Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Filtering netstat command output
Top Forums UNIX for Beginners Questions & Answers Filtering netstat command output Post 303042065 by sravani25 on Thursday 12th of December 2019 02:38:22 PM
Old 12-12-2019
Filtering netstat command output
Hi All,


I am trying to collect the listen ports info from netstat command in centos 7

From that info i am trying to collect all the foreign address IP for those ports.


I am using below script to do the same.


Code:
netstat -an |grep -w  "LISTEN" |grep -v "127.0.0.1" |awk '{print $4}' > /tmp/q1

sed 's/::/ALL/g' /tmp/q1 > /tmp/q2

for i in $(cat /tmp/q2 |awk -F ":" '{print $2}' |sort |uniq);do


abc=$(netstat -an |grep -w  "ESTABLISHED" |grep -v "127.0.0.1" | awk -v chr="$i" '$4 ~ chr'|awk '{print $5}' |awk -F ":" '{print $1}'|sort |uniq)

echo "$abc"


done


I am getting the required output now.


OUPUT :



Code:
192.168.20.232
192.168.10.114
192.168.10.175
192.168.10.183
192.168.10.7
192.168.10.93
192.168.20.120
192.168.20.154
192.168.20.170



my questions are

1) Now i want to ignore these ports records and print remaining records.
I tried with by changing the syntax of below variable in the script



Code:
abc=$(netstat -an |grep -w  "ESTABLISHED" |grep -v "127.0.0.1" | awk -v  chr="$i" '$4 !~ chr'|awk '{print $5}' |awk -F ":" '{print $1}'|sort  |uniq)

but it's printing duplicate values
Can someone please help me on this issue
Last edited by Scrutinizer; 12-12-2019 at 04:19 PM.. Reason: code tags please
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

output of NETSTAT

# netstat -in Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll net1 1500 192.168 192.168.0.11 24508 0 12212 112931 2795 lo0 8232 127 127.0.0.1 42 0 42 0 0 atl0* 8232 none none No Statistics... (1 Reply)
Discussion started by: samprax
1 Replies

2. Shell Programming and Scripting

filtering a range of ports out of a netstat output

i'd like to grep a range of ports on a netstat -nt output, localaddress, say :1 to :1023. how do i do it via sed/awk/grep? Thanks, Marc (1 Reply)
Discussion started by: marcpascual
1 Replies

3. Solaris

netstat -an -- meaning of the output

Dear Experts, I put below command- could you please describe the outputs column- let me describe some them- col_1: (10.131.60.48.55880) The IP address of the local computer and the port number being used for this particular connection appear in the Local Address column. col_2:... (3 Replies)
Discussion started by: thepurple
3 Replies

4. HP-UX

Difference in netstat -a and -an output.

Hi, Does anyone know why I get a different output when using "netstat -a" or "netstat -an" ?? # netstat -a | grep ts15r135 tcp 0 0 nbsol152.62736 ts15r135.23211 ESTABLISHED # netstat -an | grep 172.23.160.78 tcp 0 0 135.246.39.152.51954 ... (4 Replies)
Discussion started by: ejdv
4 Replies

5. UNIX for Dummies Questions & Answers

interpreting netstat output

hi all, when I run- wcars1j5#netstat -an | grep 8090 127.0.0.1.8090 *.* 0 0 49152 0 LISTEN wcars1j5# 1. does this mean that no one is connected to this port? Regards, akash (1 Reply)
Discussion started by: akash_mahakode
1 Replies

6. IP Networking

netstat output

I can't tell what the output of the netstat command means. Is there anywhere that has this information? I tried the man pages, but they weren't helpful. (3 Replies)
Discussion started by: Ultrix
3 Replies

7. IP Networking

Connections not shown in netstat output

I have a TCPIP server application (a Vendor package) which by default allows 10 connections. It provides a parameter to allow us to increase the maximum allowable connections in case it is needed. Intermittently this application is failing with maximum number of connections reached even when there... (1 Reply)
Discussion started by: AIX_user
1 Replies

8. UNIX for Advanced & Expert Users

Amount of Network Traffic info from netstat output

Hi, I'm trying to figure out how much traffic has been generated and received from netstat -s output (using Linux). I can see the output shows packet counts and Octet values, how would I correctly calculate how much traffic in and how much out? My output below: Ip: 88847576 total... (1 Reply)
Discussion started by: wilsonee
1 Replies

9. UNIX for Dummies Questions & Answers

netstat -an output, pls. explain..

Hi, I have old SCO O/S. System keeps crashing. I made lot of changes to kernel but so for nothing helped. I wrote a script which takes netstat -an output every one minute. I saw some thing right before the system crashed. Not sure if this means anything.. uname -a SCO_SV djx2 3.2... (2 Replies)
Discussion started by: samnyc
2 Replies

10. Shell Programming and Scripting

netstat output

Hi Team, Below is the output of netstat -an | grep 1533 tcp 0 0 17.18.18.12:583 10.3.2.0:1533 ESTABLISHED tcp 0 0 17.18.18.12:370 10.3.2.0:1533 ESTABLISHED Below is the o/p of netstat -a | grep server_name tcp 0 ... (4 Replies)
Discussion started by: Girish19
4 Replies

LEARN ABOUT DEBIAN

lire::firewall::ipfilterdlfconverter

IpfilterDlfConverter(3pm)				  LogReport's Lire Documentation				 IpfilterDlfConverter(3pm)

NAME

       Lire::Firewall::IpfilterDlfConverter - convert ipf (ipmon) logs to firewall DLF

DESCRIPTION

       Lire::Firewall::IpfilterDlfConverter converts Ipfilter logs into firewall DLF format.  Input for this converter is the standard ipf syslog
       log file as produced by ipmon. IP Filter is shipped with FreeBSD, OpenBSD (up to 2.9) and some other OS's.

EXAMPLE

       A ipfilter logfile which looks like

	Oct 30 07:42:29 rolle ipmon[16747]: 07:42:28.585962	ie0 @0:9
	 b 192.168.48.1,45085 -> 192.168.48.2,22 PR tcp len 20 64 -S OUT
	Oct 30 07:40:24 rolle ipmon[16747]: 07:40:23.631307	ep1 @0:6
	 b 192.168.26.5,113 -> 192.168.26.1,3717 PR tcp len 20 40 -AR OUT
	Oct 30 07:42:29 rolle ipmon[16747]: 07:42:28.585962	ie0 @0:9
	 b 192.168.48.1,45085 -> 192.168.48.2,22 PR tcp len 20 64 -S OUT
	Oct 30 07:44:11 rolle ipmon[16747]: 07:44:10.605416 2x	   ep1 @0:15
	 b 192.168.26.1,138 -> 192.168.26.255,138 PR udp len 20 257  IN
	Oct 30 07:44:34 rolle ipmon[16747]: 07:44:33.891869	ie0 @0:10
	 b 192.168.48.1,23406 -> 192.168.48.2,22 PR tcp len 20 64 -S OUT
	Oct 30 07:49:13 rolle ipmon[16747]: 07:49:12.554420	ep1 @0:15
	 b 210.132.100.117 -> 192.168.26.5 PR icmp len 20 56 icmp 3/3 for
	 192.168.26.5,61915 - 210.132.100.117,53 PR udp len 20 23040 IN
	Oct 30 07:50:23 rolle ipmon[16747]: 07:50:22.908107	ep1 @0:15
	 b 210.132.100.117 -> 192.168.26.5 PR icmp len 20 56 icmp 3/3 for
	 192.168.26.5,4480 - 210.132.100.117,53 PR udp len 20 19712 IN
	Oct 30 07:56:11 rolle ipmon[16747]: 07:56:11.113029 2x	   ep1 @0:15
	 b 192.168.26.1,138 -> 192.168.26.255,138 PR udp len 20 257  IN

       (that's: .... 'PR' protocol 'len' length_of_ip_headers_saved packetlength direction) will get converted to something like

	994398737 denied igmp 100.187.115.1 - ep1 LIRE_NOTAVAIL 
	 224.0.0.2 - 56
	994398861 denied igmp 100.187.115.1 - ep1 LIRE_NOTAVAIL 
	 224.0.0.1 - 56
	994398862 denied igmp 100.187.115.1 - ep1 LIRE_NOTAVAIL 
	 224.0.0.2 - 56
	994406849 denied udp 192.168.26.4 137 ie0 LIRE_NOTAVAIL 
	 192.168.26.255 137 116
	994406850 denied udp 192.168.26.4 137 ie0 LIRE_NOTAVAIL 
	 192.168.26.255 137 116
	994406866 denied udp 192.168.26.4 137 ie0 LIRE_NOTAVAIL 
	 192.168.26.255 137 98

SEE ALSO

       ipl(4) for description of log structure.

       The ipmon.c source (e.g. on

	http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/ 
	 src/usr.sbin/ipmon/Attic/ipmon.c?rev=1.27& 
	 content-type=text/plain&hideattic=0

       ) for the specification of the log syntax.

       The IP Filter webpage on http://coombs.anu.edu.au/~avalon/ip-filter.html

AUTHOR

       Joost van Baal <joostvb@logreport.org>, Wessel Dankers <wsl@logreport.org>

VERSION

       $Id: IpfilterDlfConverter.pm,v 1.7 2009/03/15 08:10:55 vanbaal Exp $

COPYRIGHT

       Copyright (C) 2001-2003 Stichting LogReport Foundation LogReport@LogReport.org

       This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by
       the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

       This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with this program (see COPYING); if not, check with
       http://www.gnu.org/copyleft/gpl.html.

Lire 2.1.1							    2009-03-15						 IpfilterDlfConverter(3pm)
All times are GMT -4. The time now is 02:04 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy