What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

UpGuard checks and validates configurations for every major OS, network device, and cloud provider.

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:



May 19, 2015 - A Look At The New Commandlinefu
I've put together a short writeup on what kind of newness you can expect from the next iteration of clfu. Check it out here.
March 2, 2015 - New Management
I'm Jon, I'll be maintaining and improving clfu. Thanks to David for building such a great resource!

Top Tags



Commands tagged netstat from sorted by
Terminal - Commands tagged netstat - 47 results
netstat -tlpn | sort -t: -k2 -n
2014-07-22 14:08:01
User: hute37
Functions: netstat sort
Tags: netstat

Show TCP Listen ports sorted by number

(bugs: IPV6 addresses not supported)

netstat -pnut -W | column -t -s $'\t'
2014-05-03 00:48:53
User: Nadiar
Functions: column netstat

This takes all of the tab spaces, and uses column to put them into the appropriately sized table.

netstat -tunlapo
2014-01-23 20:44:31
User: treebeard
Functions: netstat
Tags: netstat

-t TCP

-u UDP

-n NO DNS resolution or PORT/SERVICE resolution

-l state

-a ?

-p PORT show

-o flag (keepalive, off, etc)

netstat -tup -W | column -t
2014-01-08 22:39:01
User: b_t
Functions: column netstat

The -W switch of netstat makes it print complete URL of the connections, which otherwise by default

is truncated to fit its default column size.

Now to compensate for irregular column sizes, pipe the output to column (-t switch of column prints in tabular form). The only downside to this part is that the very first row, the header, goes pear shape.

watch -d 'echo -e "Remaining: `(nodetool netstats | grep " 0%" | wc -l)` \nCurrent: `(nodetool netstats | grep "%" | grep -v " 0%")`"'
2014-01-01 16:59:01
User: mrwulf
Functions: watch

When bootstrapping or repairing a node this is a simple way to keep tabs on what a node is actively doing.

netstat -ntu | awk ' $5 ~ /^(::ffff:|[0-9|])/ { gsub("::ffff:","",$5); print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr
2013-09-10 19:28:06
User: mrwulf
Functions: awk cut netstat sort uniq

Same as the rest, but handle IPv6 short IPs. Also, sort in the order that you're probably looking for.

sudo netstat -plntu --inet | sort -t: -k2,2n | sort --stable -t. -k 1,1n -k 2,2n -k 3,3n -k 4,4n | sort -s -t" " -k1,1
2013-08-13 09:21:26
User: thechile
Functions: netstat sort sudo

bit of a contrived example and playing to my OCD but nice for quick scripted output of listening ports which is sorted by port, ip address and protocol.

sudo netstat -tulpn | grep :8080
while true; do netstat -a|grep WAIT|wc -l; sleep 5; done
2013-06-19 09:19:41
User: adimania
Functions: grep netstat sleep wc
Tags: netstat tcp

This has saved me many times while debugging timeout issues to "too many open files" issues. A high number of the order of thousand, indicates that somewhere connection is not being closed properly.

netstat -tuapen | grep LISTEN
netstat -antu | awk '$5 ~ /[0-9]:/{split($5, a, ":"); ips[a[1]]++} END {for (ip in ips) print ips[ip], ip | "sort -k1 -nr"}'
netstat -antu | awk '{print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -n
2013-04-08 19:46:41
User: wejn
Functions: awk netstat sort uniq

Output contains also garbage (text parts from netstat's output) but it's good enough for quick check who's overloading your server.

lsof -i -n | grep ESTABLISHED
2013-04-03 09:14:09
User: techie
Functions: grep

Fast and easy way to find all established tcp connections without using the netstat command.

netstat -an | grep --color -i -E 'listen|listening'
watch "ss -nat | awk '"'{print $1}'"' | sort | uniq -c"
2012-12-07 19:07:33
User: ricardofunke
Functions: watch

Monitoring TCP connections number showing each state. It uses ss instead of netstat because it's much faster with high trafic.

You can fgrep specific ports by piping right before awk:

watch "ss -nat | fgrep :80 | awk '"'{print $1}'"' | sort | uniq -c"

netstat -tn | awk '($4 ~ /:22\s*/) && ($6 ~ /^EST/) {print substr($5, 0, index($5,":"))}'
netstat -an | grep 80 | wc -l
netstat -tn | grep :80 | awk '{print $5}'| grep -v ':80' | cut -f1 -d: |cut -f1,2,3 -d. | sort | uniq -c| sort -n
2012-06-26 08:29:37
User: krishnan
Functions: awk cut grep netstat sort uniq

cut -f1,2 - IP range 16

cut -f1,2,3 - IP range 24

cut -f1,2,3,4 - IP range 24

netstat -Aan | grep .80 | grep -v | grep EST | awk '{print $6}' | cut -d "." -f1,2,3,4 | sort | uniq
2012-02-03 13:54:11
Functions: awk cut grep netstat sort

See who is using a specific port. Especially when you're using AIX. In Ubuntu, for example, this can easily be seen with the netstat command.

netstat -plntu
netstat -plnt
2011-09-30 19:56:32
User: DopeGhoti
Functions: netstat

While `lsof` will work, why not use the tool designed explicitly for this job?

(If not run as root, you will only see the names of PID you own)

sudo netstat|head -n2|tail -n1 && sudo netstat -a|grep udp && echo && sudo netstat|head -n2|tail -n1 && sudo netstat -a|grep tcp
netstat -nt | awk -F":" '{print $2}' | sort | uniq -c
netstat -ntu | awk ' $5 ~ /^[0-9]/ {print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
2011-07-04 20:23:21
User: letterj
Functions: awk cut netstat sort uniq
Tags: netstat

netstat has two lines of headers:

Active Internet connections (w/o servers)

Proto Recv-Q Send-Q Local Address Foreign Address State

Added a filter in the awk command to remove them