Hide

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

If you have a new feature suggestion or find a bug, please get in touch via http://commandlinefu.uservoice.com/

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

OpenID
or
Sign in Register

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

Hide

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:

Hide

News

2011-03-12 - Confoo 2011 presentation
Slides are available from the commandlinefu presentation at Confoo 2011: http://presentations.codeinthehole.com/confoo2011/
2011-01-04 - Moderation now required for new commands
To try and put and end to the spamming, new commands require moderation before they will appear on the site.
2010-12-27 - Apologies for not banning the trolls sooner
Have been away from the interwebs over Christmas. Will be more vigilant henceforth.
2010-09-24 - OAuth and pagination problems fixed
Apologies for the delay in getting Twitter's OAuth supported. Annoying pagination gremlin also fixed.
Hide

Tags

Hide

Functions

Hide

Credits

Site by David Winterbottom (user root).

Commands tagged netstat from sorted by
Terminal - Commands tagged netstat - 42 results
netstat -ntu | awk ' $5 ~ /^(::ffff:|[0-9|])/ { gsub("::ffff:","",$5); print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr
2013-09-10 19:28:06
User: mrwulf
Functions: awk cut netstat sort uniq
Tags: sort awk uniq IP netstat cut
1
Up
Down
netstat with group by (ip adress)

Same as the rest, but handle IPv6 short IPs. Also, sort in the order that you're probably looking for.

Show sample output | Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
sudo netstat -plntu --inet | sort -t: -k2,2n | sort --stable -t. -k 1,1n -k 2,2n -k 3,3n -k 4,4n | sort -s -t" " -k1,1
2013-08-13 09:21:26
User: thechile
Functions: netstat sort sudo
Tags: sort netstat stable
0
Up
Down
make pretty the netstat output for listening services

bit of a contrived example and playing to my OCD but nice for quick scripted output of listening ports which is sorted by port, ip address and protocol.

Show sample output | Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
sudo netstat -tulpn | grep :8080
2013-07-30 13:10:50
User: BU5T4
Functions: grep netstat sudo
Tags: netstat
0
Up
Down
check to see what is running on a specific port number
Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
while true; do netstat -a|grep WAIT|wc -l; sleep 5; done
2013-06-19 09:19:41
User: adimania
Functions: grep netstat sleep wc
Tags: netstat tcp
0
Up
Down
One liner to check out CLOSE_WAIT and TIME_WAIT connection every five seconds while debugging network apps

This has saved me many times while debugging timeout issues to "too many open files" issues. A high number of the order of thousand, indicates that somewhere connection is not being closed properly.

Show sample output | Comments (3) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
netstat -tuapen | grep LISTEN
2013-05-18 20:40:38
User: mered
Functions: grep netstat
Tags: Linux netstat
0
Up
Down
Check for listening services
Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
netstat -antu | awk '$5 ~ /[0-9]:/{split($5, a, ":"); ips[a[1]]++} END {for (ip in ips) print ips[ip], ip | "sort -k1 -nr"}'
2013-04-09 03:24:43
User: 4Aiur
Functions: awk netstat
Tags: netstat connections
0
Up
Down
Show number of connections per remote IP
Comments (1) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
netstat -antu | awk '{print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -n
2013-04-08 19:46:41
User: wejn
Functions: awk netstat sort uniq
Tags: netstat connections
-1
Up
Down
Show number of connections per remote IP

Output contains also garbage (text parts from netstat's output) but it's good enough for quick check who's overloading your server.

Comments (4) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
lsof -i -n | grep ESTABLISHED
2013-04-03 09:14:09
User: techie
Functions: grep
Tags: grep netstat lsof tcp connections
2
Up
Down
find established tcp connections without using netstat!!

Fast and easy way to find all established tcp connections without using the netstat command.

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
netstat -tulpn
2013-03-28 11:18:32
User: FiloSottile
Functions: netstat
Tags: netstat
0
Up
Down
Show all LISTENing and open server connections, with port number and process name/pid
Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
netstat -an | grep --color -i -E 'listen|listening'
2013-03-19 08:53:47
User: opexxx
Functions: grep netstat
Tags: grep netstat
-1
Up
Down
Open Port Check

Open Port Check

Comments (1) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
watch "ss -nat | awk '"'{print $1}'"' | sort | uniq -c"
2012-12-07 19:07:33
User: ricardofunke
Functions: watch
Tags: monitoring netstat tcp ss connections
-2
Up
Down
Monitoring TCP connections number

Monitoring TCP connections number showing each state. It uses ss instead of netstat because it's much faster with high trafic.

You can fgrep specific ports by piping right before awk:

watch "ss -nat | fgrep :80 | awk '"'{print $1}'"' | sort | uniq -c"

Show sample output | Comments (2) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
netstat -tn | awk '($4 ~ /:22\s*/) && ($6 ~ /^EST/) {print substr($5, 0, index($5,":"))}'
2012-10-03 04:47:54
User: toxick
Functions: awk netstat
Tags: ssh awk netstat
1
Up
Down
list current ssh clients
Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
netstat -an | grep 80 | wc -l
2012-09-05 06:17:09
User: mrhassell
Functions: grep netstat wc
Tags: sort awk uniq netstat cut
0
Up
Down
Number of open connections per ip.

Count on a specific port (80) - FreeBSD friendly.

Show sample output | Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
netstat -tn | grep :80 | awk '{print $5}'| grep -v ':80' | cut -f1 -d: |cut -f1,2,3 -d. | sort | uniq -c| sort -n
2012-06-26 08:29:37
User: krishnan
Functions: awk cut grep netstat sort uniq
Tags: sort awk IP grep netstat connection range user
0
Up
Down
Number of connections per IP with range 24

cut -f1,2 - IP range 16

cut -f1,2,3 - IP range 24

cut -f1,2,3,4 - IP range 24

Show sample output | Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
netstat -Aan | grep .80 | grep -v 127.0.0.1 | grep EST | awk '{print $6}' | cut -d "." -f1,2,3,4 | sort | uniq
2012-02-03 13:54:11
User: janvanderwijk
Functions: awk cut grep netstat sort
Tags: sort uniq grep netstat cut aix
0
Up
Down
See who are using a specific port

See who is using a specific port. Especially when you're using AIX. In Ubuntu, for example, this can easily be seen with the netstat command.

Show sample output | Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
netstat -plntu
2011-10-01 12:16:38
User: bolthorn0
Functions: netstat
Tags: netstat lsof networking
1
Up
Down
check open ports (both ipv4 and ipv6)

Check open TCP and UDP ports

Show sample output | Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
netstat -plnt
2011-09-30 19:56:32
User: DopeGhoti
Functions: netstat
Tags: netstat lsof networking
7
Up
Down
check open ports (both ipv4 and ipv6)

While `lsof` will work, why not use the tool designed explicitly for this job?

(If not run as root, you will only see the names of PID you own)

Show sample output | Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
sudo netstat|head -n2|tail -n1 && sudo netstat -a|grep udp && echo && sudo netstat|head -n2|tail -n1 && sudo netstat -a|grep tcp
2011-09-08 18:54:36
User: brando56894
Functions: echo grep head netstat sudo tail
Tags: netstat udp tcp connections
0
Up
Down
Displays All TCP and UDP Connections
Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
netstat -nt | awk -F":" '{print $2}' | sort | uniq -c
2011-07-05 07:53:29
User: sreimann
Functions: awk netstat sort uniq
Tags: sort awk uniq netstat
0
Up
Down
netstat with group by (ip adress)

count connections, group by IP and port

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
netstat -ntu | awk ' $5 ~ /^[0-9]/ {print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
2011-07-04 20:23:21
User: letterj
Functions: awk cut netstat sort uniq
Tags: netstat
-3
Up
Down
netstat with group by (ip adress)

netstat has two lines of headers:

Active Internet connections (w/o servers)

Proto Recv-Q Send-Q Local Address Foreign Address State

Added a filter in the awk command to remove them

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
netstat -ntu | awk ' $5 ~ /^[0-9]/ {print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
2011-07-01 11:17:38
User: Koobiac
Functions: awk cut netstat sort uniq
Tags: netstat
2
Up
Down
netstat with group by (ip adress)
Comments (1) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
watch 'netstat -anptu |egrep "^Proto|:80 "'
2011-05-18 15:05:52
User: Mozai
Functions: egrep watch
Tags: monitoring netstat watch
7
Up
Down
Cheap iftop

Shows updated status in a terminal window for connections to port '80' in a human-friendly form. Use 'watch -n1' to update every second, and 'watch -d' to highlight changes between updates.

If you wish for status updates on a port other than '80', always remember to put a space afterwards so that ":80" will not match ":8080".

Show sample output | Comments (4) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
while sleep 1; do date; (netstat -a -n | grep 80) ; done
2011-05-16 07:56:56
User: hute37
Functions: grep netstat sleep
Tags: netstat logging
-4
Up
Down
Polls fos network port usage
Comments (2) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
netstat -rn | awk '/UG/{print $2}'
2010-08-09 15:56:02
User: putnamhill
Functions: awk netstat
Tags: awk netstat gateway
-1
Up
Down
Find default gateway

Tested on CentOS, Ubuntu, and MacOS.

Comments (1) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
netstat -rn | grep UG | tr -s " " | cut -d" " -f2
2010-08-09 15:25:18
User: greenmang0
Functions: cut grep netstat tr
Tags: grep netstat cut tr gateway
1
Up
Down
Find default gateway
Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate