/ 
Net-Connection-ncnetstat-0.8.0
River stage zero No dependents
/ ncnetstat

NAME

ncnetstat - a netstat like utility that supports color and searching

SYNOPSIS

ncnetstat [-a] [--drp] [-l] [-n] [--nc] [-S <sort>] [-t] [-u] [-c <CIDRs>] [--ci -p <ports>] [--pi] [-P <protocols>] [--Pi] [--ptr <PTRs>] [--ptri] [--lptr <PTRs>] [--lptri] [--rptr <PTRs>] [--rptri] [-s <states>] [--si] ...

FLAGS

-a

Show all connections.

-c <CIDRs>

A comma seperated list of CIDRs to search for.

--ci

Invert the CIDR search.

-C

Show the command to the first space.

--Cl

Show the whole command.

--cmd <cmds>

A comma seperated list of commands to search for.

--cmdi

Invert the command search.

--cpu <pct>

Show connections belonging to procs matching this CPU usage percent.

=head2--cpui

Invert the CPU search.

--drp

Don't resolve port names.

-i

Invert the sort.

-l

Show the listening ports.

--mem <pct>

Show connections belonging to procs matching this memory usage percent.

--memi

Invert the memory usage search.

-n

Don't resolve the PTRs.

--nc

Don't use colors.

-p <ports>

A comma seperated list of ports to search for.

--pct

Show memory and CPU usage of the process that has the connection.

--pi

Invert the port search.

-P <protocols>

A comma seperated list of protocols to search for.

--Pi

Invert your protocol search.

--pid <pids>

A comma separated list of PIDs to search for.

--pidi

Invert the pid search.

--ptr <PTRs>

A comma seperated list of PTRs to search for.

--ptri

Invert the PTR search.

--ptrr <rgx>

A comma seperated list of regex to use for a PTR search.

--ptrri

Invert the RegexPTR search.

--lptr <PTRs>

A comma seperated list of local PTRs to search for.

--lptri

Invert the local PTR search.

--lptrr <rgx>

A comma seperated list of regex to use for a local PTR search.

--lptrri

Invert the local RegexPTR search.

--rptr <PTRs>

A comma seperated list of remote PTRs to search for.

--rptri

Invert the remote PTR search.

--rptr <PTRs>

A comma seperated list of remote PTRs to search for.

--rptri

Invert the remote PTR search.

-s <states>

A comma seperated list of states to search for.

--si

Invert the state search.

-S <sort>

The Net::Connection::Sort to use.

The default available sort methods are as below.

host_f   foreign host
host_fl  foreign host, local host *default*
host_l   local host
host_lf  local host, foreign host
pid      process ID
port_f   foreign port, numerically
port_fa  foreign port, alphabetically
port_l   local port, numerically
port_la  local port, alphabetically
proto    protocol
ptr_f    foreign PTR
ptr_l    local PTR
state    state
uid      user ID
user     username

-t

Show only TCP connections.

-u

Show only UDP connections.

-U <users>

A comma seperated list of usernames to search for.

--Ui

Invert the username search.

--uid <uids>

A comma separated list of UIDs to search for.

--uidi

Invert the UID search.

-W

Show the wait channel.

-w <rgx>

A comma separated list of regexp to use for matching wchan values.

--wi

Invert the wchan search

PID/UID/CPU/Mem EQUALITIES

For some searches, the equalities below can be used, by directly prepending them to the number.

<
<=
>
>=

So if you wanted to find every connection from a UID greater than 1000, would do '--uid \>1000'.

ENVIRONMENT VARIABLES

NCNETSTAT_invert

This is either 0 or 1. If defined it will be used for XORing the -i flag.

export CNETSTAT_invert=1
# run ncnetstat inverted
ncnetstat
# run it non-inverted, the opposite of what the -i flag normally is
ncnetstat -i

NCNETSTAT_sort

Sets the default sort method. -S overrides this.

NO_COLOR

If this is set, The output will not be colorized. If this is set, the --nc flag is also inverted.

RES_NAMESERVERS

A space-separated list of nameservers to query used by Net::DNS::Resolver.

There are a few more possible ones, but this is the most useful one and that documentation really belongs to that module.

ncnetstat_C

Used to xor the -C switch.

Set to either 0 or 1, boolean, for setting the default.

ncnetstat_Cl

Used to xor the --Cl switch.

Set to either 0 or 1, boolean, for setting the default.

ncnetstat_W

Used to xor the -W switch.

Set to either 0 or 1, boolean, for setting the default.

ncnetstat_pct

Used to xor the --pct switch.

Set to either 0 or 1, boolean, for setting the default.

EXAMPLES

ncnetstat -s established,time_wait

Return a list of connection that are in the established or time_wait state.

ncnetstat -c ::/0

Return a list of all IPv6 addresses.

ncnetstat -c ::1/128,127.0.0.1/32

Return all connections to localhost.

ncnetstat -c 192.168.15.2/32 -l

Display all connections listening explicitly on 192.168.15.2.

ncnetstat -S host_f -i

Sort the connections by the foreign host and invert the results.

ncnetstat -c 10.0.0.0/24 --ci

Show connections that are either not locally or remotely part of the 10.0.0.0/24 subnet.

ncnetstat --ptr foo.bar

Find connections to/from IPs that have a PTR record of foo.bar.

ncnetstat --ptr foo.bar --ptri

Find connections to/from IPs that do not have a PTR record of foo.bar.

ncnetstat -n --uid '>1000' --Cl

Show every connection by a user with a UID greater than 1000, do not resolve PTR info and print the whole command.

ncnetstat -U www -p 80,443 --pi

Show every connecttion by the user www that is not a HTTP or HTTPS connection.

ncnetstat --cpu '>5' --Cl --pct -W

Search for connections from procs using more than 5% of the CPU time. Show memory and CPU usage as well whole command and wait channel.