Commands tagged netstat | commandlinefu.com

Hide

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

If you have a new feature suggestion or find a bug, please get in touch via http://commandlinefu.uservoice.com/

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

OpenID

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

Hide

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:

» all commands
» commands with 3 up-votes (commandlinefu3)
» commands with 10 up-votes (commandlinefu10)
» commands tagged netstat

Hide

News

2011-03-12 - Confoo 2011 presentation: Slides are available from the commandlinefu presentation at Confoo 2011: http://presentations.codeinthehole.com/confoo2011/
2011-01-04 - Moderation now required for new commands: To try and put and end to the spamming, new commands require moderation before they will appear on the site.
2010-12-27 - Apologies for not banning the trolls sooner: Have been away from the interwebs over Christmas. Will be more vigilant henceforth.
2010-09-24 - OAuth and pagination problems fixed: Apologies for the delay in getting Twitter's OAuth supported. Annoying pagination gremlin also fixed.

Hide

Functions

Hide

Credits

Site by David Winterbottom (user root).

Terminal - Commands tagged netstat - 45 results

netstat -tunlapo

2014-01-23 20:44:31

User: treebeard

Functions: netstat

Tags: netstat

Up
Down

TCP and UDP listening sockets

-t TCP

-u UDP

-n NO DNS resolution or PORT/SERVICE resolution

-l state

-a ?

-p PORT show

-o flag (keepalive, off, etc)

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -tup -W | column -t

2014-01-08 22:39:01

User: b_t

Functions: column netstat

Tags: column netstat wide

Up
Down

Show complete URL in netstat output

The -W switch of netstat makes it print complete URL of the connections, which otherwise by default

is truncated to fit its default column size.

Now to compensate for irregular column sizes, pipe the output to column (-t switch of column prints in tabular form). The only downside to this part is that the very first row, the header, goes pear shape.

watch -d 'echo -e "Remaining: `(nodetool netstats | grep " 0%" | wc -l)` \nCurrent: `(nodetool netstats | grep "%" | grep -v " 0%")`"'

2014-01-01 16:59:01

User: mrwulf

Functions: watch

Tags: stream netstat watch cassandra nodetool nodetool netstat repair bootstrap

Up
Down

See what a cassandra node is streaming

When bootstrapping or repairing a node this is a simple way to keep tabs on what a node is actively doing.

netstat -ntu | awk ' $5 ~ /^(::ffff:|[0-9|])/ { gsub("::ffff:","",$5); print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr

2013-09-10 19:28:06

User: mrwulf

Functions: awk cut netstat sort uniq

Tags: sort awk uniq IP netstat cut

Up
Down

netstat with group by (ip adress)

Same as the rest, but handle IPv6 short IPs. Also, sort in the order that you're probably looking for.

sudo netstat -plntu --inet | sort -t: -k2,2n | sort --stable -t. -k 1,1n -k 2,2n -k 3,3n -k 4,4n | sort -s -t" " -k1,1

This is sample output - yours may be different.

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      26691/sshd
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      4437/httpd
tcp        0      0 0.0.0.0:443                 0.0.0.0:*                   LISTEN      4437/httpd
tcp        0      0 0.0.0.0:1270                0.0.0.0:*                   LISTEN      3901/scxcimserver
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      4323/mysqld
tcp        0      0 0.0.0.0:5666                0.0.0.0:*                   LISTEN      4351/nrpe
tcp        0      0 0.0.0.0:13722               0.0.0.0:*                   LISTEN      3953/xinetd
tcp        0      0 0.0.0.0:13782               0.0.0.0:*                   LISTEN      3953/xinetd
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      4408/master
tcp        0      0 127.0.0.1:199               0.0.0.0:*                   LISTEN      3920/snmpd
tcp        0      0 127.0.0.1:6010              0.0.0.0:*                   LISTEN      20142/sshd
tcp        0      0 127.0.0.1:6011              0.0.0.0:*                   LISTEN      915/sshd
tcp        0      0 127.0.0.1:6012              0.0.0.0:*                   LISTEN      18068/sshd
tcp        0      0 127.0.0.1:6013              0.0.0.0:*                   LISTEN      6182/sshd
tcp        0      0 127.0.0.1:6014              0.0.0.0:*                   LISTEN      6182/sshd
tcp        0      0 127.0.0.1:6015              0.0.0.0:*                   LISTEN      23596/sshd
tcp        0      0 127.0.0.1:6016              0.0.0.0:*                   LISTEN      24031/sshd
tcp        0      0 127.0.0.1:6017              0.0.0.0:*                   LISTEN      26005/sshd
tcp        0      0 127.0.0.1:6018              0.0.0.0:*                   LISTEN      26480/sshd
tcp        0      0 127.0.0.1:6019              0.0.0.0:*                   LISTEN      20051/sshd
tcp        0      0 127.0.0.1:6021              0.0.0.0:*                   LISTEN      20452/sshd
tcp        0      0 127.0.0.1:6026              0.0.0.0:*                   LISTEN      7309/sshd
tcp        0      0 127.0.0.1:6027              0.0.0.0:*                   LISTEN      7465/sshd
tcp        0      0 127.0.0.1:6028              0.0.0.0:*                   LISTEN      7628/sshd
tcp        0      0 127.0.0.1:6029              0.0.0.0:*                   LISTEN      7880/sshd
tcp        0      0 127.0.0.1:6030              0.0.0.0:*                   LISTEN      8412/sshd
tcp        0      0 127.0.0.1:6031              0.0.0.0:*                   LISTEN      8658/sshd
tcp        0      0 127.0.0.1:6032              0.0.0.0:*                   LISTEN      8839/sshd
tcp        0      0 127.0.0.1:6033              0.0.0.0:*                   LISTEN      9082/sshd
tcp        0      0 127.0.0.1:6034              0.0.0.0:*                   LISTEN      9260/sshd
tcp        0      0 127.0.0.1:6035              0.0.0.0:*                   LISTEN      9642/sshd
tcp        0      0 127.0.0.1:6037              0.0.0.0:*                   LISTEN      6182/sshd
udp        0      0 0.0.0.0:69                  0.0.0.0:*                               3953/xinetd
udp        0      0 0.0.0.0:123                 0.0.0.0:*                               3399/ntpd
udp        0      0 0.0.0.0:161                 0.0.0.0:*                               3920/snmpd
udp        0      0 127.0.0.1:123               0.0.0.0:*                               3399/ntpd
udp        0      0 10.129.6.22:123             0.0.0.0:*                               3399/ntpd
udp        0      0 10.129.6.66:123             0.0.0.0:*                               3399/ntpd

2013-08-13 09:21:26

User: thechile

Functions: netstat sort sudo

Tags: sort netstat stable

Up
Down

make pretty the netstat output for listening services

bit of a contrived example and playing to my OCD but nice for quick scripted output of listening ports which is sorted by port, ip address and protocol.

sudo netstat -tulpn | grep :8080

2013-07-30 13:10:50

User: BU5T4

Functions: grep netstat sudo

Tags: netstat

-1

Up
Down

check to see what is running on a specific port number

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

while true; do netstat -a|grep WAIT|wc -l; sleep 5; done

2013-06-19 09:19:41

User: adimania

Functions: grep netstat sleep wc

Tags: netstat tcp

Up
Down

One liner to check out CLOSE_WAIT and TIME_WAIT connection every five seconds while debugging network apps

This has saved me many times while debugging timeout issues to "too many open files" issues. A high number of the order of thousand, indicates that somewhere connection is not being closed properly.

netstat -tuapen | grep LISTEN

2013-05-18 20:40:38

User: mered

Functions: grep netstat

Tags: Linux netstat

Up
Down

Check for listening services

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -antu | awk '$5 ~ /[0-9]:/{split($5, a, ":"); ips[a[1]]++} END {for (ip in ips) print ips[ip], ip | "sort -k1 -nr"}'

2013-04-09 03:24:43

User: 4Aiur

Functions: awk netstat

Tags: netstat connections

Up
Down

Show number of connections per remote IP

Comments (1) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -antu | awk '{print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -n

2013-04-08 19:46:41

User: wejn

Functions: awk netstat sort uniq

Tags: netstat connections

-1

Up
Down

Show number of connections per remote IP

Output contains also garbage (text parts from netstat's output) but it's good enough for quick check who's overloading your server.

Comments (4) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

lsof -i -n | grep ESTABLISHED

2013-04-03 09:14:09

User: techie

Functions: grep

Tags: grep netstat lsof tcp connections

Up
Down

find established tcp connections without using netstat!!

Fast and easy way to find all established tcp connections without using the netstat command.

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -tulpn

2013-03-28 11:18:32

User: FiloSottile

Functions: netstat

Tags: netstat

Up
Down

Show all LISTENing and open server connections, with port number and process name/pid

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -an | grep --color -i -E 'listen|listening'

2013-03-19 08:53:47

User: opexxx

Functions: grep netstat

Tags: grep netstat

-1

Up
Down

Open Port Check

Comments (1) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

watch "ss -nat | awk '"'{print $1}'"' | sort | uniq -c"

2012-12-07 19:07:33

User: ricardofunke

Functions: watch

Tags: monitoring netstat tcp ss connections

-2

Up
Down

Monitoring TCP connections number

Monitoring TCP connections number showing each state. It uses ss instead of netstat because it's much faster with high trafic.

You can fgrep specific ports by piping right before awk:

watch "ss -nat | fgrep :80 | awk '"'{print $1}'"' | sort | uniq -c"

netstat -tn | awk '($4 ~ /:22\s*/) && ($6 ~ /^EST/) {print substr($5, 0, index($5,":"))}'

2012-10-03 04:47:54

User: toxick

Functions: awk netstat

Tags: ssh awk netstat

Up
Down

list current ssh clients

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -an | grep 80 | wc -l

2012-09-05 06:17:09

User: mrhassell

Functions: grep netstat wc

Tags: sort awk uniq netstat cut

Up
Down

Number of open connections per ip.

Count on a specific port (80) - FreeBSD friendly.

netstat -tn | grep :80 | awk '{print $5}'| grep -v ':80' | cut -f1 -d: |cut -f1,2,3 -d. | sort | uniq -c| sort -n

2012-06-26 08:29:37

User: krishnan

Functions: awk cut grep netstat sort uniq

Tags: sort awk IP grep netstat connection range user

Up
Down

Number of connections per IP with range 24

cut -f1,2 - IP range 16

cut -f1,2,3 - IP range 24

cut -f1,2,3,4 - IP range 24

netstat -Aan | grep .80 | grep -v 127.0.0.1 | grep EST | awk '{print $6}' | cut -d "." -f1,2,3,4 | sort | uniq

2012-02-03 13:54:11

User: janvanderwijk

Functions: awk cut grep netstat sort

Tags: sort uniq grep netstat cut aix

Up
Down

See who are using a specific port

See who is using a specific port. Especially when you're using AIX. In Ubuntu, for example, this can easily be seen with the netstat command.

netstat -plntu

2011-10-01 12:16:38

User: bolthorn0

Functions: netstat

Tags: netstat lsof networking

Up
Down

check open ports (both ipv4 and ipv6)

Check open TCP and UDP ports

netstat -plnt

2011-09-30 19:56:32

User: DopeGhoti

Functions: netstat

Tags: netstat lsof networking

Up
Down

check open ports (both ipv4 and ipv6)

While `lsof` will work, why not use the tool designed explicitly for this job?

(If not run as root, you will only see the names of PID you own)

2011-09-08 18:54:36

User: brando56894

Functions: echo grep head netstat sudo tail

Tags: netstat udp tcp connections

Up
Down

Displays All TCP and UDP Connections

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -nt | awk -F":" '{print $2}' | sort | uniq -c

2011-07-05 07:53:29

User: sreimann

Functions: awk netstat sort uniq

Tags: sort awk uniq netstat

Up
Down

netstat with group by (ip adress)

count connections, group by IP and port

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -ntu | awk ' $5 ~ /^[0-9]/ {print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

2011-07-04 20:23:21

User: letterj

Functions: awk cut netstat sort uniq

Tags: netstat

-3

Up
Down

netstat with group by (ip adress)

netstat has two lines of headers:

Active Internet connections (w/o servers)

Proto Recv-Q Send-Q Local Address Foreign Address State

Added a filter in the awk command to remove them

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -ntu | awk ' $5 ~ /^[0-9]/ {print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

2011-07-01 11:17:38

User: Koobiac

Functions: awk cut netstat sort uniq

Tags: netstat

Up
Down

netstat with group by (ip adress)

Comments (1) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

watch 'netstat -anptu |egrep "^Proto|:80 "'

2011-05-18 15:05:52

User: Mozai

Functions: egrep watch

Tags: monitoring netstat watch

Up
Down

Cheap iftop

Shows updated status in a terminal window for connections to port '80' in a human-friendly form. Use 'watch -n1' to update every second, and 'watch -d' to highlight changes between updates.

If you wish for status updates on a port other than '80', always remember to put a space afterwards so that ":80" will not match ":8080".

1 2 >