Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Count no of netstat states
Top Forums Shell Programming and Scripting Count no of netstat states Post 302911138 by bigearsbilly on Wednesday 30th of July 2014 10:59:41 AM
Old 07-30-2014
Here is my own little concoction I use for such things.
Produces output like:
Code:
=====================================
host                    total   FIN_WAIT2 ESTABLISHED
192.168.1.115   |           1           0           1
192.168.1.32    |           1           0           1
86.8.240.6      |           7           6           1
total           |           9           6           3


Code:
#!/usr//bin/perl 

use strict;
my ($Proto, $Recv, $Send, $Local, $Foreign, $State);
my ($local, $foreign, $f_port, $l_port);
my $db = {};
my @STATES;
my $stats = {};
our $verbose = 1;


open NETSTAT,  "netstat -nt |" or die "netstat:$!\n"; 

my $headers = my $h = 2;
<NETSTAT> while ($h--);

LOOP:
while (<NETSTAT>) {

    ($Proto, $Recv, $Send, $Local, $Foreign, $State) = split;

    foreach my $grep (@ARGV) {
        next LOOP unless /$grep/;
    }

    print if $verbose ;

    ($foreign, $f_port) = split ':', $Foreign;
    ($local, $l_port) = split ':', $Local;

    $stats->{$State}++;

    $db->{$foreign}->{connections}++ ;
    $db->{$foreign}->{states}->{$State}++;
    $db->{total}->{connections}++ ;
    $db->{total}->{states}->{$State}++;
}

@STATES = (keys %$stats);
printf "=====================================\n";
printf "%-16s %12s", "host", "total";
map { printf "%12s", $_ } @STATES;
print "\n";

foreach my $h (sort keys %$db) {
    printf "%-16s|", $h;
    printf "%12d",  $db->{$h}->{connections};
    foreach my $s (@STATES) {
        my $state = $db->{$h}->{states}->{$s} +  0; 
        printf "%12d",  $state;
    }
    print "\n";

}

This User Gave Thanks to bigearsbilly For This Post:
Roozo
 

8 More Discussions You Might Find Interesting

1. IP Networking

laymens terms for netstat states

Ok, I've read the manpages on netstat and it gives a good description of the state values such as CLOSE_WAIT, ESTABLISHED, SYN_RECEIVED, etc.. Can someone give me real world situations where you would get these states. LIke for example if I got SYN_RECEIVED what possible situations would be the... (1 Reply)
Discussion started by: eloquent99
1 Replies

2. IP Networking

netstat - possible reasons for high IP count ???

One of my servers started getting heavily loaded a few weeks ago for a few hours, so I did some studying and wrote a script to use netstat to get the IP addresses connected and the count. I put a new chain in iptables and if an IP is using more than 40 connections, it gets added to that chain which... (3 Replies)
Discussion started by: PWSwebmaster
3 Replies

3. Solaris

meaning of states in sun clusters

Hi Everybody, As I am new to Sun Clusters, Please help me what is "online but not monitored" state of resources and "online - service is online" in status message. Thank you. (1 Reply)
Discussion started by: mayahari
1 Replies

4. UNIX for Advanced & Expert Users

cpufreq directory not present. How to change governor for P states in such a case

One node in my cluster is using ondemand governor which is specified in the directory /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor .. Scaling_governor allows us to choose the governor of our choice . But this sub-directory is absent in the other node of the cluster . How do I change... (0 Replies)
Discussion started by: vishwamitra
0 Replies

5. UNIX for Advanced & Expert Users

Unix process states

I am trying to write my own Unix compliant (SUSv4) OS - Just a hobby OS, nothing serious. While going through the standard, I couldn't find any explicit information on process states. What I could find was (excluding the real-time considerations)- From this it can be inferred that the... (2 Replies)
Discussion started by: tinkerbeast
2 Replies

6. UNIX and Linux Applications

Where can I find UNIX training course in the United States?

Hi guys, Can you help me please to find an appropriate course of UNIX in the United States. Also, can you provide me some information about the schools or institutes that offer it in the U.S. Thanks, (0 Replies)
Discussion started by: Malik Dera
0 Replies

7. Hardware

Hyperthreaded virtual cores, different C-States?

turbostat reports C-states of all CPU cores, and includes entries for each hyper-threaded core as well. Often enough the two logical cores on a single physical core will list different C state percentages. Does that make any sense? Is this reporting the c-states of the few duplicated parts... (8 Replies)
Discussion started by: agentrnge
8 Replies

8. Shell Programming and Scripting

Ps command showing different states for same process

I am using HP-UX,KSH $ jobs -l + 19377 Running nohup ksh cat_Duplicate_Records_Removal.ksh </dev/null >/dev/null 2>&1 & $ ps -p 19377 -fl F S UID PID PPID C PRI NI ADDR SZ WCHAN STIME TTY TIME COMD 401 S catmgr 19377 19491 ... (1 Reply)
Discussion started by: TomG
1 Replies

LEARN ABOUT OSF1

netstat

netstat(1)						      General Commands Manual							netstat(1)

NAME

       netstat - Displays network statistics.

SYNOPSIS

       /usr/sbin/netstat [-ARgrn  | [-Aan] [-f address_family] [-p protocol]] [interval]

       /usr/sbin/netstat [-adgHimMnRrstuv] [-f address_family] [-p protocol] [interval]

       /usr/sbin/netstat [-dntz] [-I interface [-c | -s]] [interval]

       The netstat command displays network-related data in various formats.

OPTIONS

       Displays the state of sockets related to the Internet protocol. Includes sockets for processes such as servers that are currently listening
       at a socket but are otherwise inactive.	Displays either the address of	any  protocol  control	blocks	associated  with  sockets  or  the
       addresses  of  routing table entries with bitmasks.  Typically, this option is used for debugging.  Displays the number of dropped packets;
       for use with the -I interface or -i options. You can also specify an interval argument (in  seconds).   Limits  reports	to  the  specified
       address family. The address families that can be specified might include the following: Specifies reports of the AF_INET family, if present
       in the kernel.  Specifies reports of the AF_INET6 family, if present in the kernel.  Specifies reports of the AF_UNIX family, if present in
       the kernel.  Lists information about all address families in the system.  Lists information about any address families in the system.  Dis-
       plays statistics since the system was last booted. By default, the command displays statistics since they were last zeroed. Use this option
       with  the  -p  and  -s  options	only.  Displays the current ARP table (behaves like arp -a).  Displays the state of configured interfaces.
       (Interfaces that are statically configured into the system, but not located at system startup, are not shown.)

	      When used with the -a option, it displays IP (IPv4 and IPv6) and link-level addresses associated with the interfaces.

	      You can use the -i option to retrieve your system's hardware address.  Displays information about the specified interface.  Displays
	      the  current  access  filter for the specified network interface.  See ifaccess.conf(4) for more information.  Displays the DNA Data
	      Link Layer counters for the specified network interface and the adapter's status and characteristics.   See  Network  Administration
	      for  a  description  of  the display fields.  Displays information about memory allocated to data structures associated with network
	      operations.  Displays Internet protocol multicast routing information. When used with the -s option, it displays IP (IPv4 and  IPv6)
	      multicast statistics.  Displays network address in numerical format with network masks in CIDR format. When this option is not spec-
	      ified, the address is displayed as hostname and port number.  This option can be used with any of  the  display  formats.   Displays
	      statistics  for  protocol,  which  you  can specify as a well known name or an alias. Supported protocol names and their aliases are
	      listed in /etc/protocols.  A null listing (0) means that there is no data to report.  If routines to report statistics for a  speci-
	      fied protocol are not implemented on this system, netstat reports that the protocol is unknown.  Displays the host's routing tables.
	      When used with the -s option, shows the host's routing statistics instead of routing tables.  Display's the host's routing tables on
	      each  Resource  Affinity	Domain	(RAD), if your system has NUMA-capable hardware.  Displays statistics for each protocol.  Displays
	      timer information; for use with the -I interface or -i options.  Displays information about domain sockets (UNIX domain).   Displays
	      more verbose output when specified with the -r option.  In this case, route metric values are displayed.	Sets the network interface
	      counters or protocol statistics counters to zero.  This option must be specified with either the -I interface option or the -s or -p
	      options.	In addition, you must be superuser to use this option.

DESCRIPTION

       The interval argument specifies in seconds the interval for updating and displaying information.  The first line of the display shows cumu-
       lative statistics; subsequent lines show statistics recorded during interval.

   Default Display
       When used without options, the netstat command displays a list of active sockets for each protocol. The default display shows the following
       items: Local and remote addresses Send and receive queue sizes (in bytes) Protocol State

       Address formats are of the form host.port or network.port if a socket's address specifies a network but no specific host address.  The host
       and network address are displayed symbolically unless -n is specified.

   Interface Display
       The network interface display format provides a table of cumulative statistics for the following: Interface name Maximum Transmission  Unit
       (MTU)  Network  Address	Packets  received  (Ipkts) Packets received in error (Ierrs) Packets transferred (Opkts) Outgoing packets in error
       (Oerrs) Collisions

	      Note that the collisions item has different meanings for different network interfaces.  Drops (optional with  -d)  Timers  (optional
	      with -t)

   Routing Table Display
       A route consists of a destination host or network and a gateway to use when forwarding packets. Direct routes are created automatically for
       each interface attached to the local host when you issue the ifconfig command. In addition, loopback routes are created	automatically  for
       each  interface	address  that  is configured with the ifconfig command. Routes can be modified automatically in response to the prevailing
       condition of the network.

       The routing-table display format indicates available routes and the status of each in the following fields: Displays the state of the route
       as  one or more of the following: This is a cloned route.  This route is a cloning route that was created by the route command.	This route
       was dynamically created by a redirect.  Fragment to path MTU size is disabled on this route.  This route is to a gateway.  This route is to
       a  host.  This route contains valid link-layer information.  This route is a loopback route that was created by the kernel.  This route was
       modified by a redirect.	Path MTU discovery is disabled on this route.  This route was created by the Path MTU discovery process.  This	is
       a  reject  route  that  was created by the route command.  This is a static route that was created by the route command.  Up, or available.
       Gives the current number of active uses for the route. Connection-oriented protocols hold on to a single route for the duration of  a  con-
       nection; connectionless protocols obtain routes in the process of sending to a destination.  Provides a count of the number of packets sent
       using the route.  Indicates the network interface used for the route.

       When the -v option is specified, the routing table display includes the route metrics.  An asterisk (*) indicates  the  metric  is  locked.
       See route(8) for additional information on routing.

DIAGNOSTICS

       Verify  that  the  kloadsrv  daemon is running. If it is not, start it.	See kloadsrv(8) for more information.  Make sure that you have not
       replaced the running kernel with a new kernel.  You might need to reboot the system to correct this problem.

EXAMPLES

       To show the state of the configured interfaces, enter: $ netstat -i To show the routing tables, enter: $ netstat -r

	      The resulting display looks like the following: Routing Tables Destination    Gateway	   Flags     Refs Use  Interface Netmasks:
	      Inet	255.255.255.0

	      Route  Tree for Protocol Family 2: default	   16.55.5.5	   UG	13  38618   ln0 localhost      16.55.5.4    UH	  2	29
	      lo0 ethernet  16.55.5.3 U    98	66760	  ln0

	      (Output may be formatted differently on your system.)  To show the routing tables with network addresses, enter: $ netstat -rn

	      The resulting display looks like the following: Routing tables Destination      Gateway		 Flags	   Refs     Use  Interface
	      Netmasks:  Inet		   0.0.0.0  Inet	      255.0.0.0  Inet		   255.255.0.0 Inet		255.255.252.0 Inet
	      255.255.255.0 Inet	     255.255.255.224

	      Route Tree for Protocol Family 2: default 	 16.140.28.1	    UG		0  6004465   tu0  16.140.128/24     16.140.128.198
	      U 	   4	181451	tu0 127.0.0.1	     127.0.0.1		UH	    0	     0	lo0 194.224/16	     127.0.0.1		UG
	      0        3  lo0 194.226/16       127.0.0.1	  UGR	      0        0  lo0 198.119.1/24	198.119.19.76	    U		 1
	      867   le0 198.119.19.64/27 198.119.19.76	    U		0	 1  le0 198.119.64.80	 198.119.19.24	    UGH 	0	 0
	      le0 130.200/16	   16.140.128.1       UG	  0	   0  tu0 To produce the default display for network  connections,  enter:
	      netstat

	      The  resulting display might include the following headings: Active Internet connections Proto Recv-Q Send-Q Local Address   Foreign
	      Address	(state) To set the ln0 interface counters to zero, enter: netstat -Iln0 -z To display IPv6 routing entries, enter: #  net-
	      stat -rnf inet6

	      Routing tables Destination      Gateway		 Flags	   Refs     Use Interface

	      Route  Tree  for	Protocol  Family  26  default		Link#8		    UCL 	 0	   0  ipt0 default	    Link#1
	      UCL	  0	   0  ln0 default	   fe80::a00:2bff:fe2d:2b2 UG	  0	   0  ln0 3ffe:1200:4110:1::/64 Link#1	       UCL
	      0 	0   ln0  3ffe:1200:4110:1:a00:2bff:fe2c:f632 Link#1 UH	 1	  0  ln0 fe80::/10	  Link#8	     UCL	 0
	      0  ipt0 fe80::/10        Link#1		  UCL	      0        0  ln0 fe80::108c:1056  Link#8		  UHLc	       1	 4
	      ipt0  fe80::108c:80e3   Link#8		  UHLc	       0	0  ipt0 fe80::a00:2bff:fe2d:2b2 Link#1	    UHLc	1	 0
	      ln0 ff02::/16	   Link#1	      UCL	  0	   0  ln0 ff02::/16	   Link#8	      UCL	  0	   0  ipt0
	      ff02::1		16.140.128.227	    UHLVc	 0	   8  ipt0 ff02::1	    33:33:0:0:0:1      UHLVc	   0	    3  ln0
	      ff02::2	       33:33:0:0:0:2	  UHLVc       0        1  ln0 ff02::2	       16.140.128.227	   UHLVc	1	  2   ipt0
	      ff02::9	       16.140.128.227	  UHLVc       0        4  ipt0 To display active IPv6 connections, enter: # netstat -af inet6

	      Active Internet connections (including servers) Proto Recv-Q Send-Q  Local Address	     Foreign Address	       (state) tcp
	      0        0    3ffe:1200:4110:1:a00:2bff:fe2c:f632.1054	host1.corp.com.telnet	ESTABLISHED   tcp	   0	    0	  *.finger
	      *.*			LISTEN tcp	  0	 0  *.telnet		      *.*			LISTEN tcp	  0	 0
	      *.ftp			*.*			  LISTEN

SEE ALSO

       Commands:  vmstat(1), route(8)

       Network Administration

																	netstat(1)
All times are GMT -4. The time now is 09:42 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy