我正在嘗試從以下內容中檢索-port以及)Local Address中每個 IP 位址使用的不同區塊中的連接埠號,並將其儲存在檔案中:Foreign AddressPID/Program name
我用了:
netstat -natp | grep '^[a-z0-9P]*'
之後我想忽略Recv-Q並Send-Q阻止並取得Local Address其連接埠號,Foreign Address然後再次忽略State並取得PID/Program name。
哪個正規表示式對我有幫助?另外,如果我能夠將兩個連接埠號碼保留在每個位址後面的不同區塊中,將會更有幫助。
這就是我所擁有的:
$ netstat -natp | grep '^[a-z0-9P]*'
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:5939 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:7071 0.0.0.0:* LISTEN -
tcp 0 0 192.168.42.157:37960 106.10.218.42:443 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:35636 117.18.237.29:80 ESTABLISHED 21019/firefox
tcp 1 32 192.168.42.157:40444 5.39.93.71:443 CLOSING -
tcp 0 0 192.168.42.157:35626 52.27.200.224:443 TIME_WAIT -
tcp 0 0 192.168.42.157:43004 122.252.255.200:80 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:35734 117.18.237.29:80 TIME_WAIT -
tcp 0 0 192.168.42.157:35776 52.27.200.224:443 TIME_WAIT -
tcp 0 0 192.168.42.157:41690 54.182.1.219:443 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:56472 54.182.0.97:443 ESTABLISHED 21019/firefox
tcp 1 32 192.168.42.157:48390 198.252.206.25:443 CLOSING -
tcp 0 0 192.168.42.157:37322 34.107.221.82:80 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:57724 204.79.197.204:443 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:43142 23.57.14.17:443 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:46286 13.227.138.58:443 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:55576 112.133.250.163:443 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:52328 151.101.120.193:443 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:35736 52.39.214.89:443 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:57252 99.83.135.170:443 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:48394 198.252.206.25:443 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:45020 54.182.0.113:443 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:50396 27.123.42.205:443 ESTABLISHED 21019/firefox
tcp 1 32 192.168.42.157:48092 198.252.206.25:443 CLOSING -
tcp 0 0 192.168.42.157:55798 142.250.192.99:80 TIME_WAIT -
tcp 0 0 192.168.42.157:34190 157.240.16.52:443 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:37320 34.107.221.82:80 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:44806 54.87.110.85:443 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:51202 103.229.10.173:443 ESTABLISHED 21019/firefox
這就是我要的:
Prot Local Address PortofLocalA Foreign Address PortofForeignA PID/Program name
及其下面的所有 o/p
答案1
雖然有點笨拙,但你可以嘗試:
$ netstat -natp 2> /dev/null | awk 'NR==2 {printf("%s\t%s %s\t%s %s\t%s %s\n",$1,$4,$5,$6,$7,$9,$10)}
NR>=3 {OFS="\t";print($1,$4,$5,$7)}'
編輯
……並且,為了完成目的,如果您需要在最終輸出中將連接埠列與其 IP 方向分開,您可以在 中引入更細粒度的格式awk,如下所示:
$ netstat -natp 2>/dev/null | awk '
NR==2 {printf("%s\t%8s %s\tPort\t%8s %s\tPort\t%s\n",$1,$4,$5,$6,$7,$9)}
NR>=3 {$8=$7;
idx=match($5,":[^:]+$");
$7=substr($5,idx+1);
$6=substr($5,1,idx-1);
idx=match($4,":[^:]+$");
$5=substr($4,idx+1);
$4=substr($4,1,idx-1);
printf("%s\t%16s\t%s\t%16s\t%s\t%s\n",$1,$4,$5,$6,$7,$8)}
'
Proto Local Address Port Foreign Address Port PID/Program
tcp 0.0.0.0 22 0.0.0.0 * -
tcp 127.0.0.1 631 0.0.0.0 * -
tcp 127.0.0.1 25 0.0.0.0 * -
tcp 0.0.0.0 445 0.0.0.0 * -
tcp 127.0.0.1 12150 0.0.0.0 * -
tcp 0.0.0.0 139 0.0.0.0 * -
tcp 127.0.0.1 37580 127.0.0.1 12150 2962/firefox
tcp 127.0.0.1 12150 127.0.0.1 40684 -
[...]
tcp 127.0.0.1 12150 127.0.0.1 47646 -
tcp 127.0.0.1 12150 127.0.0.1 48982 -
tcp 127.0.0.1 12150 127.0.0.1 1414 -
tcp6 :: 22 :: * -
tcp6 ::1 631 :: * -
tcp6 :: 445 :: * -
tcp6 :: 139 :: * -
使用 Gawk (GNU Awk) v5.1.0 進行測試,上面的範例輸出來自我附近的一個隨機盒子。
與我之前的回答的不同之處在於:
- 對於每個記錄的欄位 4 和 5,檢查字串中
idx最後一個字元的位置 ( )。:之後出現的就是連接埠。字串的開頭是 IP。這適用於 IPv4 和 IPv6 IP 字串。127.0.0.1:12345例如,這對於分隔 IP 和連接埠號碼很有用::1:432。 - 失去
OFS="\t"指定輸出欄位分隔符在第二個區塊中,並在兩個區塊中的格式字串之間awk的適當位置添加整數寬度。%sprintfawk
答案2
畫面並不完美,但作為一個開始:
perl -ae 'printf("%-6s%16s%7s%16s%7s %7s %s\n", $F[0], $F[3] =~ /(.*):(.*)/,
$F[4] =~ /(.*):(.*)/, $F[6] =~ /(\d*)\/?(.*)/) if $. > 2'
輸出(事後新增標題):
Proto Local-Address Port Remote-Address Port PID Program-name
tcp 192.168.122.100 53 0.0.0.0 * -
tcp 10.0.0.8 53 0.0.0.0 * -
tcp 127.0.0.1 9321 127.0.0.1 45396 -
tcp 10.0.0.8 45454 123.123.123.25 443 484 firefox
tcp 127.0.0.1 36363 127.0.0.1 3639 23018 weechat
tcp 10.0.0.8 23232 123.232.123.25 443 484 firefox
tcp 10.0.0.8 13131 22.123.123.33 6667 23415 irssi
tcp 10.0.0.8 45586 52.42.50.123 443 20538 firefox
tcp6 :: 80 :: * -
tcp6 :: 22 :: * -
tcp6 ::1 631 :: * -
tcp6 :: 25 :: * -
tcp6 :: 443 :: * -
tcp6 127.0.0.1 80 127.0.0.1 46922 -