Netstat continuous refresh (watch changes the output)

I am using this simple command to monitor connections (to deal with some recent DOS attacks) on my Debian server:

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

How do I run it continuously? So it will refresh itself once per minute (or any given amount of time, of course). I tried watch:

watch -n 30 "netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n"

But it changed the output from nice list with num of connections to smth like this:

1 tcp        0  10015 [LOCAL IP]
...
1 Proto Recv-Q Send-Q Local Address           Foreign Address         State
1 Active Internet connections (w/o servers)

So external IP is not being displayed… Is there’s something I missed?

EDIT: This is how the original output looks:

  2 [IP ADDRESS]
  4 [IP ADDRESS]
  4 [IP ADDRESS]
  4 [IP ADDRESS]
  7 [IP ADDRESS]
 16 [IP ADDRESS]
 71 [IP ADDRESS]

And when I say [LOCAL IP] – I mean my machine’s IP.

EDIT 2: Forgot to add – it just freezes when I run it with -c.

netstat -c

may help you if i’ve not misunderstood your problem. -c stands for –continuous.

EDIT:
there you go:

watch -n 30 "netstat -ntu | awk '{print \$5}' | cut -d: -f1 | sort | uniq -c | sort -n"

I’ve added a \ before $.

Check more discussion of this question.

Related posts:

1. Netstat: How to know if it’s Human or Bot/Spider/DDOS
2. How to speed up a server using netstat & httpd.conf?
3. netstat issue: cannot pipe output from ‘netstat -c’ to an nfs mount
4. In the output for netstat what does the [::] mean?
5. Server under DDOS attack – How to find out IPs?