Solved

Linux: Loop through netstat results

Posted on 2013-11-15
3
1,417 Views
Last Modified: 2013-11-15
This returns the number of connections for each specified port in JSON format:
echo \"80\": `netstat -ant | grep 80 | wc -l`,\"443\": `netstat -ant | grep 443 | wc -l`,\"8080\": `netstat -ant | grep 8080 | wc -l`,\"20\": `netstat -ant | grep 20 | wc -l`,

Open in new window

The problem is I have to manually specify every port.  How can I get this to automatically loop through all open ports?
0
Comment
Question by:hankknight
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 14

Expert Comment

by:jb1dev
ID: 39652024
Not sure how you mean all open ports. (Do you want to base this on the STATE column?)

exch@exch:~/20131114$ netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 127.0.0.1:29754         0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:49152           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:8001            0.0.0.0:*               LISTEN     
...

Open in new window


So you could extract all of the ":<port>" values from the fourth column like so:
netstat -ant | awk '{print $4}' | sed 's/.*://' | tail -n +3

Open in new window



Not sure what your json format is supposed to be though.

Grepping for just "80" or something could match 8080, or any IP address or port containing 80 ... ?
0
 
LVL 16

Author Comment

by:hankknight
ID: 39652061
Thanks, jb1devP.

You code gets the list of ports.  Now I want the number that corresponds to it in this format:

{"ports":
 {
  "199":1,"808":3,"3306":5,"111":1,"22":3,"631":7,"25":8,"859":3,"80":50,"443":6 
 }
}

Open in new window

0
 
LVL 14

Accepted Solution

by:
jb1dev earned 500 total points
ID: 39652108
I still don't get what you mean about what "number corresponds to it"

Your original post has you doing a line count for each grep.

E.g.
exch@exch:~/20131114$ netstat -ant | grep 80 | wc -l
23
exch@exch:~/20131114$ 

Open in new window


But that does not mean there are 23 open connections on port 80, if that is what you are looking for. There is in fact only one socket bound to port 80 listening. (Are you looking for local ports or remote ports?) For local ports, you won't find duplicates unless you have multiple interfaces. (My dupes below are from ipv6 ports)

exch@exch:~/20131114$ netstat -ant | awk '{print $4}' | sed 's/.*://' | tail -n +3 | sort
111
111
22
22
2401
29754
3306
40118
40962
43811
45613
47152
47154
47157
48887
48889
49152
51333
51339
51340
51341
51342
51343
51702
52342
53
53372
56639
56968
56970
56971
57981
59469
59767
59769
59774
59869
631
631
6600
80
8001
exch@exch:~/20131114$ 

Open in new window


exch@exch:~/20131114$ netstat -ant 
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 127.0.0.1:29754         0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:49152           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:8001            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:2401            0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN     
tcp        0      0 127.0.1.1:53            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:51702           0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     
tcp        1      0 192.168.0.160:47157     199.27.77.184:80        CLOSE_WAIT 
tcp        0      0 192.168.0.160:51501     74.125.239.103:80       TIME_WAIT  
tcp        0      0 192.168.0.160:59769     95.211.52.40:3333       CLOSE_WAIT 
tcp        1      0 192.168.0.160:47152     199.27.77.184:80        CLOSE_WAIT 
tcp        0      0 192.168.0.160:48889     192.198.107.178:3333    CLOSE_WAIT 
tcp        0      0 192.168.0.160:52834     74.125.239.117:443      ESTABLISHED
tcp        1      0 192.168.0.160:56968     199.27.77.185:80        CLOSE_WAIT 
tcp        1      0 192.168.0.160:47154     199.27.77.184:80        CLOSE_WAIT 
tcp        0      0 192.168.0.160:48887     192.198.107.178:3333    CLOSE_WAIT 
tcp        0      0 192.168.0.160:40305     74.125.239.143:443      ESTABLISHED
tcp        0      0 192.168.0.160:56830     74.125.239.97:443       ESTABLISHED
tcp        0      0 192.168.0.160:51506     74.125.239.103:80       TIME_WAIT  
tcp        0      0 192.168.0.160:43979     74.125.239.112:80       TIME_WAIT  
tcp        0      0 192.168.0.160:60037     74.125.239.122:80       TIME_WAIT  
tcp        1      0 192.168.0.160:56970     199.27.77.185:80        CLOSE_WAIT 
tcp       28      0 192.168.0.160:57981     91.189.92.10:443        CLOSE_WAIT 
tcp        0      0 192.168.0.160:51526     74.125.239.103:80       TIME_WAIT  
tcp        1      0 192.168.0.160:41492     162.243.59.192:80       CLOSE_WAIT 
tcp        0      0 192.168.0.160:45800     74.125.239.106:443      ESTABLISHED
tcp        0      0 192.168.0.160:59767     95.211.52.40:3333       CLOSE_WAIT 
tcp        1      0 192.168.0.160:56971     199.27.77.185:80        CLOSE_WAIT 
tcp        0    121 192.168.0.160:59774     95.211.52.40:3333       ESTABLISHED
tcp        0      0 192.168.0.160:53562     74.125.28.84:443        ESTABLISHED
tcp6       0      0 :::6600                 :::*                    LISTEN     
tcp6       0      0 :::59469                :::*                    LISTEN     
tcp6       0      0 :::111                  :::*                    LISTEN     
tcp6       0      0 :::80                   :::*                    LISTEN     
tcp6       0      0 :::22                   :::*                    LISTEN     
tcp6       0      0 ::1:631                 :::*                    LISTEN     
exch@exch:~/20131114$ 

Open in new window


So assuming only local ports, and you want to count how many open sockets are on that port, knowing that there will only be one per interface, you can use sort and uniq -c

e.g.
netstat -ant | awk '{print $4}' | sed 's/.*://' | tail -n +3 | sort | uniq -c

Open in new window


Then you can use awk and tr to put that in your json format:
netstat -ant | awk '{print $4}' | sed 's/.*://' | tail -n +3 | sort | uniq -c | awk '{ print "\"" $2 "\":" $1};' | tr '\n' ','

Open in new window

0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question