Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Filtering netstat command output
Top Forums UNIX for Beginners Questions & Answers Filtering netstat command output Post 303042065 by sravani25 on Thursday 12th of December 2019 02:38:22 PM
Old 12-12-2019
Filtering netstat command output
Hi All,


I am trying to collect the listen ports info from netstat command in centos 7

From that info i am trying to collect all the foreign address IP for those ports.


I am using below script to do the same.


Code:
netstat -an |grep -w  "LISTEN" |grep -v "127.0.0.1" |awk '{print $4}' > /tmp/q1

sed 's/::/ALL/g' /tmp/q1 > /tmp/q2

for i in $(cat /tmp/q2 |awk -F ":" '{print $2}' |sort |uniq);do


abc=$(netstat -an |grep -w  "ESTABLISHED" |grep -v "127.0.0.1" | awk -v chr="$i" '$4 ~ chr'|awk '{print $5}' |awk -F ":" '{print $1}'|sort |uniq)

echo "$abc"


done


I am getting the required output now.


OUPUT :



Code:
192.168.20.232
192.168.10.114
192.168.10.175
192.168.10.183
192.168.10.7
192.168.10.93
192.168.20.120
192.168.20.154
192.168.20.170



my questions are

1) Now i want to ignore these ports records and print remaining records.
I tried with by changing the syntax of below variable in the script



Code:
abc=$(netstat -an |grep -w  "ESTABLISHED" |grep -v "127.0.0.1" | awk -v  chr="$i" '$4 !~ chr'|awk '{print $5}' |awk -F ":" '{print $1}'|sort  |uniq)

but it's printing duplicate values
Can someone please help me on this issue
Last edited by Scrutinizer; 12-12-2019 at 04:19 PM.. Reason: code tags please
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

output of NETSTAT

# netstat -in Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll net1 1500 192.168 192.168.0.11 24508 0 12212 112931 2795 lo0 8232 127 127.0.0.1 42 0 42 0 0 atl0* 8232 none none No Statistics... (1 Reply)
Discussion started by: samprax
1 Replies

2. Shell Programming and Scripting

filtering a range of ports out of a netstat output

i'd like to grep a range of ports on a netstat -nt output, localaddress, say :1 to :1023. how do i do it via sed/awk/grep? Thanks, Marc (1 Reply)
Discussion started by: marcpascual
1 Replies

3. Solaris

netstat -an -- meaning of the output

Dear Experts, I put below command- could you please describe the outputs column- let me describe some them- col_1: (10.131.60.48.55880) The IP address of the local computer and the port number being used for this particular connection appear in the Local Address column. col_2:... (3 Replies)
Discussion started by: thepurple
3 Replies

4. HP-UX

Difference in netstat -a and -an output.

Hi, Does anyone know why I get a different output when using "netstat -a" or "netstat -an" ?? # netstat -a | grep ts15r135 tcp 0 0 nbsol152.62736 ts15r135.23211 ESTABLISHED # netstat -an | grep 172.23.160.78 tcp 0 0 135.246.39.152.51954 ... (4 Replies)
Discussion started by: ejdv
4 Replies

5. UNIX for Dummies Questions & Answers

interpreting netstat output

hi all, when I run- wcars1j5#netstat -an | grep 8090 127.0.0.1.8090 *.* 0 0 49152 0 LISTEN wcars1j5# 1. does this mean that no one is connected to this port? Regards, akash (1 Reply)
Discussion started by: akash_mahakode
1 Replies

6. IP Networking

netstat output

I can't tell what the output of the netstat command means. Is there anywhere that has this information? I tried the man pages, but they weren't helpful. (3 Replies)
Discussion started by: Ultrix
3 Replies

7. IP Networking

Connections not shown in netstat output

I have a TCPIP server application (a Vendor package) which by default allows 10 connections. It provides a parameter to allow us to increase the maximum allowable connections in case it is needed. Intermittently this application is failing with maximum number of connections reached even when there... (1 Reply)
Discussion started by: AIX_user
1 Replies

8. UNIX for Advanced & Expert Users

Amount of Network Traffic info from netstat output

Hi, I'm trying to figure out how much traffic has been generated and received from netstat -s output (using Linux). I can see the output shows packet counts and Octet values, how would I correctly calculate how much traffic in and how much out? My output below: Ip: 88847576 total... (1 Reply)
Discussion started by: wilsonee
1 Replies

9. UNIX for Dummies Questions & Answers

netstat -an output, pls. explain..

Hi, I have old SCO O/S. System keeps crashing. I made lot of changes to kernel but so for nothing helped. I wrote a script which takes netstat -an output every one minute. I saw some thing right before the system crashed. Not sure if this means anything.. uname -a SCO_SV djx2 3.2... (2 Replies)
Discussion started by: samnyc
2 Replies

10. Shell Programming and Scripting

netstat output

Hi Team, Below is the output of netstat -an | grep 1533 tcp 0 0 17.18.18.12:583 10.3.2.0:1533 ESTABLISHED tcp 0 0 17.18.18.12:370 10.3.2.0:1533 ESTABLISHED Below is the o/p of netstat -a | grep server_name tcp 0 ... (4 Replies)
Discussion started by: Girish19
4 Replies

LEARN ABOUT DEBIAN

shorewall-exclusion

SHOREWALL-EXCLUSION(5)						  [FIXME: manual]					    SHOREWALL-EXCLUSION(5)

NAME

       exclusion - Exclude a set of hosts from a definition in a shorewall configuration file.

SYNOPSIS

       !address-or-range[,address-or-range]...

       !zone-name[,zone-name]...

DESCRIPTION

       The first form of exclusion is used when you wish to exclude one or more addresses from a definition. An exclaimation point is followed by
       a comma-separated list of addresses. The addresses may be single host addresses (e.g., 192.168.1.4) or they may be network addresses in
       CIDR format (e.g., 192.168.1.0/24). If your kernel and iptables include iprange support, you may also specify ranges of ip addresses of the
       form lowaddress-highaddress

       No embedded whitespace is allowed.

       Exclusion can appear after a list of addresses and/or address ranges. In that case, the final list of address is formed by taking the first
       list and then removing the addresses defined in the exclusion.

       Beginning in Shorewall 4.4.13, the second form of exclusion is allowed after all and any in the SOURCE and DEST columns of
       /etc/shorewall/rules. It allows you to omit arbitrary zones from the list generated by those key words.

	   Warning
	   If you omit a sub-zone and there is an explicit or explicit CONTINUE policy, a connection to/from that zone can still be matched by the
	   rule generated for a parent zone.

	   For example:

	   /etc/shorewall/zones:

	       #ZONE	      TYPE
	       z1	      ip
	       z2:z1	      ip
	       ...

	   /etc/shorewall/policy:

	       #SOURCE	       DEST	     POLICY
	       z1	       net	     CONTINUE
	       z2	       net	     REJECT

	   /etc/shorewall/rules:

	       #ACTION	       SOURCE	     DEST	 PROTO	       DEST
	       #						       PORT(S)
	       ACCEPT	       all!z2	     net	 tcp	       22

	   In this case, SSH connections from z2 to net will be accepted by the generated z1 to net ACCEPT rule.

       In most contexts, ipset names can be used as an address-or-range. Beginning with Shorewall 4.4.14, ipset lists enclosed in +[...] may also
       be included (see shorewall-ipsets[1] (5)). The semantics of these lists when used in an exclusion are as follows:

       o   !+[set1,set2,...setN] produces a packet match if the packet does not match at least one of the sets. In other words, it is like NOT
	   match set1 OR NOT match set2 ... OR NOT match setN.

       o   +[!set1,!set2,...!setN] produces a packet match if the packet does not match any of the sets. In other words, it is like NOT match set1
	   AND NOT match set2 ... AND NOT match setN.

EXAMPLES

       Example 1 - All IPv4 addresses except 192.168.3.4
	   !192.168.3.4

       Example 2 - All IPv4 addresses except the network 192.168.1.0/24 and the host 10.2.3.4
	   !192.168.1.0/24,10.1.3.4

       Example 3 - All IPv4 addresses except the range 192.168.1.3-192.168.1.12 and the network 10.0.0.0/8
	   !192.168.1.3-192.168.1.12,10.0.0.0/8

       Example 4 - The network 192.168.1.0/24 except hosts 192.168.1.3 and 192.168.1.9
	   192.168.1.0/24!192.168.1.3,192.168.1.9

       Example 5 - All parent zones except loc
	   any!loc

FILES

       /etc/shorewall/hosts

       /etc/shorewall/masq

       /etc/shorewall/rules

       /etc/shorewall/tcrules

SEE ALSO

       shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
       shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
       shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5),
       shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5),
       shorewall-tunnels(5), shorewall-zones(5)

NOTES

	1. shorewall-ipsets
	   http://www.shorewall.net/manpages/shorewall-ipsets.html

[FIXME: source] 						    06/28/2012						    SHOREWALL-EXCLUSION(5)
All times are GMT -4. The time now is 01:51 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy