
Terminal - Commands tagged netstat - 47 results
netstat -tlpn | sort -t: -k2 -n
This is sample output - yours may be different.
tcp 0 0 10.150.2.178:1098 0.0.0.0:* LISTEN 453/java
tcp 0 0 10.150.2.178:1099 0.0.0.0:* LISTEN 453/java
tcp 0 0 10.150.2.178:1100 0.0.0.0:* LISTEN 453/java
tcp 0 0 10.150.2.178:1101 0.0.0.0:* LISTEN 453/java
tcp 0 0 10.150.2.178:3873 0.0.0.0:* LISTEN 453/java
tcp 0 0 10.150.2.178:4444 0.0.0.0:* LISTEN 453/java
tcp 0 0 10.150.2.178:4445 0.0.0.0:* LISTEN 453/java
tcp 0 0 10.150.2.178:4446 0.0.0.0:* LISTEN 453/java
tcp 0 0 10.150.2.178:4447 0.0.0.0:* LISTEN 453/java
tcp 0 0 10.150.2.178:4448 0.0.0.0:* LISTEN 453/java
tcp 0 0 10.150.2.178:4457 0.0.0.0:* LISTEN 453/java
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN 1410/postmaster
tcp 0 0 127.0.0.1:5433 0.0.0.0:* LISTEN 1023/postmaster
tcp 0 0 0.0.0.0:5801 0.0.0.0:* LISTEN 6118/Xvnc
Show TCP Listen ports sorted by number
(bugs: IPV6 addresses not supported)
netstat -pnut -W | column -t -s $'\t'
This is sample output - yours may be different.
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.178.139:59711 xxx.xxx.xxx.xx:7000 ESTABLISHED 7211/xchat
tcp 0 0 192.168.178.139:46307 xxx.xxx.xxx.xxx:2204 ESTABLISHED 37550/ssh
tcp 0 0 192.168.178.139:39466 xxx.xxx.xxx.xxx:22 ESTABLISHED 36789/ssh
tcp 0 0 192.168.178.139:54130 xxx.xx.xxx.x:22 ESTABLISHED 7405/ssh
tcp 0 0 192.168.178.139:52571 xxx.xx.x.xx:22 ESTABLISHED 32981/ssh
tcp 0 0 192.168.178.139:37883 xxx.xxx.xxx.xxx:22 ESTABLISHED 9419/ssh
This takes all of the tab spaces, and uses column to put them into the appropriately sized table.
This is sample output - yours may be different.
-t TCP
-u UDP
-n NO DNS resolution or PORT/SERVICE resolution
-l state
-a ?
-p PORT show
-o flag (keepalive, off, etc)
netstat -tup -W | column -t
This is sample output - yours may be different.
$ netstat -tup
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 me:41486 XXX.XXX.XXX.XXX-sta:http ESTABLISHED 1669/chrome
$ netstat -tup -W | column -t
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 me:41486 XXX.XXX.XXX.XXX-static.reverse.softlayer.com:http ESTABLISHED 1669/chrome
The -W switch of netstat makes it print complete URL of the connections, which otherwise by default
is truncated to fit its default column size.
Now to compensate for irregular column sizes, pipe the output to column (-t switch of column prints in tabular form). The only downside to this part is that the very first row, the header, goes pear shape.
watch -d 'echo -e "Remaining: `(nodetool netstats | grep " 0%" | wc -l)` \nCurrent: `(nodetool netstats | grep "%" | grep -v " 0%")`"'
This is sample output - yours may be different.
Remaining: 12
Current: keyspace/columnfamily/keyspace-columnfamily-ic-10-Data.db 18%
When bootstrapping or repairing a node this is a simple way to keep tabs on what a node is actively doing.
netstat -ntu | awk ' $5 ~ /^(::ffff:|[0-9|])/ { gsub("::ffff:","",$5); print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr
This is sample output - yours may be different.
239 192.168.26.242
129 172.16.12.3
12 192.168.26.241
12 172.16.12.2
2 127.0.0.1
1 172.16.12.66
1 172.16.115.246
Same as the rest, but handle IPv6 short IPs. Also, sort in the order that you're probably looking for.
sudo netstat -plntu --inet | sort -t: -k2,2n | sort --stable -t. -k 1,1n -k 2,2n -k 3,3n -k 4,4n | sort -s -t" " -k1,1
This is sample output - yours may be different.
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 26691/sshd
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4437/httpd
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 4437/httpd
tcp 0 0 0.0.0.0:1270 0.0.0.0:* LISTEN 3901/scxcimserver
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 4323/mysqld
tcp 0 0 0.0.0.0:5666 0.0.0.0:* LISTEN 4351/nrpe
tcp 0 0 0.0.0.0:13722 0.0.0.0:* LISTEN 3953/xinetd
tcp 0 0 0.0.0.0:13782 0.0.0.0:* LISTEN 3953/xinetd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 4408/master
tcp 0 0 127.0.0.1:199 0.0.0.0:* LISTEN 3920/snmpd
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 20142/sshd
tcp 0 0 127.0.0.1:6011 0.0.0.0:* LISTEN 915/sshd
tcp 0 0 127.0.0.1:6012 0.0.0.0:* LISTEN 18068/sshd
tcp 0 0 127.0.0.1:6013 0.0.0.0:* LISTEN 6182/sshd
tcp 0 0 127.0.0.1:6014 0.0.0.0:* LISTEN 6182/sshd
tcp 0 0 127.0.0.1:6015 0.0.0.0:* LISTEN 23596/sshd
tcp 0 0 127.0.0.1:6016 0.0.0.0:* LISTEN 24031/sshd
tcp 0 0 127.0.0.1:6017 0.0.0.0:* LISTEN 26005/sshd
tcp 0 0 127.0.0.1:6018 0.0.0.0:* LISTEN 26480/sshd
tcp 0 0 127.0.0.1:6019 0.0.0.0:* LISTEN 20051/sshd
tcp 0 0 127.0.0.1:6021 0.0.0.0:* LISTEN 20452/sshd
tcp 0 0 127.0.0.1:6026 0.0.0.0:* LISTEN 7309/sshd
tcp 0 0 127.0.0.1:6027 0.0.0.0:* LISTEN 7465/sshd
tcp 0 0 127.0.0.1:6028 0.0.0.0:* LISTEN 7628/sshd
tcp 0 0 127.0.0.1:6029 0.0.0.0:* LISTEN 7880/sshd
tcp 0 0 127.0.0.1:6030 0.0.0.0:* LISTEN 8412/sshd
tcp 0 0 127.0.0.1:6031 0.0.0.0:* LISTEN 8658/sshd
tcp 0 0 127.0.0.1:6032 0.0.0.0:* LISTEN 8839/sshd
tcp 0 0 127.0.0.1:6033 0.0.0.0:* LISTEN 9082/sshd
tcp 0 0 127.0.0.1:6034 0.0.0.0:* LISTEN 9260/sshd
tcp 0 0 127.0.0.1:6035 0.0.0.0:* LISTEN 9642/sshd
tcp 0 0 127.0.0.1:6037 0.0.0.0:* LISTEN 6182/sshd
udp 0 0 0.0.0.0:69 0.0.0.0:* 3953/xinetd
udp 0 0 0.0.0.0:123 0.0.0.0:* 3399/ntpd
udp 0 0 0.0.0.0:161 0.0.0.0:* 3920/snmpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 3399/ntpd
udp 0 0 10.129.6.22:123 0.0.0.0:* 3399/ntpd
udp 0 0 10.129.6.66:123 0.0.0.0:* 3399/ntpd
bit of a contrived example and playing to my OCD but nice for quick scripted output of listening ports which is sorted by port, ip address and protocol.
sudo netstat -tulpn | grep :8080
This is sample output - yours may be different.
while true; do netstat -a|grep WAIT|wc -l; sleep 5; done
This is sample output - yours may be different.
This has saved me many times while debugging timeout issues to "too many open files" issues. A high number of the order of thousand, indicates that somewhere connection is not being closed properly.
netstat -tuapen | grep LISTEN
This is sample output - yours may be different.
netstat -antu | awk '$5 ~ /[0-9]:/{split($5, a, ":"); ips[a[1]]++} END {for (ip in ips) print ips[ip], ip | "sort -k1 -nr"}'
This is sample output - yours may be different.
netstat -antu | awk '{print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -n
This is sample output - yours may be different.
Output contains also garbage (text parts from netstat's output) but it's good enough for quick check who's overloading your server.
lsof -i -n | grep ESTABLISHED
This is sample output - yours may be different.
Fast and easy way to find all established tcp connections without using the netstat command.
This is sample output - yours may be different.
netstat -an | grep --color -i -E 'listen|listening'
This is sample output - yours may be different.
watch "ss -nat | awk '"'{print $1}'"' | sort | uniq -c"
This is sample output - yours may be different.
3 CLOSE-WAIT
1 CLOSING
1013 ESTAB
6 FIN-WAIT-1
29 FIN-WAIT-2
20 LISTEN
1 State
323 TIME-WAIT
Monitoring TCP connections number showing each state. It uses ss instead of netstat because it's much faster with high trafic.
You can fgrep specific ports by piping right before awk:
watch "ss -nat | fgrep :80 | awk '"'{print $1}'"' | sort | uniq -c"
netstat -tn | awk '($4 ~ /:22\s*/) && ($6 ~ /^EST/) {print substr($5, 0, index($5,":"))}'
This is sample output - yours may be different.
netstat -an | grep 80 | wc -l
This is sample output - yours may be different.
Count on a specific port (80) - FreeBSD friendly.
netstat -tn | grep :80 | awk '{print $5}'| grep -v ':80' | cut -f1 -d: |cut -f1,2,3 -d. | sort | uniq -c| sort -n
This is sample output - yours may be different.
1 192.168.1.5
5 192.168.1.2
8 192.168.1.52
15 192.168.1.3
19 192.168.1.30
cut -f1,2 - IP range 16
cut -f1,2,3 - IP range 24
cut -f1,2,3,4 - IP range 24
netstat -Aan | grep .80 | grep -v 127.0.0.1 | grep EST | awk '{print $6}' | cut -d "." -f1,2,3,4 | sort | uniq
This is sample output - yours may be different.
Usually a nice list of IP addresses :-)
See who is using a specific port. Especially when you're using AIX. In Ubuntu, for example, this can easily be seen with the netstat command.
This is sample output - yours may be different.
Proto Recv-Q Send-Q Adresse locale Adresse distante Etat PID/Program name
tcp 0 0 0.0.0.0:8118 0.0.0.0:* LISTEN 1284/privoxy
tcp 0 0 0.0.0.0:4001 0.0.0.0:* LISTEN 1901/java
tcp 0 0 0.0.0.0:7175 0.0.0.0:* LISTEN 1546/postgres
udp 0 0 0.0.0.0:68 0.0.0.0:* 2028/dhclient
udp 0 0 0.0.0.0:5353 0.0.0.0:* 1394/avahi-daemon:
udp 0 0 0.0.0.0:46876 0.0.0.0:* 1394/avahi-daemon:
udp6 0 0 :::58041 :::* 1394/avahi-daemon:
udp6 0 0 :::5353 :::* 1394/avahi-daemon:
Check open TCP and UDP ports
This is sample output - yours may be different.
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 13443/apache2
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 801/sshd
tcp6 0 0 :::25565 :::* LISTEN 1249/java
tcp6 0 0 :::6667 :::* LISTEN 12101/bitlbee
tcp6 0 0 :::22 :::* LISTEN 801/sshd
While `lsof` will work, why not use the tool designed explicitly for this job?
(If not run as root, you will only see the names of PID you own)
sudo netstat|head -n2|tail -n1 && sudo netstat -a|grep udp && echo && sudo netstat|head -n2|tail -n1 && sudo netstat -a|grep tcp
This is sample output - yours may be different.
netstat -nt | awk -F":" '{print $2}' | sort | uniq -c
This is sample output - yours may be different.
count connections, group by IP and port
netstat -ntu | awk ' $5 ~ /^[0-9]/ {print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
This is sample output - yours may be different.
netstat has two lines of headers:
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
Added a filter in the awk command to remove them