# About Provides a enhances colorized netstat like tool that is capable of doing searches. ![ncnetsetstat](ncnetstat.png) The search criteria can be any of the following. * CIDR * Command * CPU usage percent * port * host * memory usage percent * PID * PTR * state * UID * username * wait channel # Command Line Options ``` -a Show all connections. --drp Do not resolve port names. -i Invert the sort. -l Show the listening ports. -n Do not resolve the PTRs. --nc Do not use colors. --pct Show memory and CPU usage percent. -S The Net::Connection::Sort to use. -t Show only TCP connections. -u Show only UDP connections. -W Show the wchan. -c A comma seperated list of CIDRs to search for. --ci Invert the CIDR search. -C Show the command to the first space. --Cl Show the whole command. --cmd A comma seperated list of commands to search for. --cmdi Invert the command search. --cpu Show connections belonging to procs matching this CPU usage percent. --cpui Invert the CPU search. --mem Show connections belonging to procs matching this memory usage percent. --memi Invert the memory usage search. -p A comma seperated list of ports to search for. --pi Invert the port search. -P A comma seperated list of protocols to search for. --Pi Invert your protocol search. --pid A comma separated list of PIDs to search for. --pidi Invert the pid search. --ptrr A comma seperated list of regex to use for a PTR search. --ptrri Invert the RegexPTR search. --lptrr A comma seperated list of regex to use for a local PTR search. --lptrri Invert the local RegexPTR search. --rptrr A comma seperated list of regex to use for a remote PTR search. --rptrri Invert the remote RegexPTR search. --ptr A comma seperated list of PTRs to search for. --ptri Invert the PTR search. --lptr A comma seperated list of local PTRs to search for. --lptri Invert the local PTR search. --rptr A comma seperated list of remote PTRs to search for. --rptri Invert the remote PTR search. -s A comma seperated list of states to search for. --si Invert the state search. -U A comma seperated list of usernames to search for. --Ui Invert the username search. --uid A comma separated list of UIDs to search for. --uidi Invert the UID search. -w A comma separated list of regexp to use for matching wchan values. --wi Invert the wchan search. The default available sort methods are as below. host_f foreign host host_fl foreign host, local host host_l local host host_lf local host, foreign host pid process ID port_f foreign port, numerically port_fa foreign port, alphabetically port_l local port, numerically port_la local port, alphabetically proto protocol ptr_f foreign PTR ptr_l local PTR state state uid user ID user username For CPU, memory, PID, and UID searches, the equalities below can be used, by directly prepending them to the number. < <= > >= ``` # Examples ncnetstat -s established,time_wait Return a list of connection that are in the established or time_wait state. ncnetstat -c ::1/128,127.0.0.1/32 Return all connections to localhost. ncnetstat -c 192.168.15.2/32 -l Display all connections listening explicitly on 192.168.15.2. ncnetstat -S host_f -i Sort the connections by the foreign host and invert the results. ncnetstat -c 10.0.0.0/24 --ci Show connections that are either not locally or remotely part of the 10.0.0.0/24 subnet. ncnetstat --ptr foo.bar Find connections to/from IPs that have a PTR record of foo.bar. ncnetstat --ptr foo.bar --ptri Find connections to/from IPs that do not have a PTR record of foo.bar. ncnetstat -n --uid '>1000' --Cl Show every connection by a user with a UID greater than 1000, do not resolve PTR info and print the whole command. ncnetstat -U www -p 80,443 --pi Show every connecttion by the user www that is not a HTTP or HTTPS connection. ncnetstat --cpu '>5' --Cl --pct -W Search for connections from procs using more than 5% of the CPU time. Show memory and CPU usage as well whole command and wait channel. # Installing ## FreeBSD pkg install perl5 p5-App-cpanminus lsof cpanm Net::Connection::ncnetstat ## Linux ### CentOS yum install cpanm lsof cpanm Net::Connection::ncnetstat ### Debian This has been tested as working on Debian 9 minimal. apt install perl perl-base perl-modules make cpanminus lsof gcc cpanm Net::Connection::ncnetstat # TODO * Add support for more collection methods than Net::Connection::lsof * Support color selection and column ordering.