Commands using netstat | commandlinefu.com

Hide

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

If you have a new feature suggestion or find a bug, please get in touch via http://commandlinefu.uservoice.com/

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

OpenID

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

Hide

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:

» all commands
» commands with 3 up-votes (commandlinefu3)
» commands with 10 up-votes (commandlinefu10)
» commands using netstat

Hide

News

2011-03-12 - Confoo 2011 presentation: Slides are available from the commandlinefu presentation at Confoo 2011: http://presentations.codeinthehole.com/confoo2011/
2011-01-04 - Moderation now required for new commands: To try and put and end to the spamming, new commands require moderation before they will appear on the site.
2010-12-27 - Apologies for not banning the trolls sooner: Have been away from the interwebs over Christmas. Will be more vigilant henceforth.
2010-09-24 - OAuth and pagination problems fixed: Apologies for the delay in getting Twitter's OAuth supported. Annoying pagination gremlin also fixed.

Hide

Functions

Hide

Credits

Site by David Winterbottom (user root).

Terminal - Commands using netstat - 108 results

netstat -Aan | grep .80 | grep -v 127.0.0.1 | grep EST | awk '{print $6}' | cut -d "." -f1,2,3,4 | sort | uniq

2012-02-03 13:54:11

User: janvanderwijk

Functions: awk cut grep netstat sort

Tags: sort uniq grep netstat cut aix

Up
Down

See who are using a specific port

See who is using a specific port. Especially when you're using AIX. In Ubuntu, for example, this can easily be seen with the netstat command.

netstat -tan | awk '$1 == "tcp" && $4 ~ /:/ { port=$4; sub(/^[^:]+:/, "", port); used[int(port)] = 1; } END { for (p = 32768; p <= 61000; ++p) if (! (p in used)) { print p; exit(0); }; exit(1); }'

2012-01-26 20:42:56

User: wirawan0

Functions: awk netstat

Up
Down

find an unused unprivileged TCP port

This is also perl-less, and only uses AWK as its postprocessor. Tested with GAWK and MAWK.

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -a --numeric-ports | grep 8321

2012-01-20 22:00:56

User: peter4512

Functions: grep netstat

Tags: net tcp

Up
Down

tell if a port is in use

if you don't do --numeric-ports, netstat will try to resolve them to names

netstat -plantu

This is sample output - yours may be different.

[root@server ~]# netstat -plantu
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 127.0.0.1:5901              0.0.0.0:*                   LISTEN      13696/Xvnc
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      2161/rpcbind
tcp        0      0 0.0.0.0:56144               0.0.0.0:*                   LISTEN      2350/rpc.statd
tcp        0      0 0.0.0.0:6001                0.0.0.0:*                   LISTEN      13696/Xvnc
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      2584/sshd
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      2461/cupsd
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      2678/master
tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      2733/qpidd
tcp        0     52 172.16.21.10:22             172.16.16.133:2977          ESTABLISHED 13889/sshd
udp        0      0 0.0.0.0:50341               0.0.0.0:*                               2332/avahi-daemon
udp        0      0 0.0.0.0:830                 0.0.0.0:*                               2350/rpc.statd
udp        0      0 0.0.0.0:33476               0.0.0.0:*                               2350/rpc.statd
udp        0      0 0.0.0.0:5353                0.0.0.0:*                               2332/avahi-daemon
udp        0      0 0.0.0.0:750                 0.0.0.0:*                               2080/portreserve
udp        0      0 0.0.0.0:111                 0.0.0.0:*                               2161/rpcbind
udp        0      0 0.0.0.0:631                 0.0.0.0:*                               2461/cupsd
udp        0      0 0.0.0.0:634                 0.0.0.0:*                               2161/rpcbind

2012-01-19 00:18:43

User: player27

Functions: netstat

Up
Down

Show all listening and established ports TCP and UDP together with the PID of the associated process

Easy to remenber. Fot TCP only use: netstat -plant

netstat -anpe

2011-12-06 18:27:09

User: anarcat

Functions: netstat

Tags: Network status diagnostic

Up
Down

Lists all listening ports together with the PID of the associated process

Lists all opened sockets (not only listeners), no DNS resolution (so it's fast), the process id and the user holding the socket.

Previous samples were limiting to TCP too, this also lists UDP listeners.

netstat -atn | grep :22 | grep ESTABLISHED | awk '{print $4}' | sed 's/:22//'

2011-11-09 10:51:55

User: agambier

Functions: awk grep netstat sed

-2

Up
Down

list current ssh clients

Comments (1) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -plntu

2011-10-01 12:16:38

User: bolthorn0

Functions: netstat

Tags: netstat lsof networking

Up
Down

check open ports (both ipv4 and ipv6)

Check open TCP and UDP ports

netstat -plnt

2011-09-30 19:56:32

User: DopeGhoti

Functions: netstat

Tags: netstat lsof networking

Up
Down

check open ports (both ipv4 and ipv6)

While `lsof` will work, why not use the tool designed explicitly for this job?

(If not run as root, you will only see the names of PID you own)

while true ; do sleep 1 ; clear ; (netstat -tn | grep -P ':36089\s+\d') ; done

2011-09-28 11:39:43

User: hute37

Functions: clear grep netstat sleep true

-3

Up
Down

Monitoring a port connections

shell loop to scan netstat output avoiding loolback aliases (local/remote swap for local connections)

netstat -rn | convert label:@- netstat.png

2011-09-21 11:52:28

User: appanax

Functions: netstat

Up
Down

Command results as an image capture

We use the "convert" command (ImageMagick package) : see man convert (http://www.ma.utexas.edu/cgi-bin/man-cgi?convert+1)

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -tn | awk 'NR>2 {print $6}' | sort | uniq -c | sort -rn

2011-09-12 23:29:39

User: evandrix

Functions: awk netstat sort uniq

Up
Down

Quick network status of machine

credit to tumblr engineering blog @ http://engineering.tumblr.com/

2011-09-08 18:54:36

User: brando56894

Functions: echo grep head netstat sudo tail

Tags: netstat udp tcp connections

Up
Down

Displays All TCP and UDP Connections

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -an |grep ":80" |awk '{print $5}' | sed s/::ffff://g | cut -d: -f1 |sort |uniq -c |sort -n | tail -1000 | grep -v "0.0.0.0"

2011-07-28 09:36:08

User: zeros

Functions: awk cut grep netstat sed sort tail uniq

Up
Down

Find all IP connected to my host through TCP connection and count it

Count and Find all IP connected to my host through TCP connection.

netstat -nut | sed '/ESTABLISHED/!d;s/.*[\t ]\+$.*$:.*/\1/' | sort -u

2011-07-27 07:25:25

User: bitbasher

Functions: netstat sed sort

Up
Down

All IP connected to my host

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -nut | awk '$NF=="ESTABLISHED" {print $5}' | cut -d: -f1 | sort -u

2011-07-27 07:24:10

User: bitbasher

Functions: awk cut netstat sort

-1

Up
Down

All IP connected to my host

find all computer connected to my host through TCP connection

netstat -lantp | grep ESTABLISHED |awk '{print $5}' | awk -F: '{print $1}' | sort -u

2011-07-21 21:23:10

User: bitbasher

Functions: awk grep netstat sort

Up
Down

All IP connected to my host

find all computer connected to my host through TCP connection.

netstat -nt | awk -F":" '{print $2}' | sort | uniq -c

2011-07-05 07:53:29

User: sreimann

Functions: awk netstat sort uniq

Tags: sort awk uniq netstat

Up
Down

netstat with group by (ip adress)

count connections, group by IP and port

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -ntu | awk ' $5 ~ /^[0-9]/ {print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

2011-07-04 20:23:21

User: letterj

Functions: awk cut netstat sort uniq

Tags: netstat

-3

Up
Down

netstat with group by (ip adress)

netstat has two lines of headers:

Active Internet connections (w/o servers)

Proto Recv-Q Send-Q Local Address Foreign Address State

Added a filter in the awk command to remove them

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -ntu | awk ' $5 ~ /^[0-9]/ {print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

2011-07-01 11:17:38

User: Koobiac

Functions: awk cut netstat sort uniq

Tags: netstat

Up
Down

netstat with group by (ip adress)

Comments (1) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -nt | awk '{print $6}' | sort | uniq -c | sort -n -k 1 -r

2011-06-21 16:27:19

User: dennisfaust

Functions: awk netstat sort uniq

Up
Down

Summarize the number of open TCP connections by state

Useful for checking the number and state of TCP connections.

netstat -n -f inet|awk '/\.389/{print $2}'|cut -f1-4 -d.|sort -u

2011-06-20 14:24:05

User: guptavi

Functions: awk cut netstat sort

Up
Down

To find the LDAP clients connected to LDAP service running on Solaris

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

watch -n 2 netstat -antu

2011-06-02 23:27:33

User: wilbercarmona

Functions: netstat watch

Up
Down

Watch netstat output every 2 seconds

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

2011-05-25 20:53:34

User: unixmonkey21979

Functions: awk cut netstat sort uniq

Up
Down

get the IP connected to the server (usefull to detect IP that should be blocked)

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

netstat -lnptu

2011-05-19 21:16:35

User: mariusbutuc

Functions: netstat

Up
Down

Active Internet connections (only servers)

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

while sleep 1; do date; (netstat -a -n | grep 80) ; done

2011-05-16 07:56:56

User: hute37

Functions: grep netstat sleep

Tags: netstat logging

-4

Up
Down

Polls fos network port usage

Comments (2) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

< 1 2 3 4 > Last ›