[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Linux: Loop through netstat results

Posted on 2013-11-15
3
Medium Priority
?
1,569 Views
Last Modified: 2013-11-15
This returns the number of connections for each specified port in JSON format:
echo \"80\": `netstat -ant | grep 80 | wc -l`,\"443\": `netstat -ant | grep 443 | wc -l`,\"8080\": `netstat -ant | grep 8080 | wc -l`,\"20\": `netstat -ant | grep 20 | wc -l`,

Open in new window

The problem is I have to manually specify every port.  How can I get this to automatically loop through all open ports?
0
Comment
Question by:hankknight
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 14

Expert Comment

by:jb1dev
ID: 39652024
Not sure how you mean all open ports. (Do you want to base this on the STATE column?)

exch@exch:~/20131114$ netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 127.0.0.1:29754         0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:49152           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:8001            0.0.0.0:*               LISTEN     
...

Open in new window


So you could extract all of the ":<port>" values from the fourth column like so:
netstat -ant | awk '{print $4}' | sed 's/.*://' | tail -n +3

Open in new window



Not sure what your json format is supposed to be though.

Grepping for just "80" or something could match 8080, or any IP address or port containing 80 ... ?
0
 
LVL 16

Author Comment

by:hankknight
ID: 39652061
Thanks, jb1devP.

You code gets the list of ports.  Now I want the number that corresponds to it in this format:

{"ports":
 {
  "199":1,"808":3,"3306":5,"111":1,"22":3,"631":7,"25":8,"859":3,"80":50,"443":6 
 }
}

Open in new window

0
 
LVL 14

Accepted Solution

by:
jb1dev earned 2000 total points
ID: 39652108
I still don't get what you mean about what "number corresponds to it"

Your original post has you doing a line count for each grep.

E.g.
exch@exch:~/20131114$ netstat -ant | grep 80 | wc -l
23
exch@exch:~/20131114$ 

Open in new window


But that does not mean there are 23 open connections on port 80, if that is what you are looking for. There is in fact only one socket bound to port 80 listening. (Are you looking for local ports or remote ports?) For local ports, you won't find duplicates unless you have multiple interfaces. (My dupes below are from ipv6 ports)

exch@exch:~/20131114$ netstat -ant | awk '{print $4}' | sed 's/.*://' | tail -n +3 | sort
111
111
22
22
2401
29754
3306
40118
40962
43811
45613
47152
47154
47157
48887
48889
49152
51333
51339
51340
51341
51342
51343
51702
52342
53
53372
56639
56968
56970
56971
57981
59469
59767
59769
59774
59869
631
631
6600
80
8001
exch@exch:~/20131114$ 

Open in new window


exch@exch:~/20131114$ netstat -ant 
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 127.0.0.1:29754         0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:49152           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:8001            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:2401            0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN     
tcp        0      0 127.0.1.1:53            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:51702           0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     
tcp        1      0 192.168.0.160:47157     199.27.77.184:80        CLOSE_WAIT 
tcp        0      0 192.168.0.160:51501     74.125.239.103:80       TIME_WAIT  
tcp        0      0 192.168.0.160:59769     95.211.52.40:3333       CLOSE_WAIT 
tcp        1      0 192.168.0.160:47152     199.27.77.184:80        CLOSE_WAIT 
tcp        0      0 192.168.0.160:48889     192.198.107.178:3333    CLOSE_WAIT 
tcp        0      0 192.168.0.160:52834     74.125.239.117:443      ESTABLISHED
tcp        1      0 192.168.0.160:56968     199.27.77.185:80        CLOSE_WAIT 
tcp        1      0 192.168.0.160:47154     199.27.77.184:80        CLOSE_WAIT 
tcp        0      0 192.168.0.160:48887     192.198.107.178:3333    CLOSE_WAIT 
tcp        0      0 192.168.0.160:40305     74.125.239.143:443      ESTABLISHED
tcp        0      0 192.168.0.160:56830     74.125.239.97:443       ESTABLISHED
tcp        0      0 192.168.0.160:51506     74.125.239.103:80       TIME_WAIT  
tcp        0      0 192.168.0.160:43979     74.125.239.112:80       TIME_WAIT  
tcp        0      0 192.168.0.160:60037     74.125.239.122:80       TIME_WAIT  
tcp        1      0 192.168.0.160:56970     199.27.77.185:80        CLOSE_WAIT 
tcp       28      0 192.168.0.160:57981     91.189.92.10:443        CLOSE_WAIT 
tcp        0      0 192.168.0.160:51526     74.125.239.103:80       TIME_WAIT  
tcp        1      0 192.168.0.160:41492     162.243.59.192:80       CLOSE_WAIT 
tcp        0      0 192.168.0.160:45800     74.125.239.106:443      ESTABLISHED
tcp        0      0 192.168.0.160:59767     95.211.52.40:3333       CLOSE_WAIT 
tcp        1      0 192.168.0.160:56971     199.27.77.185:80        CLOSE_WAIT 
tcp        0    121 192.168.0.160:59774     95.211.52.40:3333       ESTABLISHED
tcp        0      0 192.168.0.160:53562     74.125.28.84:443        ESTABLISHED
tcp6       0      0 :::6600                 :::*                    LISTEN     
tcp6       0      0 :::59469                :::*                    LISTEN     
tcp6       0      0 :::111                  :::*                    LISTEN     
tcp6       0      0 :::80                   :::*                    LISTEN     
tcp6       0      0 :::22                   :::*                    LISTEN     
tcp6       0      0 ::1:631                 :::*                    LISTEN     
exch@exch:~/20131114$ 

Open in new window


So assuming only local ports, and you want to count how many open sockets are on that port, knowing that there will only be one per interface, you can use sort and uniq -c

e.g.
netstat -ant | awk '{print $4}' | sed 's/.*://' | tail -n +3 | sort | uniq -c

Open in new window


Then you can use awk and tr to put that in your json format:
netstat -ant | awk '{print $4}' | sed 's/.*://' | tail -n +3 | sort | uniq -c | awk '{ print "\"" $2 "\":" $1};' | tr '\n' ','

Open in new window

0

Featured Post

Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question