Netstat exists as one of the best, yet simplest tools for the checking what is happening on the network. It is extends from viewing basic operations, like monitoring TCP(transmission control protocol) traffic and does complex operations such as showing the statistics of ports or protocols.

Background:

As a pre-req for this tutorial, it's important to understand some networking basics. This is quite obvious because this is a networking tool in itself.

TCP/UDP/ports:

There are two main protocols that we will be looking at; TCP and UDP(User datagram protocol). These are the underlying protocols for the sending of most information on the internet.

TCP is used for when information MUST be in a particular order. However, because they must be in a particular order, when packets (or little bits of information) are received out of order, it just calls for another packet. This makes the protocol quite slow.So, that's why UDP was invented!

UDP is much faster than TCP; this is because it does not keep track of the order of the packets that are coming in. Even though this leaves room for issues with some packets not reaching the destination, there are situations where speed is more important thanhaving the packets in perfect order. A perfect example of this is streaming videos; the basis of the Netflix streaming is over a protocol based on UDP.

Ports are where the information is being sent to. This helps keeps information going into the same exact area, on a network, all the time. At this point, the ports are only symbolic and have 'conventions' as opposed to rules. The most common port, that people use everyday, is the https port(443). Even though it uses 443, this is only by convention. In theory, it can run on any port.

Networking is much, much more complicated than what is explained above. But, this should cover you for the tutorial on Netstat.

Basic Commands:

Below is how to display all TCP connections currently running.

 netstat -at