
Terminal - Commands using netstat - 119 results
netstat -antu | awk '$5 ~ /[0-9]:/{split($5, a, ":"); ips[a[1]]++} END {for (ip in ips) print ips[ip], ip | "sort -k1 -nr"}'
This is sample output - yours may be different.
netstat -antu | awk '{print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -n
This is sample output - yours may be different.
Output contains also garbage (text parts from netstat's output) but it's good enough for quick check who's overloading your server.
This is sample output - yours may be different.
netstat -an | grep --color -i -E 'listen|listening'
This is sample output - yours may be different.
This is sample output - yours may be different.
tcp 0 0 192.168.10.117:45979 192.168.1.1:80 ESTABLISHED keepalive (25.96/0/0)
tcp 0 0 192.168.10.117:37418 192.168.0.5:993 ESTABLISHED off (0.00/0/0)
See connection's tcp timers
netstat -tn | awk '($4 ~ /:22\s*/) && ($6 ~ /^EST/) {print substr($5, 0, index($5,":"))}'
This is sample output - yours may be different.
netstat -an | grep 80 | wc -l
This is sample output - yours may be different.
Count on a specific port (80) - FreeBSD friendly.
netstat -t -p --extend | grep USERNAME
This is sample output - yours may be different.
This obtains a list of open connections that a user is connected to if he/she is using a SSH tunnel
This is sample output - yours may be different.
netstat -tn | grep :80 | awk '{print $5}'| grep -v ':80' | cut -f1 -d: |cut -f1,2,3 -d. | sort | uniq -c| sort -n
This is sample output - yours may be different.
1 192.168.1.5
5 192.168.1.2
8 192.168.1.52
15 192.168.1.3
19 192.168.1.30
cut -f1,2 - IP range 16
cut -f1,2,3 - IP range 24
cut -f1,2,3,4 - IP range 24
This is sample output - yours may be different.
Proto NATed Address Destination Address State
tcp 192.168.0.10:41837 9.9.9.9:443 TIME_WAIT
tcp 192.168.0.10:41839 9.9.9.9:443 TIME_WAIT
tcp 192.168.0.10:51363 11.11.11.11:3306 ESTABLISHED
tcp 192.168.0.11:41838 12.12.12.12:443 TIME_WAIT
tcp 192.168.0.12:41840 13.13.13.13:443 TIME_WAIT
tcp 192.168.0.13:37878 14.14.14.14:22 TIME_WAIT
Show state of NAT, readed from '/proc/net/ip_conntrack' or '/proc/net/nf_conntrack'
netstat -Aan | grep .80 | grep -v 127.0.0.1 | grep EST | awk '{print $6}' | cut -d "." -f1,2,3,4 | sort | uniq
This is sample output - yours may be different.
Usually a nice list of IP addresses :-)
See who is using a specific port. Especially when you're using AIX. In Ubuntu, for example, this can easily be seen with the netstat command.
netstat -tan | awk '$1 == "tcp" && $4 ~ /:/ { port=$4; sub(/^[^:]+:/, "", port); used[int(port)] = 1; } END { for (p = 32768; p <= 61000; ++p) if (! (p in used)) { print p; exit(0); }; exit(1); }'
This is sample output - yours may be different.
This is also perl-less, and only uses AWK as its postprocessor. Tested with GAWK and MAWK.
netstat -a --numeric-ports | grep 8321
This is sample output - yours may be different.
tcp 0 0 localhost.localdomain:8321 *:* LISTEN
tcp 0 0 ::1:8321 *:* LISTEN
if you don't do --numeric-ports, netstat will try to resolve them to names
This is sample output - yours may be different.
[[email protected] ~]# netstat -plantu
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:5901 0.0.0.0:* LISTEN 13696/Xvnc
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2161/rpcbind
tcp 0 0 0.0.0.0:56144 0.0.0.0:* LISTEN 2350/rpc.statd
tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN 13696/Xvnc
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2584/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2461/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2678/master
tcp 0 0 0.0.0.0:5672 0.0.0.0:* LISTEN 2733/qpidd
tcp 0 52 172.16.21.10:22 172.16.16.133:2977 ESTABLISHED 13889/sshd
udp 0 0 0.0.0.0:50341 0.0.0.0:* 2332/avahi-daemon
udp 0 0 0.0.0.0:830 0.0.0.0:* 2350/rpc.statd
udp 0 0 0.0.0.0:33476 0.0.0.0:* 2350/rpc.statd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 2332/avahi-daemon
udp 0 0 0.0.0.0:750 0.0.0.0:* 2080/portreserve
udp 0 0 0.0.0.0:111 0.0.0.0:* 2161/rpcbind
udp 0 0 0.0.0.0:631 0.0.0.0:* 2461/cupsd
udp 0 0 0.0.0.0:634 0.0.0.0:* 2161/rpcbind
Easy to remenber. Fot TCP only use: netstat -plant
This is sample output - yours may be different.
[email protected]:~$ sudo netstat -anpe
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 127.0.0.1:7777 0.0.0.0:* LISTEN 10001 4231907 18055/ssh
tcp 0 0 0.0.0.0:9876 0.0.0.0:* LISTEN 10001 239116 13676/gmpc
tcp 0 0 192.168.20.106:44718 74.125.225.44:80 ESTABLISHED 10001 4287328 2466/chromium-brows
tcp6 0 0 :::22 :::* LISTEN 0 5382 1239/sshd
udp 0 0 0.0.0.0:49976 0.0.0.0:* 105 5647 1315/avahi-daemon:
Lists all opened sockets (not only listeners), no DNS resolution (so it's fast), the process id and the user holding the socket.
Previous samples were limiting to TCP too, this also lists UDP listeners.
netstat -atn | grep :22 | grep ESTABLISHED | awk '{print $4}' | sed 's/:22//'
This is sample output - yours may be different.
This is sample output - yours may be different.
Proto Recv-Q Send-Q Adresse locale Adresse distante Etat PID/Program name
tcp 0 0 0.0.0.0:8118 0.0.0.0:* LISTEN 1284/privoxy
tcp 0 0 0.0.0.0:4001 0.0.0.0:* LISTEN 1901/java
tcp 0 0 0.0.0.0:7175 0.0.0.0:* LISTEN 1546/postgres
udp 0 0 0.0.0.0:68 0.0.0.0:* 2028/dhclient
udp 0 0 0.0.0.0:5353 0.0.0.0:* 1394/avahi-daemon:
udp 0 0 0.0.0.0:46876 0.0.0.0:* 1394/avahi-daemon:
udp6 0 0 :::58041 :::* 1394/avahi-daemon:
udp6 0 0 :::5353 :::* 1394/avahi-daemon:
Check open TCP and UDP ports
This is sample output - yours may be different.
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 13443/apache2
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 801/sshd
tcp6 0 0 :::25565 :::* LISTEN 1249/java
tcp6 0 0 :::6667 :::* LISTEN 12101/bitlbee
tcp6 0 0 :::22 :::* LISTEN 801/sshd
While `lsof` will work, why not use the tool designed explicitly for this job?
(If not run as root, you will only see the names of PID you own)
while true ; do sleep 1 ; clear ; (netstat -tn | grep -P ':36089\s+\d') ; done
This is sample output - yours may be different.
tcp6 0 0 127.0.0.1:36089 127.0.0.1:53991 ESTABLISHED
tcp6 0 0 127.0.0.1:36089 127.0.0.1:59053 ESTABLISHED
shell loop to scan netstat output avoiding loolback aliases (local/remote swap for local connections)
netstat -rn | convert label:@- netstat.png
This is sample output - yours may be different.
netstat -tn | awk 'NR>2 {print $6}' | sort | uniq -c | sort -rn
This is sample output - yours may be different.
1618 ESTABLISHED
4 LAST_ACK
2 SYN_RECV
1 TIME_WAIT
1 CLOSE_WAIT
sudo netstat|head -n2|tail -n1 && sudo netstat -a|grep udp && echo && sudo netstat|head -n2|tail -n1 && sudo netstat -a|grep tcp
This is sample output - yours may be different.
netstat -an |grep ":80" |awk '{print $5}' | sed s/::ffff://g | cut -d: -f1 |sort |uniq -c |sort -n | tail -1000 | grep -v "0.0.0.0"
This is sample output - yours may be different.
11 113.179.81.247
11 58.187.233.193
12 113.172.21.164
12 113.23.83.98
14 115.78.193.153
15 123.26.19.210
15 71.22.46.17
16 125.234.144.101
17 113.22.133.104
17 1.54.1.201
Count and Find all IP connected to my host through TCP connection.
netstat -nut | sed '/ESTABLISHED/!d;s/.*[\t ]\+\(.*\):.*/\1/' | sort -u
This is sample output - yours may be different.