Solved

Linux: Loop through netstat results

Posted on 2013-11-15
3
1,232 Views
Last Modified: 2013-11-15
This returns the number of connections for each specified port in JSON format:
echo \"80\": `netstat -ant | grep 80 | wc -l`,\"443\": `netstat -ant | grep 443 | wc -l`,\"8080\": `netstat -ant | grep 8080 | wc -l`,\"20\": `netstat -ant | grep 20 | wc -l`,

Open in new window

The problem is I have to manually specify every port.  How can I get this to automatically loop through all open ports?
0
Comment
Question by:hankknight
  • 2
3 Comments
 
LVL 14

Expert Comment

by:jb1dev
ID: 39652024
Not sure how you mean all open ports. (Do you want to base this on the STATE column?)

exch@exch:~/20131114$ netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 127.0.0.1:29754         0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:49152           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:8001            0.0.0.0:*               LISTEN     
...

Open in new window


So you could extract all of the ":<port>" values from the fourth column like so:
netstat -ant | awk '{print $4}' | sed 's/.*://' | tail -n +3

Open in new window



Not sure what your json format is supposed to be though.

Grepping for just "80" or something could match 8080, or any IP address or port containing 80 ... ?
0
 
LVL 16

Author Comment

by:hankknight
ID: 39652061
Thanks, jb1devP.

You code gets the list of ports.  Now I want the number that corresponds to it in this format:

{"ports":
 {
  "199":1,"808":3,"3306":5,"111":1,"22":3,"631":7,"25":8,"859":3,"80":50,"443":6 
 }
}

Open in new window

0
 
LVL 14

Accepted Solution

by:
jb1dev earned 500 total points
ID: 39652108
I still don't get what you mean about what "number corresponds to it"

Your original post has you doing a line count for each grep.

E.g.
exch@exch:~/20131114$ netstat -ant | grep 80 | wc -l
23
exch@exch:~/20131114$ 

Open in new window


But that does not mean there are 23 open connections on port 80, if that is what you are looking for. There is in fact only one socket bound to port 80 listening. (Are you looking for local ports or remote ports?) For local ports, you won't find duplicates unless you have multiple interfaces. (My dupes below are from ipv6 ports)

exch@exch:~/20131114$ netstat -ant | awk '{print $4}' | sed 's/.*://' | tail -n +3 | sort
111
111
22
22
2401
29754
3306
40118
40962
43811
45613
47152
47154
47157
48887
48889
49152
51333
51339
51340
51341
51342
51343
51702
52342
53
53372
56639
56968
56970
56971
57981
59469
59767
59769
59774
59869
631
631
6600
80
8001
exch@exch:~/20131114$ 

Open in new window


exch@exch:~/20131114$ netstat -ant 
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 127.0.0.1:29754         0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:49152           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:8001            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:2401            0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN     
tcp        0      0 127.0.1.1:53            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:51702           0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     
tcp        1      0 192.168.0.160:47157     199.27.77.184:80        CLOSE_WAIT 
tcp        0      0 192.168.0.160:51501     74.125.239.103:80       TIME_WAIT  
tcp        0      0 192.168.0.160:59769     95.211.52.40:3333       CLOSE_WAIT 
tcp        1      0 192.168.0.160:47152     199.27.77.184:80        CLOSE_WAIT 
tcp        0      0 192.168.0.160:48889     192.198.107.178:3333    CLOSE_WAIT 
tcp        0      0 192.168.0.160:52834     74.125.239.117:443      ESTABLISHED
tcp        1      0 192.168.0.160:56968     199.27.77.185:80        CLOSE_WAIT 
tcp        1      0 192.168.0.160:47154     199.27.77.184:80        CLOSE_WAIT 
tcp        0      0 192.168.0.160:48887     192.198.107.178:3333    CLOSE_WAIT 
tcp        0      0 192.168.0.160:40305     74.125.239.143:443      ESTABLISHED
tcp        0      0 192.168.0.160:56830     74.125.239.97:443       ESTABLISHED
tcp        0      0 192.168.0.160:51506     74.125.239.103:80       TIME_WAIT  
tcp        0      0 192.168.0.160:43979     74.125.239.112:80       TIME_WAIT  
tcp        0      0 192.168.0.160:60037     74.125.239.122:80       TIME_WAIT  
tcp        1      0 192.168.0.160:56970     199.27.77.185:80        CLOSE_WAIT 
tcp       28      0 192.168.0.160:57981     91.189.92.10:443        CLOSE_WAIT 
tcp        0      0 192.168.0.160:51526     74.125.239.103:80       TIME_WAIT  
tcp        1      0 192.168.0.160:41492     162.243.59.192:80       CLOSE_WAIT 
tcp        0      0 192.168.0.160:45800     74.125.239.106:443      ESTABLISHED
tcp        0      0 192.168.0.160:59767     95.211.52.40:3333       CLOSE_WAIT 
tcp        1      0 192.168.0.160:56971     199.27.77.185:80        CLOSE_WAIT 
tcp        0    121 192.168.0.160:59774     95.211.52.40:3333       ESTABLISHED
tcp        0      0 192.168.0.160:53562     74.125.28.84:443        ESTABLISHED
tcp6       0      0 :::6600                 :::*                    LISTEN     
tcp6       0      0 :::59469                :::*                    LISTEN     
tcp6       0      0 :::111                  :::*                    LISTEN     
tcp6       0      0 :::80                   :::*                    LISTEN     
tcp6       0      0 :::22                   :::*                    LISTEN     
tcp6       0      0 ::1:631                 :::*                    LISTEN     
exch@exch:~/20131114$ 

Open in new window


So assuming only local ports, and you want to count how many open sockets are on that port, knowing that there will only be one per interface, you can use sort and uniq -c

e.g.
netstat -ant | awk '{print $4}' | sed 's/.*://' | tail -n +3 | sort | uniq -c

Open in new window


Then you can use awk and tr to put that in your json format:
netstat -ant | awk '{print $4}' | sed 's/.*://' | tail -n +3 | sort | uniq -c | awk '{ print "\"" $2 "\":" $1};' | tr '\n' ','

Open in new window

0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

Currently, there is not an RPM package available under the RHEL/Fedora/CentOS distributions that gives you a quick and easy way to allow PHP to interface with Oracle. As a result, I have included a set of instructions on how to do this with minimal …
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now