Understanding netstat and nslookup Commands in Linux

Netstat And Nslookup

Networking is crucial for any Linux user. As a system admin, you need to be able to communicate with other systems on a network to share and receive data. Linux provides us with a wide range of tools to interact, get information and troubleshoot our networks.

Two powerful utilities for this purpose come in the form of the netstat and nslookup command in Linux. In this tutorial, we will go over the working and use of these command-line utilities.

What are the netstat and nslookup commands?

The netstat and nslookup commands are essentially command-line utilities used for network administration in Linux based systems. They are mainly used to troubleshoot a network, but they can also be used for network queries like DNS lookups, performance measurement, and debugging. Together, they are powerful tools that can cover almost all your network administration needs.

The netstat command

The netstat command in Linux, an abbreviation for ‘Network Statistics’, is used for network statistics mapping and configuration. This tool helps you analyse the network connections from and to your system. It can also display routing tables, masquerade connections and multicast memberships along with network statistics. This command is one of the most essential tools for monitoring and troubleshooting your network.

1. Basic Syntax of The netstat Command

The best way to understand any command is through understanding it’s syntax. Here is how the syntax for the netstat command in Linux looks like.

Netstat [option]

The netstat command in Linux has only one parameter. The option used while calling this command can provide you with a wide-ranging set of information regarding your network. While there is a huge list of options available for the netstat command, we will discuss only a few popularly used options for this tutorial. The following table lists them.

-aList all the network sockets on your system, whether they are open or closed.
-iDisplay all the network interface information regarding your system.
-lLists all the network sockets on your system in the listening state.
-cPrint socket connections continuously.
-gDisplay all the multicast membership group information for your network. This list involves information for both IPv4 and IPv6 connections.
Netstat command options table

Now we have developed an understanding of the netstat command in Linux along with its parameters. Now it’s time to use this knowledge for practical application of the netstat command. For this tutorial, we will go over some examples to learn how to use the netstat command. 

2. Listing network sockets

The most basic use of the netstat command in Linux is to list the sockets which are available on your network, whether they are open or closed. This can be done using the -a option as shown below.

netstat -a
Netstat A
Netstat A

3. Displaying the routing table

The routing table contains information about the network host and data routes. This information is essential for network troubleshooting purposes. We can use the netstats command to display the routing table as follows.

netstat -r
Netstat R 1
Netstat R 1

4. Checking which port is running a service

When a service is experiencing troubles while attempting to connect to the network, it is usually an issue regarding the port being used for the connection. If you wish to check the port being used by a service, you can do so like this.

netstat -ap | grep <service name>
Netstat Ap Port Service
Netstat Ap Port Service

The nslookup command

The nslookup command in Linux, better known as Name Server Lookup, is primarily used to obtain a hostname using an IP address or vice versa. It can also query domain name servers about hosts and domain-related information. It works in both interactive and non-interactive modes. While the interactive mode offers a wider range of information, the non-interactive mode returns only the hostname with the specifically requested information.

1. Basic Syntax of The nslookup Command

We learn any command best through understanding it’s syntax. Here is how the syntax for the nslookup command in Linux looks like.

nslookup [-option] [command] [server name/address]

There are two different ‘options used with the nslookup command. First, we have the –timeout option. As the name suggests, it is used to set an initial timeout for our DNS query. The second is the -query option which is used to specify the type of DNS query which we wish to make. Here is a list of some of the commonly used query types along with their usage.

Query typeFunction
-query=anySearch for all available DNS record associated with the specified hostname or IP address
-query=soaThis is the Start Of Authority DNS record query type. It returns the mail address and serial number of a domain among other authoritative info.
-query=mxThe ‘mx’ or Mail Exchange query lists all the mail exchange servers for the hostname. These mail exchange servers receive all the mails routed to the hostname.
-query=txtThis query type is essential to look at all the TXT records of the specified hostname. The TXT records contain essential information about other types of records like SPF and DKIM.
nslookup – Command options snippet table

When the first argument of the command is the address or hostname, we enter the non-interactive mode. We can enter the interactive mode by either using no arguments or by using a hyphen as our first argument. Interactive mode offers us a wide range of commands. Let us look at some of the popular ones.

host [server]Search for information regarding host through the default server or a specified server
server [domain]Set the current server to the specified domain.
set port = [port number]Change the port at which we send our DNS query to the host. The default port for the nslookup command is 53.
set retry = [number]Specify the number of times the nslookup command will attempt to connect to the host in case of failure.
nslookup command options – table

We listed just a few essential commands available with the nslookup command in Linux. So make sure to check the other commands on your own to use the full functionality of this command.

We now have an understanding of the nslookup command in Linux along with its parameters. Now it’s time to use this knowledge for practical application of the nslookup command. For this tutorial, we will go over some examples to learn how to use the nslookup command. 

2. Finding IP address or hostname

The hostname and IP address of a domain are two of the most important pieces of information when you are troubleshooting your network. When you know the hostname, you can use it to find the IP address of the domain like this.

nslookup <IP or domain>
Nslookup Domain
Nslookup Domain

Alternatively, you can perform a reverse DNS lookup and use the IP address to find the hostname of a domain as shown below.

Nslookup Reverse Dns
Nslookup Reverse Dns

3. Checking DNS records

DNS records provide us with a wide range of information regarding a domain. This information is essential for network administration and debugging. Here is how we can use the -query option to search for all available mail exchanger records of a domain.

nslookup -query=<record type> <domain or IP>
Nslookup Mailservers
Nslookup Mailservers

4. Specifying DNS server for a query

For accessing specific information though a DNS query, we require to narrow down the server which we wish to use for our query. This can be done as follows.

nslookup <domain or IP> <dns server to query>
Nslookup Query Specific Dns
Nslookup Query Specific Dns

Wrapping up

With this tutorial, we hope you were able to understand the basics of the netstat and nslookup commands in Linux. These commands have far greater applications than what we discussed here, which you can reach by mastering these basics. If you have any feedback, queries, or suggestions, feel free to reach out to us in the comments below.