Using lsof or netstat to view all IPs connected to my host

Tryum · 07-26-2011, 02:49 AM

I have found a command that finds all established connections to my host through TCP connection.

I found the following command as useful:

Code:

netstat -lantp | grep ESTABLISHED | awk '{print $4" "$5" "$7}' | sort -u

Better (application name at the beginning):

Code:

netstat -lantp | grep ESTABLISHED | awk '{print $7" "$4" "$5}' | sort -u

My questions are as follows:

How do I stripping the number of the process with the command netstat? (displaying only the process name)
- How can I limit the length of the process name to 5 or 8 letters?
How do I strip the local IP address? (i.e. 192.168.1.1)

Example output:

Code:

<process_name> <local_port> <remote_ip>:<remote_port>

The current output of netstat is:

Code:

netstat -lantp | grep ESTABLISHED | awk '{print $7, $4, $5}' | sort -u

Code:

2784/transmission-g 192.168.1.1:<local_port> <remote_ip>:<remote_port>
2965/cmus 192.168.1.1:<local_port> 206.217.216.84:80

The current output of lsof is:

Code:

lsof -i -n -P | grep ESTABLISHED |awk '{print $1, $9}' | sort -u

Code:

cmus 192.168.1.1:<local_port>->206.217.216.84:80
transmiss 192.168.1.1:<local_port>-><remote_ip>:<remote_port>

The Desired//Wanted output:

Code:

<process_name> <local_port> <remote_ip>:<remote_port>

angel115 · 07-26-2011, 03:49 AM

Try this and tell me if it does what you are expected

Code:

netstat -lantp | grep ESTABLISHED | awk '{print $7, $4, $5}' | sort -u |sed 's/[0-9]*\///g'

give me this
sshd: 10.0.1.1:22 192.6.2.99:63187

angel115 · 07-26-2011, 04:08 AM

or here it is a longer version but which does what you want:

Code:

netstat -lantp | grep ESTABLISHED | awk '{print $7, $4, $5}' | sort -u |sed -e 's/[0-9]*\/\(.*\):\s[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}:\([0-9]\{1,5\}\)/\1 \2/g'

Gave me the following output
sshd 22 192.6.2.99:63187

Best regards,
Angel.