Netstat is a powerful command used to check whether your workstation is under attack.
How can you tell when someone is listening to your computer from outside your secure LAN or VPN -- from the wilds of the Internet? By "listening to your computer," I mean that someone outside has established an unauthorized connection with your Workstation so that he can attack or take valuable information from your node.
In order to find whether this had happened, you can use various tools. One of these tools is called netstat.
How to use it?
Now you can see some output from which you can find any listening ports. The output will give the protocol, local address, foreign address and state. Even though this tool is very good, it takes some research to learn from its output.
You can also use other tools like Fport, nmap, etc., which will give much more detail, but netstat command is already built into most Linux/Unix machines.