我正在尝试从以下内容中检索-port以及)Local Address中每个 IP 地址使用的不同块中的端口号,并将其存储在文件中:Foreign AddressPID/Program name
我用了:
netstat -natp | grep '^[a-z0-9P]*'
之后我想忽略Recv-Q并Send-Q阻止并获取Local Address其端口号,Foreign Address然后再次忽略State并获取PID/Program name。
哪个正则表达式对我有帮助?另外,如果我能够将两个端口号保留在每个地址后面的不同块中,将会更有帮助。
这就是我所拥有的:
$ netstat -natp | grep '^[a-z0-9P]*'
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:5939 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:7071 0.0.0.0:* LISTEN -
tcp 0 0 192.168.42.157:37960 106.10.218.42:443 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:35636 117.18.237.29:80 ESTABLISHED 21019/firefox
tcp 1 32 192.168.42.157:40444 5.39.93.71:443 CLOSING -
tcp 0 0 192.168.42.157:35626 52.27.200.224:443 TIME_WAIT -
tcp 0 0 192.168.42.157:43004 122.252.255.200:80 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:35734 117.18.237.29:80 TIME_WAIT -
tcp 0 0 192.168.42.157:35776 52.27.200.224:443 TIME_WAIT -
tcp 0 0 192.168.42.157:41690 54.182.1.219:443 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:56472 54.182.0.97:443 ESTABLISHED 21019/firefox
tcp 1 32 192.168.42.157:48390 198.252.206.25:443 CLOSING -
tcp 0 0 192.168.42.157:37322 34.107.221.82:80 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:57724 204.79.197.204:443 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:43142 23.57.14.17:443 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:46286 13.227.138.58:443 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:55576 112.133.250.163:443 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:52328 151.101.120.193:443 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:35736 52.39.214.89:443 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:57252 99.83.135.170:443 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:48394 198.252.206.25:443 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:45020 54.182.0.113:443 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:50396 27.123.42.205:443 ESTABLISHED 21019/firefox
tcp 1 32 192.168.42.157:48092 198.252.206.25:443 CLOSING -
tcp 0 0 192.168.42.157:55798 142.250.192.99:80 TIME_WAIT -
tcp 0 0 192.168.42.157:34190 157.240.16.52:443 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:37320 34.107.221.82:80 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:44806 54.87.110.85:443 ESTABLISHED 21019/firefox
tcp 0 0 192.168.42.157:51202 103.229.10.173:443 ESTABLISHED 21019/firefox
这就是我要的:
Prot Local Address PortofLocalA Foreign Address PortofForeignA PID/Program name
及其下面的所有 o/p
答案1
虽然有点笨拙,但你可以尝试一下:
$ netstat -natp 2> /dev/null | awk 'NR==2 {printf("%s\t%s %s\t%s %s\t%s %s\n",$1,$4,$5,$6,$7,$9,$10)}
NR>=3 {OFS="\t";print($1,$4,$5,$7)}'
编辑
...并且,为了完成目的,如果您需要在最终输出中将端口列与其 IP 方向分开,您可以在 中引入更细粒度的格式awk,如下所示:
$ netstat -natp 2>/dev/null | awk '
NR==2 {printf("%s\t%8s %s\tPort\t%8s %s\tPort\t%s\n",$1,$4,$5,$6,$7,$9)}
NR>=3 {$8=$7;
idx=match($5,":[^:]+$");
$7=substr($5,idx+1);
$6=substr($5,1,idx-1);
idx=match($4,":[^:]+$");
$5=substr($4,idx+1);
$4=substr($4,1,idx-1);
printf("%s\t%16s\t%s\t%16s\t%s\t%s\n",$1,$4,$5,$6,$7,$8)}
'
Proto Local Address Port Foreign Address Port PID/Program
tcp 0.0.0.0 22 0.0.0.0 * -
tcp 127.0.0.1 631 0.0.0.0 * -
tcp 127.0.0.1 25 0.0.0.0 * -
tcp 0.0.0.0 445 0.0.0.0 * -
tcp 127.0.0.1 12150 0.0.0.0 * -
tcp 0.0.0.0 139 0.0.0.0 * -
tcp 127.0.0.1 37580 127.0.0.1 12150 2962/firefox
tcp 127.0.0.1 12150 127.0.0.1 40684 -
[...]
tcp 127.0.0.1 12150 127.0.0.1 47646 -
tcp 127.0.0.1 12150 127.0.0.1 48982 -
tcp 127.0.0.1 12150 127.0.0.1 1414 -
tcp6 :: 22 :: * -
tcp6 ::1 631 :: * -
tcp6 :: 445 :: * -
tcp6 :: 139 :: * -
使用 Gawk (GNU Awk) v5.1.0 进行测试,上面的示例输出来自我附近的一个随机盒子。
与我之前的回答的不同之处在于:
- 对于每个记录的字段 4 和 5,检查字符串中
idx最后一个字符的位置 ( )。:之后出现的就是端口。字符串的开头是 IP。这适用于 IPv4 和 IPv6 IP 字符串。127.0.0.1:12345例如,这对于分隔 IP 和端口号很有用::1:432。 - 失去
OFS="\t"指定输出字段分隔符在第二个块中,并在两个块中的格式字符串之间awk的适当位置添加整数宽度。%sprintfawk
答案2
画面并不完美,但作为一个开始:
perl -ae 'printf("%-6s%16s%7s%16s%7s %7s %s\n", $F[0], $F[3] =~ /(.*):(.*)/,
$F[4] =~ /(.*):(.*)/, $F[6] =~ /(\d*)\/?(.*)/) if $. > 2'
输出(事后添加标题):
Proto Local-Address Port Remote-Address Port PID Program-name
tcp 192.168.122.100 53 0.0.0.0 * -
tcp 10.0.0.8 53 0.0.0.0 * -
tcp 127.0.0.1 9321 127.0.0.1 45396 -
tcp 10.0.0.8 45454 123.123.123.25 443 484 firefox
tcp 127.0.0.1 36363 127.0.0.1 3639 23018 weechat
tcp 10.0.0.8 23232 123.232.123.25 443 484 firefox
tcp 10.0.0.8 13131 22.123.123.33 6667 23415 irssi
tcp 10.0.0.8 45586 52.42.50.123 443 20538 firefox
tcp6 :: 80 :: * -
tcp6 :: 22 :: * -
tcp6 ::1 631 :: * -
tcp6 :: 25 :: * -
tcp6 :: 443 :: * -
tcp6 127.0.0.1 80 127.0.0.1 46922 -