while true; do netstat -p |grep "tcp"|grep --color=always "/[a-z]*";sleep 1;done

Monitor Applications application that are connected/new connections

The -p parameter tell the netstat to display the PID and name of the program to which each socket belongs or in digestible terms list the program using the net.Hope you know what pipe symbol means! Presently we wish to only moniter tcp connections so we ask grep to scan for string tcp, now from the op of grep tcp we further scan for regular expression /[a-z]*. Wonder what that means ? If we look at the op of netstat -p we can see that the name of the application is preceded by a / ( try netstat -p ) so,now i assume application name contains only characters a to z (usually this is the case) hope now it makes some sense.Regular expression /[a-z]* means to scan a string that start with a / and contains zero or more characters from the range a-z !!. Foof .. is t
Sample Output
tcp        0      0 x.x.x.x:49013      tx-in-f191.google.:http ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:53838      hk-in-f83.google.:https ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:37727      72.14.203.106:http      ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:35615      hk-in-f19.google.:https ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:52213      tx-in-f103.google.:http ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:38914      tx-in-f133.google.:http ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:45856      tx-in-f99.google.c:http ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:37726      72.14.203.106:http      ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:45863      tx-in-f99.google.c:http ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:45862      tx-in-f99.google.c:http ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:44211      ag-in-f12:jabber-client ESTABLISHED 4351/pidgin     
tcp        0      0 x.x.x.x:45861      tx-in-f99.google.c:http ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:37725      72.14.203.106:http      ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:44212      ag-in-f12:jabber-client ESTABLISHED 4351/pidgin     
tcp        0      0 x.x.x.x:52210      tx-in-f103.google.:http ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:37718      tx-in-f101.google.:http ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:52212      tx-in-f103.google.:http ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:52211      tx-in-f103.google.:http ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:52209      tx-in-f103.google.:http ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:36595      72.14.203.138:http      ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:52377      hk-in-f104.google.:http ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:41747      calvino.freenode.n:ircd ESTABLISHED 4406/irssi      
tcp        0      0 x.x.x.x:49014      tx-in-f191.google.:http ESTABLISHED 3156/firefox-bin
tcp        0      0 x.x.x.x:45857      tx-in-f99.google.c:http ESTABLISHED 3156/firefox-bin

-4
By: buffer
2009-07-16 04:52:49

These Might Interest You

What Others Think

use netstat -tp and you can drop the |grep "tcp". oh and this is not a command to use on a box running bittorrent. the hostname lookups for a few hundred hosts would cause the netstat part to take far too long to be useful.
TheMightyBuzzard · 461 weeks and 6 days ago
remove the loop and use (in addition to themightybuzzard's suggestion): watch -n 1 "command"
linuxrawkstar · 461 weeks and 6 days ago
use $ while sleep 1; do ..; done and $ netstat -pt
ioggstream · 461 weeks and 6 days ago
watch -n1 'netstat -anpt' is a way shorter, doesn't try to resolve hostnames
unixmonkey4704 · 461 weeks and 4 days ago

What do you think?

Any thoughts on this command? Does it work on your machine? Can you do the same thing with only 14 characters?

You must be signed in to comment.

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands



Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: