Hide

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

If you have a new feature suggestion or find a bug, please get in touch via http://commandlinefu.uservoice.com/

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

OpenID

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

Hide

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:

» all commands
» commands with 3 up-votes (commandlinefu3)
» commands with 10 up-votes (commandlinefu10)
» commands using netstat

Hide

News

2011-03-12 - Confoo 2011 presentation: Slides are available from the commandlinefu presentation at Confoo 2011: http://presentations.codeinthehole.com/confoo2011/
2011-01-04 - Moderation now required for new commands: To try and put and end to the spamming, new commands require moderation before they will appear on the site.
2010-12-27 - Apologies for not banning the trolls sooner: Have been away from the interwebs over Christmas. Will be more vigilant henceforth.
2010-09-24 - OAuth and pagination problems fixed: Apologies for the delay in getting Twitter's OAuth supported. Annoying pagination gremlin also fixed.

Hide

Functions

Hide

Credits

Site by David Winterbottom (user root).

Commands using netstat

Terminal - Commands using netstat - 96 results

netstat -tunlp

2010-06-07 13:26:05

User: ender_x

Functions: netstat

Tags: netstat

-2

Up
Down

Lists all listening ports together with the PID of the associated process

Shows you all listening tcp/udp ports, and what program has them open(depending on rights)

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -an | awk '/tcp/ {print $6}' | sort | uniq -c

2010-05-06 17:04:37

User: Kered557

Functions: awk netstat sort uniq

Tags: sort awk uniq netstat

Up
Down

Count TCP States From Netstat

Counts TCP states from Netstat and displays in an ordered list.

netstat -n | awk '/^tcp/ {++B[$NF]} END {for(a in B) print a, B[a]}'

2010-04-24 12:11:52

User: healthly

Functions: awk netstat

Up
Down

see the TIME_WAIT and ESTABLISHED nums of the network

netstat -luntp

2010-04-14 19:54:17

User: lunarblu

Functions: netstat

-8

Up
Down

netstat -luntp

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -nr | awk 'BEGIN {while ($3!="0.0.0.0") getline; print $2}'

2010-03-07 01:47:55

User: freethinker

Functions: awk netstat

Up
Down

Fetch the Gateway Ip Address

This is to fetch the Gateway Ip Address of a machine. Use the below format to put the value in a variable if you wish to find the gateway ip in a script

GATEWAY=$(netstat -nr | awk 'BEGIN {while ($3!="0.0.0.0") getline; print $2}')

Comments (2) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -in

2010-02-04 15:24:58

User: mobidyc

Functions: netstat

Tags: ifconfig netstat hp-ux

Up
Down

Equivalent to ifconfig -a in HPUX

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -nptl

2009-12-11 10:23:43

User: sputnick

Functions: netstat

Up
Down

List all TCP opened ports on localhost in LISTEN mode

Alternative of OJM snippet :

This one show the IP too, where ports bind. It's very important, because if there's only 127.0.0.1 instead of 0.0.0.0, connections from internet are rejected.

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat | awk '/EST/{print $5}' | sort

2009-11-24 14:32:12

User: unixmonkey7109

Functions: awk netstat

Up
Down

Sorted list of established destination connections

no need grep. its redundant when awk is present.

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat | grep EST | awk '{print $5}' | sort

2009-11-24 13:38:28

User: unixoid

Functions: awk grep netstat

-2

Up
Down

Sorted list of established destination connections

Sometimes I need a quick visual way to determine if there is a particular server who is opening too many connections to the database machine.

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

for i in $(netstat --inet -n|grep ESTA|awk '{print $5}'|cut -d: -f1);do geoiplookup $i;done

2009-10-18 20:41:47

User: servermanaged

Functions: awk cut grep netstat

Up
Down

Localize provenance of current established connections

Sample command to obtain a list of geographic localization for established connections, extracted from netstat. Need geoiplookup command ( part of geoip package under CentOS)

netstat -an|grep -ci "tcp.*established"

2009-10-09 01:08:18

User: romulusnr

Functions: grep netstat

Up
Down

calulate established tcp connection of local machine

If you want prepend/append text just wrap in echo:

echo Connected: `netstat -an|grep -ci "tcp.*established"`

netstat -ltun

2009-10-05 08:39:03

User: Decoy

Functions: netstat

Tags: Linux netstat networking

Up
Down

List open TCP/UDP ports

Works only on Linux.

Last option (n) turn name of service resolving (/etc/services) off.

netstat -anp --tcp --udp | grep LISTEN

2009-10-05 08:27:10

User: Crewe

Functions: grep netstat

Up
Down

List open TCP/UDP ports

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -an | grep -Ec '^tcp.+ESTABLISHED$'

2009-09-22 10:19:26

User: twfcc

Functions: grep netstat

Up
Down

calulate established tcp connection of local machine

Comments (1) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -an | awk '$1 ~ /[Tt][Cc][Pp]/ && $NF ~ /ESTABLISHED/{i++}END{print "Connected:\t", i}'

2009-09-20 08:19:27

User: twfcc

Functions: awk netstat

Up
Down

calulate established tcp connection of local machine

worked on ubuntu 9.04 and cygwin with MS netstat

netstat -lantp | grep -i stab | awk -F/ '{print $2}' | sort | uniq

2009-09-19 14:54:31

User: ProMole

Functions: awk grep netstat sort

Tags: bash grep netstat internet

Up
Down

Show apps that use internet connection at the moment. (Multi-Language)

Show apps that use internet connection at the moment.

Can be used to discover what programms create internet traffic. Skip the part after awk to get more details, though it will not work showing only unique processes.

This version will work with other languages such as Spanish and Portuguese, if the word for "ESTABLISHED" still contain the fragment "STAB"(e.g. "ESTABELECIDO")

netstat -lantp | grep -i establ | awk -F/ '{print $2}' | sort | uniq

2009-09-19 14:42:31

User: HarimaKenji

Functions: awk grep netstat sort

Tags: bash grep netstat internet

Up
Down

Show apps that use internet connection at the moment.

This corrects duplicate output from the previous command.

netstat -lantp | grep -i establ | awk -F/ '{print $2}' | uniq | sort

2009-09-19 13:54:36

User: ktoso

Functions: awk grep netstat uniq

Tags: bash grep netstat internet

-1

Up
Down

Show apps that use internet connection at the moment.

Can be used to discover what programms create internet traffic. Skip the part after awk to get more details.

Has anyone an idea why the uniq doesn't work propperly here (see sample output)?

netstat -ant | grep :80 | grep ESTABLISHED | awk '{print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -n

2009-07-31 18:28:16

User: garchacesaug

Functions: awk grep netstat sort uniq

Up
Down

Show in a web server, running in the port 80, how many ESTABLISHED connections by ip it has.

The command could show you all conecctions if you skip "grep ESTABLISHED"

while true; do netstat -p |grep "tcp"|grep --color=always "/[a-z]*";sleep 1;done

This is sample output - yours may be different.

tcp        0      0 x.x.x.x:49013      tx-in-f191.google.:http ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:53838      hk-in-f83.google.:https ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:37727      72.14.203.106:http      ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:35615      hk-in-f19.google.:https ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:52213      tx-in-f103.google.:http ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:38914      tx-in-f133.google.:http ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:45856      tx-in-f99.google.c:http ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:37726      72.14.203.106:http      ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:45863      tx-in-f99.google.c:http ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:45862      tx-in-f99.google.c:http ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:44211      ag-in-f12:jabber-client ESTABLISHED 4351/pidgin     
tcp        0      0 x.x.x.x:45861      tx-in-f99.google.c:http ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:37725      72.14.203.106:http      ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:44212      ag-in-f12:jabber-client ESTABLISHED 4351/pidgin     
tcp        0      0 x.x.x.x:52210      tx-in-f103.google.:http ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:37718      tx-in-f101.google.:http ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:52212      tx-in-f103.google.:http ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:52211      tx-in-f103.google.:http ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:52209      tx-in-f103.google.:http ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:36595      72.14.203.138:http      ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:52377      hk-in-f104.google.:http ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:41747      calvino.freenode.n:ircd ESTABLISHED 4406/irssi      
tcp        0      0 x.x.x.x:49014      tx-in-f191.google.:http ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:45857      tx-in-f99.google.c:http ESTABLISHED 3156/firefox-bin

2009-07-16 04:52:49

User: buffer

Functions: grep netstat

-4

Up
Down

Monitor Applications application that are connected/new connections

The -p parameter tell the netstat to display the PID and name of the program to which each socket belongs or in digestible terms list the program using the net.Hope you know what pipe symbol means!

Presently we wish to only moniter tcp connections so we ask grep to scan for string tcp, now from the op of grep tcp we further scan for regular expression /[a-z]*.

Wonder what that means ?

If we look at the op of netstat -p we can see that the name of the application is preceded by a / ( try netstat -p ) so,now i assume application name contains only characters a to z (usually this is the case) hope now it makes some sense.Regular expression /[a-z]* means to scan a string that start with a / and contains zero or more characters from the range a-z !!. Foof .. is t

netstat -ntauple

2009-07-02 20:18:26

User: luqmanux

Functions: netstat

Up
Down

List programs with open ports and connections

Comments (2) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -lnp

2009-06-26 08:33:03

User: unixmonkey4415

Functions: netstat

Tags: netstat

Up
Down

Most simple way to get a list of open ports

Comments (2) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

kill_daemon() { echo "Daemon?"; read dm; kill -15 $(netstat -atulpe | grep $dm | cut -d '/' -f1 | awk '{print $9}') }; alias kd='kill_daemon

2009-05-26 20:39:56

User: P17

Functions: alias awk cut echo grep kill netstat read

Tags: alias kill netstat

-5

Up
Down

Kill a daemon by name, not by PID

Just find out the daemon with $ netstat -atulpe. Then type in his name and he gets the SIGTERM.

Comments (3) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -4tnape

2009-05-26 11:50:52

User: gnuyoga

Functions: netstat

-1

Up
Down

display only tcp

Comments (1) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -taupe

2009-05-25 12:46:38

User: farwarx

Functions: netstat

Tags: netstat kookyoo reseau connexion

-8

Up
Down

Informations sur les connexions reseau

Affiche des infos detaillees sur vos connexions reseaux.

Port en ?coute, protocole, paquets, adresses, ustilisateur, PID etc...

Comments (1) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

< 1 2 3 4 >