Skip to content
shellmap

netstatShow network connections, listening ports, and routing tables across all 5 shells

Equivalents in every shell

Bashunix
ss -tunlp
Zshunix
ss -tunlp

Same external binaries as bash. `ss` is the modern replacement for `netstat` on Linux.

Fishunix
ss -tunlp
PowerShellwindows
Get-NetTCPConnection -State Listen

Object-oriented. Add `| Where-Object { $_.LocalPort -eq 8080 }` to filter by port.

cmd.exewindows
netstat -ano

`-a` all, `-n` numeric, `-o` show owning PID. Pipe `| findstr :PORT` to filter.

Worked examples

List all TCP listeners with owning PID

Bash
ss -tlnp
PowerShell
Get-NetTCPConnection -State Listen | Select-Object LocalAddress, LocalPort, OwningProcess
cmd.exe
netstat -ano | findstr LISTENING

Find what process owns port 3000

Bash
ss -tlnp | grep :3000
PowerShell
Get-NetTCPConnection -LocalPort 3000 | Select-Object LocalAddress, OwningProcess
cmd.exe
netstat -ano | findstr :3000

Show the routing table

Bash
ip route
PowerShell
Get-NetRoute
cmd.exe
route print

Gotchas

  • On Linux, `netstat` is deprecated in favor of `ss` (from `iproute2`); the legacy binary may not even be installed on minimal images.
  • macOS `netstat` syntax differs from Linux: use `netstat -anv -p tcp` and `lsof -iTCP -sTCP:LISTEN -P` instead.
  • Windows `netstat` is built-in and behaves like the classic Unix `netstat`, but the PowerShell `Get-NetTCPConnection` returns rich objects you can pipe further.

WSL & PowerShell Core notes

pwsh`Get-NetTCPConnection` and the rest of the `NetTCPIP` module are Windows-only — they do NOT exist on Linux/macOS pwsh 7+ hosts. Portable scripts should fall back to `ss -tlnp` on Linux (with `netstat -tulpn` as a legacy fallback) and `netstat -anv -p tcp` on macOS. The classic `netstat.exe` binary is still shipped on every Windows version for legacy `-ano` usage if you need the old behaviour.
WSLWSL2 runs in its own lightweight VM with a NAT'd virtual network, so `ss -tlnp` inside WSL shows only the ports bound inside the Linux VM — it does NOT see ports bound on the Windows host. Conversely, Windows-side `netstat -ano` does not see WSL2 listeners. To audit both sides during port-conflict debugging, run `ss -tlnp` inside WSL plus `Get-NetTCPConnection -State Listen` from Windows pwsh. On Windows 11 24H2 with mirrored networking mode (`networkingMode=mirrored` in `%USERPROFILE%\.wslconfig`), the two namespaces share, so `localhost:PORT` reaches the same listener from both sides — older NAT mode requires explicit `netsh portproxy` forwarding.

Common tasks using netstat

Related commands