Solved

Linux: Loop through netstat results

Posted on 2013-11-15
3
1,346 Views
Last Modified: 2013-11-15
This returns the number of connections for each specified port in JSON format:
echo \"80\": `netstat -ant | grep 80 | wc -l`,\"443\": `netstat -ant | grep 443 | wc -l`,\"8080\": `netstat -ant | grep 8080 | wc -l`,\"20\": `netstat -ant | grep 20 | wc -l`,

Open in new window

The problem is I have to manually specify every port.  How can I get this to automatically loop through all open ports?
0
Comment
Question by:hankknight
  • 2
3 Comments
 
LVL 14

Expert Comment

by:jb1dev
ID: 39652024
Not sure how you mean all open ports. (Do you want to base this on the STATE column?)

exch@exch:~/20131114$ netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 127.0.0.1:29754         0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:49152           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:8001            0.0.0.0:*               LISTEN     
...

Open in new window


So you could extract all of the ":<port>" values from the fourth column like so:
netstat -ant | awk '{print $4}' | sed 's/.*://' | tail -n +3

Open in new window



Not sure what your json format is supposed to be though.

Grepping for just "80" or something could match 8080, or any IP address or port containing 80 ... ?
0
 
LVL 16

Author Comment

by:hankknight
ID: 39652061
Thanks, jb1devP.

You code gets the list of ports.  Now I want the number that corresponds to it in this format:

{"ports":
 {
  "199":1,"808":3,"3306":5,"111":1,"22":3,"631":7,"25":8,"859":3,"80":50,"443":6 
 }
}

Open in new window

0
 
LVL 14

Accepted Solution

by:
jb1dev earned 500 total points
ID: 39652108
I still don't get what you mean about what "number corresponds to it"

Your original post has you doing a line count for each grep.

E.g.
exch@exch:~/20131114$ netstat -ant | grep 80 | wc -l
23
exch@exch:~/20131114$ 

Open in new window


But that does not mean there are 23 open connections on port 80, if that is what you are looking for. There is in fact only one socket bound to port 80 listening. (Are you looking for local ports or remote ports?) For local ports, you won't find duplicates unless you have multiple interfaces. (My dupes below are from ipv6 ports)

exch@exch:~/20131114$ netstat -ant | awk '{print $4}' | sed 's/.*://' | tail -n +3 | sort
111
111
22
22
2401
29754
3306
40118
40962
43811
45613
47152
47154
47157
48887
48889
49152
51333
51339
51340
51341
51342
51343
51702
52342
53
53372
56639
56968
56970
56971
57981
59469
59767
59769
59774
59869
631
631
6600
80
8001
exch@exch:~/20131114$ 

Open in new window


exch@exch:~/20131114$ netstat -ant 
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 127.0.0.1:29754         0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:49152           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:8001            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:2401            0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN     
tcp        0      0 127.0.1.1:53            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:51702           0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     
tcp        1      0 192.168.0.160:47157     199.27.77.184:80        CLOSE_WAIT 
tcp        0      0 192.168.0.160:51501     74.125.239.103:80       TIME_WAIT  
tcp        0      0 192.168.0.160:59769     95.211.52.40:3333       CLOSE_WAIT 
tcp        1      0 192.168.0.160:47152     199.27.77.184:80        CLOSE_WAIT 
tcp        0      0 192.168.0.160:48889     192.198.107.178:3333    CLOSE_WAIT 
tcp        0      0 192.168.0.160:52834     74.125.239.117:443      ESTABLISHED
tcp        1      0 192.168.0.160:56968     199.27.77.185:80        CLOSE_WAIT 
tcp        1      0 192.168.0.160:47154     199.27.77.184:80        CLOSE_WAIT 
tcp        0      0 192.168.0.160:48887     192.198.107.178:3333    CLOSE_WAIT 
tcp        0      0 192.168.0.160:40305     74.125.239.143:443      ESTABLISHED
tcp        0      0 192.168.0.160:56830     74.125.239.97:443       ESTABLISHED
tcp        0      0 192.168.0.160:51506     74.125.239.103:80       TIME_WAIT  
tcp        0      0 192.168.0.160:43979     74.125.239.112:80       TIME_WAIT  
tcp        0      0 192.168.0.160:60037     74.125.239.122:80       TIME_WAIT  
tcp        1      0 192.168.0.160:56970     199.27.77.185:80        CLOSE_WAIT 
tcp       28      0 192.168.0.160:57981     91.189.92.10:443        CLOSE_WAIT 
tcp        0      0 192.168.0.160:51526     74.125.239.103:80       TIME_WAIT  
tcp        1      0 192.168.0.160:41492     162.243.59.192:80       CLOSE_WAIT 
tcp        0      0 192.168.0.160:45800     74.125.239.106:443      ESTABLISHED
tcp        0      0 192.168.0.160:59767     95.211.52.40:3333       CLOSE_WAIT 
tcp        1      0 192.168.0.160:56971     199.27.77.185:80        CLOSE_WAIT 
tcp        0    121 192.168.0.160:59774     95.211.52.40:3333       ESTABLISHED
tcp        0      0 192.168.0.160:53562     74.125.28.84:443        ESTABLISHED
tcp6       0      0 :::6600                 :::*                    LISTEN     
tcp6       0      0 :::59469                :::*                    LISTEN     
tcp6       0      0 :::111                  :::*                    LISTEN     
tcp6       0      0 :::80                   :::*                    LISTEN     
tcp6       0      0 :::22                   :::*                    LISTEN     
tcp6       0      0 ::1:631                 :::*                    LISTEN     
exch@exch:~/20131114$ 

Open in new window


So assuming only local ports, and you want to count how many open sockets are on that port, knowing that there will only be one per interface, you can use sort and uniq -c

e.g.
netstat -ant | awk '{print $4}' | sed 's/.*://' | tail -n +3 | sort | uniq -c

Open in new window


Then you can use awk and tr to put that in your json format:
netstat -ant | awk '{print $4}' | sed 's/.*://' | tail -n +3 | sort | uniq -c | awk '{ print "\"" $2 "\":" $1};' | tr '\n' ','

Open in new window

0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to get maximum transfer speed over LAN 4 104
linux(debian) mouse poor performance 4 62
ifconfig 4 69
Why  my code (program) build with old compiler? 11 75
I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
Fine Tune your automatic Updates for Ubuntu / Debian
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question