 eth0
link-local      *               255.255.0.0     U         0 0          0 eth0
default         192.168.0.200   0.0.0.0         UG        0 0          0 eth0

4. To display active interfaces

# netstat –i

Kernel Interface table
Iface       MTU Met    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500   0 28026209      0      0      0 21718940      0      0      0 BMRU
lo        16436   0   470612      0      0      0   470612      0      0      0 LRU

5. Do you want to know whether the port  80 listen and pointing to where

# netstat -antup | grep 80 | grep LISTEN

tcp        0      0 0.0.0.0:80         0.0.0.0:*                   LISTEN      12799/httpd         
tcp        0      0 :::80              :::*                        LISTEN      12799/httpd   

The port : 80 pointing to apache server (httpd)

6. To view interface information can be monitored continuously

# netstat -ic

Kernel Interface table
Iface       MTU Met    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500   0 28294763      0      0      0 21914126      0      0      0 BMRU
lo        16436   0   497460      0      0      0   497460      0      0      0 LRU
eth0       1500   0 28294918      0      0      0 21914221      0      0      0 BMRU
lo        16436   0   497460      0      0      0   497460      0      0      0 LRU

7. Print active connections for specific application

# netstat -anp | grep named

tcp        0      0 192.168.0.240:53       0.0.0.0:*             LISTEN      907182/named        
tcp        0      0 127.0.0.1:53           0.0.0.0:*             LISTEN      907182/named        
tcp        0      0 127.0.0.1:953          0.0.0.0:*             LISTEN      907182/named        
udp        0      0 192.168.0.240:53       0.0.0.0:*                         907182/named        
udp        0      0 127.0.0.1:53           0.0.0.0:*                         907182/named        
unix  2      [ ]         DGRAM                    15226481 907182/named       

8. shows listen socket

# netstat -l

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State      
tcp        0      0 *:imaps                     *:*                         LISTEN      
tcp        0      0 *:infowave                  *:*                         LISTEN      
tcp        0      0 *:radsec                    *:*                         LISTEN      
tcp        0      0 *:pop3s                     *:*                         LISTEN     

Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     2103789 /usr/local/cpanel/var/cpwrapd.sock
unix  2      [ ACC ]     STREAM     LISTENING     90346  /var/run/dbus/system_bus_socket

9. Display summary statistics for each protocol.

# netstat –s

Ip:
    28778389 total packets received
    3099 with invalid addresses
    0 forwarded


10. Displaying IPv4 and IPv6 Information

#  netstat -g

IPv6/IPv4 Group Memberships
Interface       RefCnt Group
--------------- ------ ---------------------
lo              1      my-system.net
eth0            1      my-systems.net
lo              1      ff02::1
eth0            1      ff02::1:ffef:85ea
eth0            1      ff02::1

11. Find number of connections by IP Address

# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
      1 106.215.226.229
      1 106.78.48.221
      1 116.203.248.18
      1 117.201.180.231
      1 117.207.166.64
      1 122.178.179.254
      1 127.0.0.1
      1 176.224.94.91