Needful Things‎ > ‎

Watch and learn

While I was exploring some things to monitor people while tending some Labs I stumbled into the command watch and was only recently reminded of its wonderful usefulness.
Here today I had to utilize it and thought maybe other people would be more interested into knowing this command as well.

So for this example everyone is expected to know what netstat is and if you don't it is OK, well learn you one real quick 

Netstat -  Short for "Network Statistics" which produces information based on connections to and from other networkable systems Windows and Linux but we don't use WindBlows ;)

Now that you have some basic understanding of what it is we are only using this here to demo the GNU "watch" command and could care less about the previous mentioned command and its syntax
So lets dive in head first:

Watch replays a command at a default interval of 2 seconds however you can adjust this as a command line switch. If not by now, you should have realized that netstat can have a "repeat" function with the command line switch -c { time interval }. 
With this mentioned we will say what makes the watch command more viable then using the repeat function in netstat. Watch has the ability to "highlight" whats changed since the last iteration of the command. 

For example what if someone is connection to some websites with firefox ? When you are trying to find new connections its kind of tough to see this information in a standard display especially if it is continually refreshing. 
Lets see the example already ? OK!



     watch -n 5 -d netstat -antelop



Now lets explain this command a bit - 

The -n switch sets the { time interval } for the repeat of the command, the -d switch sets highlighting changes since last refresh .. Very nice right!

If this was a system with more people using it and more connections being established and concurrent sessions you would see the updates would have to be a bit quicker however this is just an example. 
If your trying to monitor a specific user you can identify them and add a bit of grep with some regex and produce a more specific watch command.

Hope this helps, enjoy.
Comments