The command could show you all conecctions if you skip "grep ESTABLISHED" Show Sample Output
worked on ubuntu 9.04 and cygwin with MS netstat Show Sample Output
If you want prepend/append text just wrap in echo:
echo Connected: `netstat -an|grep -ci "tcp.*established"`
Show Sample Output
Sample command to obtain a list of geographic localization for established connections, extracted from netstat. Need geoiplookup command ( part of geoip package under CentOS) Show Sample Output
no need grep. its redundant when awk is present.
Alternative of OJM snippet : This one show the IP too, where ports bind. It's very important, because if there's only 127.0.0.1 instead of 0.0.0.0, connections from internet are rejected.
perl-less way
Summarize established connections after netstat output. Using tee and /dev/stderr you can send one command output to terminal before executing wc so you can summarize at the bottom of the output. Show Sample Output
Run netstat as root (via sudo) to get the ID of the process listening on the desired socket. Use awk to 1) match the entry that is the listening socket, 2) matching the exact port (bounded by leading colon and end of column), 3) remove the trailing slash and process name from the last column, and finally 4) use the system(…) command to call kill to terminate the process. Two direct commands, netstat & awk, and one forked call to kill. This does kill the specific port instead of any port that starts with 50. I consider this to be safer.
This command does a tally of concurrent active connections from single IPs and prints out those IPs that have the most active concurrent connections. VERY useful in determining the source of a DoS or DDoS attack. Show Sample Output
Ever logged into a *nix box and needed to know which webserver is running and where all the current access_log files are? Run this one liner to find out. Works for Apache or Lighttpd as long as CustomLog name is somewhat standard. HINT: works great as input into for loop, like this:
for i in `lsof -p $(netstat -ltpn|awk '$4 ~ /:80$/ {print substr($7,1,index($7,"/")-1)}')| awk '$9 ~ /access.log$/ {print $9| "sort -u"}'` ; do echo $i; done
Very useful for triage on unfamiliar servers!
Show Sample Output
IP addresses and number of connections connected to port 80. Show Sample Output
This takes all of the tab spaces, and uses column to put them into the appropriately sized table. Show Sample Output
This is to fetch the Gateway Ip Address of a machine. Use the below format to put the value in a variable if you wish to find the gateway ip in a script
GATEWAY=$(netstat -nr | awk 'BEGIN {while ($3!="0.0.0.0") getline; print $2}')
Counts TCP states from Netstat and displays in an ordered list. Show Sample Output
This command is primarily going to work on linux boxes. and needs to be changed, for example IP=10\.194\.194\.2 PORT=389
Gets the application's name that's listening from the port 8080 through IPv6 Show Sample Output
Not really better - just different ;) There's probably a really simple solution out there somewhere... Show Sample Output
Useful for checking the number and state of TCP connections. Show Sample Output
commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.
Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.
» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10
Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):
Subscribe to the feed for: