Some useful netstat commands

By Gavin Phillips @ Cowshed Works Ltd

Blog Picture

Show top IP connections to port 80, ordered by connections

Great little one-liner for listing IPs with the number of established connections, bots hammering the server are easy to spot with this. You should probably be on port 443 nowadays, but I'll leave you to work out how to change that.

netstat -ntu | grep :80 | grep EST | awk '{print $5}'| sed 's/::ffff://' | cut -d: -f1 | sort | uniq -c | sort -rn | head

Show listening ports

Not much to see here, easy way to check if a port is open, grep for MySQL in this case

netstat -ntlp | grep 3306

You can also use a simple -l to list all listening ports:

netstat -l

For TCP ports only use -lt:

netstat -lt

Protocol Statistics

Use -s to show some detailed stats on each protocol:

netstat -s

For just TCP use -st

netstat -st

Show programs that are responsible for connections

Use -pt to show you the program that's listening on your machine, you'll see it in the PID / programs column for ESTABLISHED connections. Just use -p for all connections, -pt used here shows programs for TCP connections.

netstat -pt

Find the port that a program is listening on

Use -ap to show you the all connections and associated programs, then just grep the program you're looking for. Use the --numeric-ports flag to see port numbers rather than names.

netstat -ap --numeric-ports | grep apache2

Author: Gavin Phillips
Published: Apr 6, 2017 (1 year ago)

Work with Cowshed:Works

Ready to start your next website or app project? Give us a call or send us an email.

© Cowshed Works Ltd: UK Staffordshire-based website design, build and management

VAT: 251 4480 22 - Registered in England: 10399485

Terms: Website | Service