LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Using lsof or netstat to view all IPs connected to my host (https://www.linuxquestions.org/questions/linux-networking-3/using-lsof-or-netstat-to-view-all-ips-connected-to-my-host-893793/)

Tryum 07-26-2011 02:49 AM

Using lsof or netstat to view all IPs connected to my host
 
I have found a command that finds all established connections to my host through TCP connection.

I found the following command as useful:
Code:

netstat -lantp | grep ESTABLISHED | awk '{print $4" "$5" "$7}' | sort -u
Better (application name at the beginning):
Code:

netstat -lantp | grep ESTABLISHED | awk '{print $7" "$4" "$5}' | sort -u

My questions are as follows:
  1. How do I stripping the number of the process with the command netstat? (displaying only the process name)
    • How can I limit the length of the process name to 5 or 8 letters?
  2. How do I strip the local IP address? (i.e. 192.168.1.1)

Example output:
Code:

<process_name> <local_port> <remote_ip>:<remote_port>
The current output of netstat is:
Code:

netstat -lantp | grep ESTABLISHED | awk '{print $7, $4, $5}' | sort -u
Code:

2784/transmission-g 192.168.1.1:<local_port> <remote_ip>:<remote_port>
2965/cmus 192.168.1.1:<local_port> 206.217.216.84:80

The current output of lsof is:
Code:

lsof -i -n -P | grep ESTABLISHED |awk '{print $1, $9}' | sort -u
Code:

cmus 192.168.1.1:<local_port>->206.217.216.84:80
transmiss 192.168.1.1:<local_port>-><remote_ip>:<remote_port>



The Desired//Wanted output:
Code:

<process_name> <local_port> <remote_ip>:<remote_port>

angel115 07-26-2011 03:49 AM

Try this and tell me if it does what you are expected
Code:

netstat -lantp | grep ESTABLISHED | awk '{print $7, $4, $5}' | sort -u |sed 's/[0-9]*\///g'
give me this
sshd: 10.0.1.1:22 192.6.2.99:63187

angel115 07-26-2011 04:08 AM

or here it is a longer version but which does what you want:
Code:

netstat -lantp | grep ESTABLISHED | awk '{print $7, $4, $5}' | sort -u |sed -e 's/[0-9]*\/\(.*\):\s[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}:\([0-9]\{1,5\}\)/\1 \2/g'
Gave me the following output
sshd 22 192.6.2.99:63187


Best regards,
Angel.

Tryum 06-14-2012 12:06 PM

Shame on me. I have neglected this thread for almost a year.

Code:

netstat -lantp | grep ESTABLISHED | awk '{print $7, $4, $5}' | sort -u |sed 's/[0-9]*\///g'
mocp 192.168.1.2:54168 178.159.0.11:7506

Code:

netstat -lantp | grep ESTABLISHED | awk '{print $7, $4, $5}' | sort -u |sed -e 's/[0-9]*\/\(.*\):\s[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}:\([0-9]\{1,5\}\)/\1 \2/g'
5709/mocp 192.168.1.2:54168 178.159.0.11:7506


It should be mocp 54168 178.159.0.11:7506


All times are GMT -5. The time now is 11:13 AM.