Hide

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

If you have a new feature suggestion or find a bug, please get in touch via http://commandlinefu.uservoice.com/

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

OpenID

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

Hide

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:

» all commands
» commands with 3 up-votes (commandlinefu3)
» commands with 10 up-votes (commandlinefu10)
» commands using netstat

Hide

News

2011-03-12 - Confoo 2011 presentation: Slides are available from the commandlinefu presentation at Confoo 2011: http://presentations.codeinthehole.com/confoo2011/
2011-01-04 - Moderation now required for new commands: To try and put and end to the spamming, new commands require moderation before they will appear on the site.
2010-12-27 - Apologies for not banning the trolls sooner: Have been away from the interwebs over Christmas. Will be more vigilant henceforth.
2010-09-24 - OAuth and pagination problems fixed: Apologies for the delay in getting Twitter's OAuth supported. Annoying pagination gremlin also fixed.

Hide

Functions

Hide

Credits

Site by David Winterbottom (user root).

Commands using netstat

Terminal - Commands using netstat - 97 results

netstat -taupe

2009-05-25 12:46:38

User: farwarx

Functions: netstat

Tags: netstat kookyoo reseau connexion

-8

Up
Down

Informations sur les connexions reseau

Affiche des infos detaillees sur vos connexions reseaux.

Port en ?coute, protocole, paquets, adresses, ustilisateur, PID etc...

Comments (1) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -ntlp | grep -w 80 | awk '{print $7}' | cut -d/ -f1

2009-05-20 20:29:56

User: ncaio

Functions: awk cut grep netstat

Up
Down

get a process list by listen port

Comments (4) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

p=$(netstat -nate 2>/dev/null | awk '/LISTEN/ {gsub (/.*:/, "", $4); if ($4 == "4444") {print $8}}'); for i in $(ls /proc/|grep "^[1-9]"); do [[ $(ls -l /proc/$i/fd/|grep socket|sed -e 's|.*\[$.*$\]|\1|'|grep $p) ]] && cat /proc/$i/cmdline && echo; done

2009-04-30 12:39:48

User: j0rn

Functions: awk cat grep ls netstat sed

Tags: sed awk ls grep netstat

-5

Up
Down

netstat -p recoded (totaly useless..)

Ok so it's rellay useless line and I sorry for that, furthermore that's nothing optimized at all...

At the beginning I didn't managed by using netstat -p to print out which process was handling that open port 4444, I realize at the end I was not root and security restrictions applied ;p

It's nevertheless a (good ?) way to see how ps(tree) works, as it acts exactly the same way by reading in /proc

So for a specific port, this line returns the calling command line of every thread that handle the associated socket

Comments (1) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -an | grep ESTABLISHED | awk '{print $5}' | awk -F: '{print $1}' | sort | uniq -c | awk '{ printf("%s\t%s\t",$2,$1) ; for (i = 0; i < $1; i++) {printf("*")}; print "" }'

2009-04-27 22:02:19

User: knassery

Functions: awk grep netstat sort uniq

Up
Down

Graph # of connections for each hosts.

Written for linux, the real example is how to produce ascii text graphs based on a numeric value (anything where uniq -c is useful is a good candidate).

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

2009-03-28 21:02:26

User: tiagofischer

Functions: awk cut netstat sort uniq

Tags: sort awk uniq netstat cut

Up
Down

Number of open connections per ip.

Here is a command line to run on your server if you think your server is under attack. It prints our a list of open connections to your server and sorts them by amount.

BSD Version:

netstat -na |awk '{print $5}' |cut -d "." -f1,2,3,4 |sort |uniq -c |sort -nr

netstat -atn | awk ' /tcp/ {printf("%s\n",substr($4,index($4,":")+1,length($4) )) }' | sed -e "s/://g" | sort -rnu | awk '{array [$1] = $1} END {i=32768; again=1; while (again == 1) {if (array[i] == i) {i=i+1} else {print i; again=0}}}'

2009-03-27 20:38:43

User: mpb

Functions: awk netstat sed sort

Up
Down

find an unused unprivileged TCP port

Some commands (such as netcat) have a port option but how can you know which ports are unused?

netstat -an | grep -i listen

2009-03-27 13:19:29

User: lfcipriani

Functions: grep netstat

-6

Up
Down

See a list of ports running

Comments (4) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -antuwp | egrep "(^[^t])|(^tcp.*LISTEN)"

2009-03-25 13:44:43

User: stelio

Functions: egrep netstat

Up
Down

Lists open ports

Comments (1) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -tap | grep mysql

2009-02-20 19:47:06

User: jdunn

Functions: grep netstat

Up
Down

Find out if MySQL is up and listening on Linux

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -alnp | grep ::80

2009-02-20 19:45:53

User: jdunn

Functions: grep netstat

Up
Down

Show what PID is listening on port 80 on Linux

Comments (1) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -an | grep -i listen

2009-02-19 19:27:49

User: scubacuda

Functions: grep netstat

-2

Up
Down

show open ports on computer

From 'man netstat'

"netstat -i | -I interface [-abdnt] [-f address_family] [-M core] [-N system]

Show the state of all network interfaces or a single interface

which have been auto-configured (interfaces statically configured

into a system, but not located at boot time are not shown). An

asterisk (``*'') after an interface name indicates that the

interface is ``down''. If -a is also present, multicast

addresses currently in use are shown for each Ethernet interface

and for each IP interface address. Multicast addresses are shown

on separate lines following the interface address with which they

are associated. If -b is also present, show the number of bytes

in and out. If -d is also present, show the number of dropped

packets. If -t is also present, show the contents of watchdog

timers."

Comments (3) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

lsof -p $(netstat -ltpn|awk '$4 ~ /:80$/ {print substr($7,1,index($7,"/")-1)}')| awk '$9 ~ /access.log$/ {print $9| "sort -u"}'

2009-02-19 16:11:54

User: rjamestaylor

Functions: awk netstat

Up
Down

List all active access_logs for currently running Apache or Lighttpd process

Ever logged into a *nix box and needed to know which webserver is running and where all the current access_log files are? Run this one liner to find out. Works for Apache or Lighttpd as long as CustomLog name is somewhat standard. HINT: works great as input into for loop, like this:

for i in `lsof -p $(netstat -ltpn|awk '$4 ~ /:80$/ {print substr($7,1,index($7,"/")-1)}')| awk '$9 ~ /access.log$/ {print $9| "sort -u"}'` ;  do echo $i; done

Very useful for triage on unfamiliar servers!

netstat -alpn | grep :80 | awk '{print $4}' |awk -F: '{print $(NF-1)}' |sort | uniq -c | sort -n

2009-02-19 04:59:32

User: nitins

Functions: awk grep netstat sort uniq

Tags: sort awk uniq netstat ddos

-2

Up
Down

Checking total connections to each Ip inserver

Useful to check DDoS attacks on servers.

netstat -putona

2009-02-16 19:14:35

User: starchox

Functions: netstat

Up
Down

Show all programs on UDP and TCP ports with timer information

-p PID and name of the program

-u on a UDP port.

-t also TCP ports

-o networking timer

-n numeric IP addresses (don't resolve them)

-a all sockets

Comments (4) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n | tail

2009-02-16 15:48:27

User: TuxOtaku

Functions: awk cut netstat sort uniq

Up
Down

Netstat Connection Check

This command does a tally of concurrent active connections from single IPs and prints out those IPs that have the most active concurrent connections. VERY useful in determining the source of a DoS or DDoS attack.

netstat -anl | grep :80 | awk '{print $5}' | cut -d ":" -f 1 | uniq -c | sort -n | grep -c IPHERE

2009-02-16 08:54:08

User: nullrouter

Functions: awk cut grep netstat sort uniq

Up
Down

Who has the most Apache connections.

This will tell you who has the most Apache connections by IP (replace IPHERE with the actual IP you wish to check). Or if you wish, remove | grep -c IPHERE for the full list.

Comments (1) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -pant 2> /dev/null | grep SYN_ | awk '{print $5;}' | cut -d: -f1 | sort | uniq -c | sort -n | tail -20

2009-02-16 08:49:38

User: unixmonkey982

Functions: awk cut grep netstat sort tail uniq

Up
Down

List top 20 IP from which TCP connection is in SYN_RECV state

List top 20 IP from which TCP connection is in SYN_RECV state.

Useful on web servers to detect a syn flood attack.

Replace SYN_ with ESTA to find established connections

netstat -tlnp

2009-02-15 14:20:25

User: fulat2k

Functions: netstat

174

Up
Down

Lists all listening ports together with the PID of the associated process

The PID will only be printed if you're holding a root equivalent ID.

Comments (8) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | sed s/::ffff:// | cut -d: -f1 | sort | uniq -c | sort -n

2009-02-15 09:16:16

User: dt

Functions: awk cut netstat sed sort uniq

Up
Down

count IPv4 connections per IP

usefull in case of abuser/DoS attacks.

netstat -plunt

2009-02-06 06:04:32

User: JamesGreenhalgh

Functions: netstat

Up
Down

Show which programs are listening on TCP and UDP ports

-p Tell me the name of the program and it's PID

-l that is listening

-u on a UDP port.

-n Give me numeric IP addresses (don't resolve them)

-t oh, also TCP ports

sudo netstat -punta

2009-02-05 22:30:24

User: zgomot

Functions: netstat sudo

Up
Down

List open sockets protocol/address/port/state/PID/program name

Comments (1) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -ant | awk '{print $NF}' | grep -v '[a-z]' | sort | uniq -c

2009-02-05 18:02:59

User: himynameisthor

Functions: awk grep netstat sort uniq

Up
Down

List the number and type of active network connections

Comments (4) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

‹ First < 2 3 4