Here’s a chunk of the networking book.
Standard netstat attempts to show hostnames instead of IP addresses. This means your server performs a reverse DNS lookup on every IP address it exchanges traffic with. On a busy server, this might mean hundreds or thousands of lookups. The output pauses for each lookup. Many hosts have no reverse DNS, so these lookups can take quite a long time before they fail.
Service names also appear with a human-friendly name rather than a port number whenever possible. It gathers this information from the services file. This results in a mix of named ports and numbers in netstat output, depending on whether a specific port has an entry in the services file.
All versions of netstat let you disable DNS lookups and port name lookups with the –n flag. I almost always recommend using –n. (I can’t think of any exceptions, but I’m sure there is one. Somewhere.)
Networking for System Administrators is open for sponsorships.