Hide

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.


If you have a new feature suggestion or find a bug, please get in touch via http://commandlinefu.uservoice.com/

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

Hide

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:

Hide

News

2011-03-12 - Confoo 2011 presentation
Slides are available from the commandlinefu presentation at Confoo 2011: http://presentations.codeinthehole.com/confoo2011/
2011-01-04 - Moderation now required for new commands
To try and put and end to the spamming, new commands require moderation before they will appear on the site.
2010-12-27 - Apologies for not banning the trolls sooner
Have been away from the interwebs over Christmas. Will be more vigilant henceforth.
2010-09-24 - OAuth and pagination problems fixed
Apologies for the delay in getting Twitter's OAuth supported. Annoying pagination gremlin also fixed.
Hide

Tags

Hide

Functions

Commands tagged netstat from sorted by
Terminal - Commands tagged netstat - 45 results
netstat -tunlapo
2014-01-23 20:44:31
User: treebeard
Functions: netstat
Tags: netstat
0

-t TCP

-u UDP

-n NO DNS resolution or PORT/SERVICE resolution

-l state

-a ?

-p PORT show

-o flag (keepalive, off, etc)

netstat -tup -W | column -t
2014-01-08 22:39:01
User: b_t
Functions: column netstat
3

The -W switch of netstat makes it print complete URL of the connections, which otherwise by default

is truncated to fit its default column size.

Now to compensate for irregular column sizes, pipe the output to column (-t switch of column prints in tabular form). The only downside to this part is that the very first row, the header, goes pear shape.

watch -d 'echo -e "Remaining: `(nodetool netstats | grep " 0%" | wc -l)` \nCurrent: `(nodetool netstats | grep "%" | grep -v " 0%")`"'
2014-01-01 16:59:01
User: mrwulf
Functions: watch
0

When bootstrapping or repairing a node this is a simple way to keep tabs on what a node is actively doing.

netstat -ntu | awk ' $5 ~ /^(::ffff:|[0-9|])/ { gsub("::ffff:","",$5); print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr
2013-09-10 19:28:06
User: mrwulf
Functions: awk cut netstat sort uniq
1

Same as the rest, but handle IPv6 short IPs. Also, sort in the order that you're probably looking for.

sudo netstat -plntu --inet | sort -t: -k2,2n | sort --stable -t. -k 1,1n -k 2,2n -k 3,3n -k 4,4n | sort -s -t" " -k1,1
2013-08-13 09:21:26
User: thechile
Functions: netstat sort sudo
0

bit of a contrived example and playing to my OCD but nice for quick scripted output of listening ports which is sorted by port, ip address and protocol.

sudo netstat -tulpn | grep :8080
while true; do netstat -a|grep WAIT|wc -l; sleep 5; done
2013-06-19 09:19:41
User: adimania
Functions: grep netstat sleep wc
Tags: netstat tcp
0

This has saved me many times while debugging timeout issues to "too many open files" issues. A high number of the order of thousand, indicates that somewhere connection is not being closed properly.

netstat -tuapen | grep LISTEN
netstat -antu | awk '$5 ~ /[0-9]:/{split($5, a, ":"); ips[a[1]]++} END {for (ip in ips) print ips[ip], ip | "sort -k1 -nr"}'
netstat -antu | awk '{print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -n
2013-04-08 19:46:41
User: wejn
Functions: awk netstat sort uniq
-1

Output contains also garbage (text parts from netstat's output) but it's good enough for quick check who's overloading your server.

lsof -i -n | grep ESTABLISHED
2013-04-03 09:14:09
User: techie
Functions: grep
2

Fast and easy way to find all established tcp connections without using the netstat command.

netstat -an | grep --color -i -E 'listen|listening'
watch "ss -nat | awk '"'{print $1}'"' | sort | uniq -c"
2012-12-07 19:07:33
User: ricardofunke
Functions: watch
-1

Monitoring TCP connections number showing each state. It uses ss instead of netstat because it's much faster with high trafic.

You can fgrep specific ports by piping right before awk:

watch "ss -nat | fgrep :80 | awk '"'{print $1}'"' | sort | uniq -c"

netstat -tn | awk '($4 ~ /:22\s*/) && ($6 ~ /^EST/) {print substr($5, 0, index($5,":"))}'
netstat -an | grep 80 | wc -l
netstat -tn | grep :80 | awk '{print $5}'| grep -v ':80' | cut -f1 -d: |cut -f1,2,3 -d. | sort | uniq -c| sort -n
2012-06-26 08:29:37
User: krishnan
Functions: awk cut grep netstat sort uniq
0

cut -f1,2 - IP range 16

cut -f1,2,3 - IP range 24

cut -f1,2,3,4 - IP range 24

netstat -Aan | grep .80 | grep -v 127.0.0.1 | grep EST | awk '{print $6}' | cut -d "." -f1,2,3,4 | sort | uniq
2012-02-03 13:54:11
Functions: awk cut grep netstat sort
0

See who is using a specific port. Especially when you're using AIX. In Ubuntu, for example, this can easily be seen with the netstat command.

netstat -plntu
netstat -plnt
2011-09-30 19:56:32
User: DopeGhoti
Functions: netstat
7

While `lsof` will work, why not use the tool designed explicitly for this job?

(If not run as root, you will only see the names of PID you own)

sudo netstat|head -n2|tail -n1 && sudo netstat -a|grep udp && echo && sudo netstat|head -n2|tail -n1 && sudo netstat -a|grep tcp
netstat -nt | awk -F":" '{print $2}' | sort | uniq -c
netstat -ntu | awk ' $5 ~ /^[0-9]/ {print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
2011-07-04 20:23:21
User: letterj
Functions: awk cut netstat sort uniq
Tags: netstat
-3

netstat has two lines of headers:

Active Internet connections (w/o servers)

Proto Recv-Q Send-Q Local Address Foreign Address State

Added a filter in the awk command to remove them

netstat -ntu | awk ' $5 ~ /^[0-9]/ {print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
watch 'netstat -anptu |egrep "^Proto|:80 "'
2011-05-18 15:05:52
User: Mozai
Functions: egrep watch
7

Shows updated status in a terminal window for connections to port '80' in a human-friendly form. Use 'watch -n1' to update every second, and 'watch -d' to highlight changes between updates.

If you wish for status updates on a port other than '80', always remember to put a space afterwards so that ":80" will not match ":8080".