From 'man netstat' "netstat -i | -I interface [-abdnt] [-f address_family] [-M core] [-N system] Show the state of all network interfaces or a single interface which have been auto-configured (interfaces statically configured into a system, but not located at boot time are not shown). An asterisk (``*'') after an interface name indicates that the interface is ``down''. If -a is also present, multicast addresses currently in use are shown for each Ethernet interface and for each IP interface address. Multicast addresses are shown on separate lines following the interface address with which they are associated. If -b is also present, show the number of bytes in and out. If -d is also present, show the number of dropped packets. If -t is also present, show the contents of watchdog timers."
Can be used to discover what programms create internet traffic. Skip the part after awk to get more details. Has anyone an idea why the uniq doesn't work propperly here (see sample output)? Show Sample Output
Tested on CentOS, Ubuntu, and MacOS.
find all computer connected to my host through TCP connection Show Sample Output
Open Port Check
Output contains also garbage (text parts from netstat's output) but it's good enough for quick check who's overloading your server.
Useful to check DDoS attacks on servers. Show Sample Output
Sometimes I need a quick visual way to determine if there is a particular server who is opening too many connections to the database machine.
Shows you all listening tcp/udp ports, and what program has them open(depending on rights)
shell loop to scan netstat output avoiding loolback aliases (local/remote swap for local connections) Show Sample Output
This obtains a list of open connections that a user is connected to if he/she is using a SSH tunnel
This counts all established sessions on port 80. You can change :80 to any port number you want to check. Show Sample Output
The -p parameter tell the netstat to display the PID and name of the program to which each socket belongs or in digestible terms list the program using the net.Hope you know what pipe symbol means! Presently we wish to only moniter tcp connections so we ask grep to scan for string tcp, now from the op of grep tcp we further scan for regular expression /[a-z]*. Wonder what that means ? If we look at the op of netstat -p we can see that the name of the application is preceded by a / ( try netstat -p ) so,now i assume application name contains only characters a to z (usually this is the case) hope now it makes some sense.Regular expression /[a-z]* means to scan a string that start with a / and contains zero or more characters from the range a-z !!. Foof .. is t Show Sample Output
netstat has two lines of headers: Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State Added a filter in the awk command to remove them
Ok so it's rellay useless line and I sorry for that, furthermore that's nothing optimized at all... At the beginning I didn't managed by using netstat -p to print out which process was handling that open port 4444, I realize at the end I was not root and security restrictions applied ;p It's nevertheless a (good ?) way to see how ps(tree) works, as it acts exactly the same way by reading in /proc So for a specific port, this line returns the calling command line of every thread that handle the associated socket
commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.
Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.
» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10
Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):
Subscribe to the feed for: