Filtering netstat command output


Login or Register for Dates, Times and to Reply

 
Thread Tools Search this Thread
Top Forums UNIX for Beginners Questions & Answers Filtering netstat command output
# 1  
Filtering netstat command output

Hi All,


I am trying to collect the listen ports info from netstat command in centos 7

From that info i am trying to collect all the foreign address IP for those ports.


I am using below script to do the same.


Code:
netstat -an |grep -w  "LISTEN" |grep -v "127.0.0.1" |awk '{print $4}' > /tmp/q1

sed 's/::/ALL/g' /tmp/q1 > /tmp/q2

for i in $(cat /tmp/q2 |awk -F ":" '{print $2}' |sort |uniq);do


abc=$(netstat -an |grep -w  "ESTABLISHED" |grep -v "127.0.0.1" | awk -v chr="$i" '$4 ~ chr'|awk '{print $5}' |awk -F ":" '{print $1}'|sort |uniq)

echo "$abc"


done


I am getting the required output now.


OUPUT :



Code:
192.168.20.232
192.168.10.114
192.168.10.175
192.168.10.183
192.168.10.7
192.168.10.93
192.168.20.120
192.168.20.154
192.168.20.170



my questions are

1) Now i want to ignore these ports records and print remaining records.
I tried with by changing the syntax of below variable in the script



Code:
abc=$(netstat -an |grep -w  "ESTABLISHED" |grep -v "127.0.0.1" | awk -v  chr="$i" '$4 !~ chr'|awk '{print $5}' |awk -F ":" '{print $1}'|sort  |uniq)

but it's printing duplicate values
Can someone please help me on this issue

Last edited by Scrutinizer; 12-12-2019 at 04:19 PM.. Reason: code tags please
# 2  
This should be close to what you were doing.

Code:
netstat -an | awk '
/LISTEN/ && ! /127.0.0.1/ {
   gsub("::", "ALL", $0)
   if ($4 ~ ":") { RECV[$2] }
}
/ESTABLISHED/ && ($2 in RECV) {
   gsub(/:.*/,"",$5)
   if (!($5 in FOUND)) {
      print $5
      FOUND[$5]
   }
}'

This User Gave Thanks to Chubler_XL For This Post:
# 3  
Can you please explain the script which you wrote.


Thanks
# 4  
Quote:
Originally Posted by sravani25
Can you please explain the script which you wrote.


Thanks
/LISTEN/ && ! /127.0.0.1/
Match lines containing LISTEN and not 127.0.0.1

gsub("::", "ALL", $0)
Replace :: with ALL on entire line

if ($4 ~ ":") { RECV[$2] }
if field #4 contains : store field #2 in RECV array

/ESTABLISHED/ && ($2 in RECV)
Match lines that contain ESTABLISHED and field #2 previously stored in RECV array

gsub(/:.*/,"",$5)
Remove from : to end of field in field #5

Code:
if (!($5 in FOUND)) {
   print $5
   FOUND[$5]
}

if field #5 has not already been printed (not in FOUND array) then print it and add field #5 to FOUND array.
This User Gave Thanks to Chubler_XL For This Post:
Login or Register for Dates, Times and to Reply

Previous Thread | Next Thread
Thread Tools Search this Thread
Search this Thread:
Advanced Search

Test Your Knowledge in Computers #394
Difficulty: Medium
POSIX mandates 1024-byte default block sizes for the df and du utilities, reflecting the typical size of blocks on disks.
True or False?

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

netstat output

Hi Team, Below is the output of netstat -an | grep 1533 tcp 0 0 17.18.18.12:583 10.3.2.0:1533 ESTABLISHED tcp 0 0 17.18.18.12:370 10.3.2.0:1533 ESTABLISHED Below is the o/p of netstat -a | grep server_name tcp 0 ... (4 Replies)
Discussion started by: Girish19
4 Replies

2. UNIX for Dummies Questions & Answers

netstat -an output, pls. explain..

Hi, I have old SCO O/S. System keeps crashing. I made lot of changes to kernel but so for nothing helped. I wrote a script which takes netstat -an output every one minute. I saw some thing right before the system crashed. Not sure if this means anything.. uname -a SCO_SV djx2 3.2... (2 Replies)
Discussion started by: samnyc
2 Replies

3. UNIX for Advanced & Expert Users

Amount of Network Traffic info from netstat output

Hi, I'm trying to figure out how much traffic has been generated and received from netstat -s output (using Linux). I can see the output shows packet counts and Octet values, how would I correctly calculate how much traffic in and how much out? My output below: Ip: 88847576 total... (1 Reply)
Discussion started by: wilsonee
1 Replies

4. IP Networking

Connections not shown in netstat output

I have a TCPIP server application (a Vendor package) which by default allows 10 connections. It provides a parameter to allow us to increase the maximum allowable connections in case it is needed. Intermittently this application is failing with maximum number of connections reached even when there... (1 Reply)
Discussion started by: AIX_user
1 Replies

5. IP Networking

netstat output

I can't tell what the output of the netstat command means. Is there anywhere that has this information? I tried the man pages, but they weren't helpful. (3 Replies)
Discussion started by: Ultrix
3 Replies

6. UNIX for Dummies Questions & Answers

interpreting netstat output

hi all, when I run- wcars1j5#netstat -an | grep 8090 127.0.0.1.8090 *.* 0 0 49152 0 LISTEN wcars1j5# 1. does this mean that no one is connected to this port? Regards, akash (1 Reply)
Discussion started by: akash_mahakode
1 Replies

7. HP-UX

Difference in netstat -a and -an output.

Hi, Does anyone know why I get a different output when using "netstat -a" or "netstat -an" ?? # netstat -a | grep ts15r135 tcp 0 0 nbsol152.62736 ts15r135.23211 ESTABLISHED # netstat -an | grep 172.23.160.78 tcp 0 0 135.246.39.152.51954 ... (4 Replies)
Discussion started by: ejdv
4 Replies

8. Solaris

netstat -an -- meaning of the output

Dear Experts, I put below command- could you please describe the outputs column- let me describe some them- col_1: (10.131.60.48.55880) The IP address of the local computer and the port number being used for this particular connection appear in the Local Address column. col_2:... (3 Replies)
Discussion started by: thepurple
3 Replies

9. Shell Programming and Scripting

filtering a range of ports out of a netstat output

i'd like to grep a range of ports on a netstat -nt output, localaddress, say :1 to :1023. how do i do it via sed/awk/grep? Thanks, Marc (1 Reply)
Discussion started by: marcpascual
1 Replies

10. UNIX for Dummies Questions & Answers

output of NETSTAT

# netstat -in Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll net1 1500 192.168 192.168.0.11 24508 0 12212 112931 2795 lo0 8232 127 127.0.0.1 42 0 42 0 0 atl0* 8232 none none No Statistics... (1 Reply)
Discussion started by: samprax
1 Replies

Featured Tech Videos