Written for linux, the real example is how to produce ascii text graphs based on a numeric value (anything where uniq -c is useful is a good candidate). Show Sample Output
-p Tell me the name of the program and it's PID -l that is listening -u on a UDP port. -n Give me numeric IP addresses (don't resolve them) -t oh, also TCP ports Show Sample Output
find all computer connected to my host through TCP connection. Show Sample Output
Here is a command line to run on your server if you think your server is under attack. It prints our a list of open connections to your server and sorts them by amount.
BSD Version:
netstat -na |awk '{print $5}' |cut -d "." -f1,2,3,4 |sort |uniq -c |sort -nr
Show Sample Output
usefull in case of abuser/DoS attacks. Show Sample Output
credit to tumblr engineering blog @ http://engineering.tumblr.com/ Show Sample Output
While `lsof` will work, why not use the tool designed explicitly for this job? (If not run as root, you will only see the names of PID you own) Show Sample Output
See connection's tcp timers Show Sample Output
Show apps that use internet connection at the moment. Can be used to discover what programms create internet traffic. Skip the part after awk to get more details, though it will not work showing only unique processes. This version will work with other languages such as Spanish and Portuguese, if the word for "ESTABLISHED" still contain the fragment "STAB"(e.g. "ESTABELECIDO") Show Sample Output
see the TIME_WAIT and ESTABLISHED nums of the network Show Sample Output
Displays a connection histogram of active tcp connections. Works even better under an alias. Thanks @Areis1 for sharing this one.
-p PID and name of the program -u on a UDP port. -t also TCP ports -o networking timer -n numeric IP addresses (don't resolve them) -a all sockets
The -W switch of netstat makes it print complete URL of the connections, which otherwise by default is truncated to fit its default column size. Now to compensate for irregular column sizes, pipe the output to column (-t switch of column prints in tabular form). The only downside to this part is that the very first row, the header, goes pear shape. Show Sample Output
I often have to google this so I put it here for quick reference.
Show TCP Listen ports sorted by number (bugs: IPV6 addresses not supported) Show Sample Output
Alternative:
ss -tlpn
Show Sample Output
Some commands (such as netcat) have a port option but how can you know which ports are unused? Show Sample Output
This corrects duplicate output from the previous command. Show Sample Output
List top 20 IP from which TCP connection is in SYN_RECV state. Useful on web servers to detect a syn flood attack. Replace SYN_ with ESTA to find established connections Show Sample Output
This will tell you who has the most Apache connections by IP (replace IPHERE with the actual IP you wish to check). Or if you wish, remove | grep -c IPHERE for the full list.
commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.
Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.
» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10
Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):
Subscribe to the feed for: