🖥️netstat

➡️This is a command-line reference manual for commands and command combinations that you don’t use often enough to remember it. This cheatsheet explains the netstat command with important options and switches using examples.

▁ ▂ ▃ ▄ ꧁ 🔴☠ COMMANDLINE-KUNGFU WITH CHEATSHEETS ☠🔴꧂▅ ▃ ▂ ▁

#                ███╗   ██╗███████╗████████╗███████╗████████╗ █████╗ ████████╗
#                ████╗  ██║██╔════╝╚══██╔══╝██╔════╝╚══██╔══╝██╔══██╗╚══██╔══╝
#                ██╔██╗ ██║█████╗     ██║   ███████╗   ██║   ███████║   ██║   
#                ██║╚██╗██║██╔══╝     ██║   ╚════██║   ██║   ██╔══██║   ██║   
#                ██║ ╚████║███████╗   ██║   ███████║   ██║   ██║  ██║   ██║   
#                ╚═╝  ╚═══╝╚══════╝   ╚═╝   ╚══════╝   ╚═╝   ╚═╝  ╚═╝   ╚═╝   
                                                                             
                                                                             
                                                                          
# WARNING ! netstat is deprecated. Look below.

# To view which users/processes are listening to which ports:
sudo netstat -lnptu

# To view routing table (use -n flag to disable DNS lookups):
netstat -r

# Which process is listening to port <port>
netstat -pln | grep <port> | awk '{print $NF}'

Example output: 1507/python

# Fast display of ipv4 tcp listening programs
sudo netstat -vtlnp --listening -4

# WARNING ! netstat is deprecated.
# Replace it by:
ss

# For netstat-r
ip route

# For netstat -i
ip -s link

# For netstat-g
ip maddr

#==============================#
# CMD NETSTAT
#==============================##==============================#
# netstat option clusters that make words: German: -tulpen ; English: -plant ; American: -tupac ; Spanish: -puta ; French: -salope

netstat -rn | sort | less
#

netstat -lepunt
# Show the TCP and UDP ports being listened on and if you are root, also show the process associated, user, etc.

# netstat option clusters that make words: German: -tulpen ; English: -plant ; American: -tupac ; Spanish: -puta ; French: -salope

netstat -b -o 5
#	-b attribute: displays the exec	utable involved in creating each connection or listening port.
# 	-o attribute: displays the owning process id associated with each connection.
# 	   integer:  An integer used to display results multiple times with specified number of seconds between displays. It continues until stopped by command ctrl+c.

netstat -b -o 5>>ausgabe.txt
#

netstat -at
# Listing TCP Ports connections (Transmission Control Protocol) port connections 

netstat -au
# Listing UDP Ports connections (User Datagram Protocol ) port connections 

netstat -l
# Listing all active listening ports connections

netstat -lt
# Listing all active listening TCP ports

netstat -lu
# Listing all active listening UDP ports

netstat -lx
# Listing all active UNIX listening ports

netstat -s
# Displays statistics by protocol. By default, statistics are shown for the TCP, UDP, ICMP, and IP protocols. The -s parameter can be used to specify a set of protocols.

netstat -st
# Showing statistics of only TCP protocol

netstat -su
# Showing Statistics by UDP Protocol

netstat -ac 5 | grep tcp
# Displaying Promiscuous mode with -ac switch, netstat print the selected information or refresh screen every five second. Default screen refresh in every second

netstat -r
# Display Kernel IP routing table with netstat and route command

netstat -i
# Showing network interface packet transactions including both transferring and receiving packets with MTU size.

netstat -ie
# Showing Kernel interface table, similar to ifconfig command.

netstat -g
# Displays multicast group membership information for both IPv4 and IPv6.

netstat -c
# To get netstat information every few second, then use the following command, it will print netstat information continuously, say every few seconds.

netstat -ap | grep http
# Find out how many listening programs running on a port

netstat --statistics --raw
# Displaying RAW Network Statistics

# Netstat with examples
###########################

# Checking all connections -> To list out all the connections on a system, we can use ‘a’ option with netstat command, This will produce all tcp, udp & unix connections from the system.
netstat -a

# Checking all tcp or udp or unix socket connections -> To list only the tcp connections our system, use ‘t’ options with netstat,
netstat -at

# Similarly to list out only the udp connections on our system, we can use ‘u’ option with netstat,
netstat -au

# To only list out Unix socket connections, we can use ‘x’ options,
netstat -ax

 

# List process id/Process Name with -> To get list of all connections along with PID or process name, we can use ‘p’ option & it can be used in combination with any other netstat option,
netstat -ap

 

# List only port number & not the name -> To speed up our output, we can use ‘n’ option as it will perform any reverse lookup & produce output with only numbers. Since no lookup is performed, our output will much faster.
netstat -an

 

# Print only listening ports -> To print only the listening ports , we will use ‘l’ option with netstat. It will not be used with ‘a’ as it prints all ports,
netstat -l

 

# Print network stats -> To print network statistics of each protocol like packet received or transmitted, we can use ‘s’ options with netstat,
netstat -s

 

# Print interfaces stats -> To display only the statistics on network interfaces, use ‘I’ option,
netstat -i

# Display multicast group information -> With option ‘g’ , we can print the multicast group information for IPV4 & IPV6,
netstat -g

 

# Display the network routing information -> To print the network routing information, use ‘r’ option,
netstat -r

 

# Continuous output -> To get continuous output of netstat, use ‘c’ option
netstat -c

 

# Filtering a single port -> To filter a single port connections, we can combine ‘grep’ command with netstat,
netstat -anp | grep 3306

 

# Count number of connections -> To count the number of connections from port, we can further add ‘wc’ command with netstat & grep command, This will print the number of connections for the port mysql port i.e. 3306.
netstat -anp | grep 3306 | wc -l

# Kill all processes that listen to ports begin with 50 (50, 50x, 50xxx,...) -> Run netstat as root (via sudo) to get the ID of the process listening on the desired socket. Use awk to 1) match the entry that is the listening socket, 2) matching the exact port (bounded by leading colon and end of column), 3) remove the trailing slash and process name from the last column, and finally 4) use the system(…) command to call kill to terminate the process. Two direct commands, netstat & awk, and one forked call to kill. This does kill the specific port instead of any port that starts with 50. I consider this to be safer.
netstat -plnt | awk '($4 ~ /:50$/){sub(/\/.*/, "", $7); system("sudo kill " $7)}'

# Kill all processes that listen to ports begin with 50 (50, 50x, 50xxx,...)
netstat -plnt | grep :50 | awk '{print $7}' | awk -F/ '{print $1}' | xargs kill -9

# Verbindungen auf oldproxy überprüfen
netstat -ant 'awk '{print $6} | sort | uniq -c | sort

netstat -lepunt 
# Show the TCP and UDP ports being listened on and if you are root, also show the process associated, user, etc.

# Displays the quantity of connections to port 80 on a per IP basis
clear;while x=0; do clear;date;echo "";echo "  [Count] | [IP ADDR]";echo "-------------------";netstat -np|grep :80|grep -v LISTEN|awk '{print $5}'|cut -d: -f1|uniq -c; sleep 5;done
# Explanation: Uses an infinite loop to display output from netstat, reformatted with grep, awk, and cut piped into uniq to provide the count. Complete with a pretty header. Polls every 5 seconds

# Get mac address from default interface OS X
netstat -rn | awk '/default/ { print $NF }' | head -1 | xargs -I {}  ifconfig {} | awk '/ether/ {print $2}'
# Explanation: netstat -rn -> get routing table awk '/default/ { print $NF }' -> grep the default routes head -1 -> limit to the first result (is also the interface with the highest priority xargs -I {} ifconfig {} -> use the result to get data from ifconfig awk '/ether/ {print $2}' ->grep the mac address.
# Limitations: Tested on OSX.

# Below is an Unix command to list all the IP addresses connected to your server on port 80.
netstat -tn 2>/dev/null | grep :80 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head

# Explanation: This command is useful to detect if your server is under attack, and null route those IPs. Read this null route attacker IP story. Source: https://www.mkyong.com/linux/list-all-ip-addresses-connected-to-your-server/ Output:
	# 97 114.198.236.100
	# 56 67.166.157.194
	# 44 170.248.43.76
	# 38 141.0.9.20
	# 37 49.248.0.2
	# 37 153.100.131.12
	# 31 223.62.169.73
	# 30 65.248.100.253
	# 29 203.112.82.128
	# 29 182.19.66.187
# Limitations: I think netstat is not a default package on Debian Stretch. You have to install net-tools: apt-get install net-tools

netstat -tlpn
# Show which programs are listening on TCP ports Alternative: ss -tlpn Show Sample Output:
        # Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
        # tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      14139/nginx -g daem
        # tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      14139/nginx -g daem

# List IP addresses connected to your server on port 80
netstat -tn 2>/dev/null | grep :80 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head

# Which processes are listening on a specific port (e.g. port 80)
netstat -nap|grep 80|grep LISTEN

# Which processes are connected on a specific port (e.g. port 443)
netstat -nap|grep 443 |grep ESTABLISHED

#==============================##==============================#
# CMD NETSTAT						       #
#==============================##==============================#
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░