Skip to content

Instantly share code, notes, and snippets.

@finas

finas/netstat-grep-port-connection-total.md

Created May 7, 2019 10:27
Show Gist options
  • Save finas/d55472f332fa0227160331aab5055bbc to your computer and use it in GitHub Desktop.
Save finas/d55472f332fa0227160331aab5055bbc to your computer and use it in GitHub Desktop.
Download ZIP
netstat-grep-port-connection-total #linux
Raw
netstat-grep-port-connection-total.md

TCPDump

Port: 53
tcpdump -i eth0 -l -n -v -Q in dst port 53
tcpdump -i ens3 -l -n -v -Q in dst port 53

Port: 443
tcpdump -i ens3 -nn -s0 -v -Q in dst port 443
tcpdump -i eth0 -nn -s0 -v -Q in dst port 443

Port: 853
tcpdump -i ens3 -nn -s0 -v -Q in dst port 853
tcpdump -i eth0 -nn -s0 -v -Q in dst port 853

Port: 8443
tcpdump -i ens3 -nn -s0 -v port 8443
tcpdump -i eth0 -nn -s0 -v port 8443
// ss cmd
watch -n 1 "ss -t4 state established" 
ss -s && free -g

// ping over tcp via hping3
apt install hping3
hping3 -S -p 443 1.1.1.1


//netcat nc port scan

nc -z -v jp1.ookangzheng.com 1-1000
nc -u -z -v jp1.ookangzheng.com 1-1000 (UDP)
netstat -a|grep 853
netstat -a|grep 443 | grep ESTABLISHED

//
// Port 8443
netstat -an udp | grep :8443 | sort 
//

// USE THIS 
tcpdump -i wg0 -nn -s0 -v -Q in dst port 53
tcpdump -i ens3 -nn -s0 -v -X -s1500 -Q in dst port 53
tcpdump -i ens3 -nn -s0 -v -Q in dst port 443

tcpick -i ens3 -C "port 853" 
tcpdump -vv -x -X -s1500 -i ens3 'port 53' 

tcpdump -l -n -i ens3 dst port 8443 and inbound (inbound port 8443)
or
tcpdump -l -n -i ens3 dst port 8443 -Q in ('in',out' and `inout')

//tcp dump
tcpdump -i ens3 -n udp port 8443 (UDP port 8443)
tcpdump -i ens3 -n udp port 8443 -X (With header)
tcpdump -i ens3 -nn -s0 -v port 8443
tcpdump -i eth0 -nn -s0 -v port 8443

// List port 53 udp, tcp, dnscrypt connection
netstat -n 2>/dev/null | grep :53
netstat -n 2>/dev/null | grep :8443

// Grep port 443 with establised tag

$ netstat -anp | grep :443 | grep ESTABLISHED | wc -l

// Grep port 443
$ netstat -anp |grep 443 |wc -l

// with TCP
// netstat -t
//awk no 5 feild
$ netstat -tn 2>/dev/null | grep :53 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head
$ netstat -tn 2>/dev/null | grep :8443 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head
$ netstat -tn 2>/dev/null | grep :853 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head
$ netstat -tn 2>/dev/null | grep :443 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head

// with UDP, TCP

netstat -n 2>/dev/null | grep :443 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head

Sources

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment