Solved

Linux: Loop through netstat results

Posted on 2013-11-15
3
1,321 Views
Last Modified: 2013-11-15
This returns the number of connections for each specified port in JSON format:
echo \"80\": `netstat -ant | grep 80 | wc -l`,\"443\": `netstat -ant | grep 443 | wc -l`,\"8080\": `netstat -ant | grep 8080 | wc -l`,\"20\": `netstat -ant | grep 20 | wc -l`,

Open in new window

The problem is I have to manually specify every port.  How can I get this to automatically loop through all open ports?
0
Comment
Question by:hankknight
  • 2
3 Comments
 
LVL 14

Expert Comment

by:jb1dev
ID: 39652024
Not sure how you mean all open ports. (Do you want to base this on the STATE column?)

exch@exch:~/20131114$ netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 127.0.0.1:29754         0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:49152           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:8001            0.0.0.0:*               LISTEN     
...

Open in new window


So you could extract all of the ":<port>" values from the fourth column like so:
netstat -ant | awk '{print $4}' | sed 's/.*://' | tail -n +3

Open in new window



Not sure what your json format is supposed to be though.

Grepping for just "80" or something could match 8080, or any IP address or port containing 80 ... ?
0
 
LVL 16

Author Comment

by:hankknight
ID: 39652061
Thanks, jb1devP.

You code gets the list of ports.  Now I want the number that corresponds to it in this format:

{"ports":
 {
  "199":1,"808":3,"3306":5,"111":1,"22":3,"631":7,"25":8,"859":3,"80":50,"443":6 
 }
}

Open in new window

0
 
LVL 14

Accepted Solution

by:
jb1dev earned 500 total points
ID: 39652108
I still don't get what you mean about what "number corresponds to it"

Your original post has you doing a line count for each grep.

E.g.
exch@exch:~/20131114$ netstat -ant | grep 80 | wc -l
23
exch@exch:~/20131114$ 

Open in new window


But that does not mean there are 23 open connections on port 80, if that is what you are looking for. There is in fact only one socket bound to port 80 listening. (Are you looking for local ports or remote ports?) For local ports, you won't find duplicates unless you have multiple interfaces. (My dupes below are from ipv6 ports)

exch@exch:~/20131114$ netstat -ant | awk '{print $4}' | sed 's/.*://' | tail -n +3 | sort
111
111
22
22
2401
29754
3306
40118
40962
43811
45613
47152
47154
47157
48887
48889
49152
51333
51339
51340
51341
51342
51343
51702
52342
53
53372
56639
56968
56970
56971
57981
59469
59767
59769
59774
59869
631
631
6600
80
8001
exch@exch:~/20131114$ 

Open in new window


exch@exch:~/20131114$ netstat -ant 
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 127.0.0.1:29754         0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:49152           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:8001            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:2401            0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN     
tcp        0      0 127.0.1.1:53            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:51702           0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     
tcp        1      0 192.168.0.160:47157     199.27.77.184:80        CLOSE_WAIT 
tcp        0      0 192.168.0.160:51501     74.125.239.103:80       TIME_WAIT  
tcp        0      0 192.168.0.160:59769     95.211.52.40:3333       CLOSE_WAIT 
tcp        1      0 192.168.0.160:47152     199.27.77.184:80        CLOSE_WAIT 
tcp        0      0 192.168.0.160:48889     192.198.107.178:3333    CLOSE_WAIT 
tcp        0      0 192.168.0.160:52834     74.125.239.117:443      ESTABLISHED
tcp        1      0 192.168.0.160:56968     199.27.77.185:80        CLOSE_WAIT 
tcp        1      0 192.168.0.160:47154     199.27.77.184:80        CLOSE_WAIT 
tcp        0      0 192.168.0.160:48887     192.198.107.178:3333    CLOSE_WAIT 
tcp        0      0 192.168.0.160:40305     74.125.239.143:443      ESTABLISHED
tcp        0      0 192.168.0.160:56830     74.125.239.97:443       ESTABLISHED
tcp        0      0 192.168.0.160:51506     74.125.239.103:80       TIME_WAIT  
tcp        0      0 192.168.0.160:43979     74.125.239.112:80       TIME_WAIT  
tcp        0      0 192.168.0.160:60037     74.125.239.122:80       TIME_WAIT  
tcp        1      0 192.168.0.160:56970     199.27.77.185:80        CLOSE_WAIT 
tcp       28      0 192.168.0.160:57981     91.189.92.10:443        CLOSE_WAIT 
tcp        0      0 192.168.0.160:51526     74.125.239.103:80       TIME_WAIT  
tcp        1      0 192.168.0.160:41492     162.243.59.192:80       CLOSE_WAIT 
tcp        0      0 192.168.0.160:45800     74.125.239.106:443      ESTABLISHED
tcp        0      0 192.168.0.160:59767     95.211.52.40:3333       CLOSE_WAIT 
tcp        1      0 192.168.0.160:56971     199.27.77.185:80        CLOSE_WAIT 
tcp        0    121 192.168.0.160:59774     95.211.52.40:3333       ESTABLISHED
tcp        0      0 192.168.0.160:53562     74.125.28.84:443        ESTABLISHED
tcp6       0      0 :::6600                 :::*                    LISTEN     
tcp6       0      0 :::59469                :::*                    LISTEN     
tcp6       0      0 :::111                  :::*                    LISTEN     
tcp6       0      0 :::80                   :::*                    LISTEN     
tcp6       0      0 :::22                   :::*                    LISTEN     
tcp6       0      0 ::1:631                 :::*                    LISTEN     
exch@exch:~/20131114$ 

Open in new window


So assuming only local ports, and you want to count how many open sockets are on that port, knowing that there will only be one per interface, you can use sort and uniq -c

e.g.
netstat -ant | awk '{print $4}' | sed 's/.*://' | tail -n +3 | sort | uniq -c

Open in new window


Then you can use awk and tr to put that in your json format:
netstat -ant | awk '{print $4}' | sed 's/.*://' | tail -n +3 | sort | uniq -c | awk '{ print "\"" $2 "\":" $1};' | tr '\n' ','

Open in new window

0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question