I want to get a list of ports of the established connections using netstat -v grep.
I am trying this:
sudo netstat -v | grep "ESTABLISHED" | cut -d: -f5
Any help?
Try this with $5 and $4:
netstat -v | awk '/ESTABLISHED/ {split($5, array, ":"); print array[2]}'
Please try
netstat -v| grep "ESTABLISHED"| awk '{print $5}' | cut -d ":" -f2
Related
If i execute the below comment, The result will be like this 8060 0.0.0.0
netstat -antup | grep nginx |awk '{print $4 "\t" $5 }' | cut -d ":" -f2
But I want the result to be like this 8060
Not sure what the orignial response from the command is, but just cut the response again is one way
netstat -antup | grep nginx |awk '{print $4 "\t" $5 }' | cut -d ":" -f2 | cut -d " " -f1
Deconstructing the command you provided, netstat -antup prints these information:
$ netstat -antup
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:8060 0.0.0.0:* LISTEN XYZ/nginx
...
You want just the "8060", which is the port, nginx is listening to.
The next part was fine. grep nginx |awk '{print $4}' gives you the corresponding Local Address. You don't need the "\t" $5 part, as the Foreign Address is not relevant here.
The intermediary result should look like this:
$ netstat -antup | grep nginx | awk '{print $4}'
127.0.0.1:8060
Now the port ist the last part after a ":". Be aware, that IPv6 addresses also contain ":"s. So i'd suggest to cut the very last one instead of the 2nd.
You can do so, by reverting the output, cutting the first bit and reverting again:
$ netstat -antup | grep nginx | awk '{print $4}' | rev | cut -d":" -f1 | rev
8060
et voila. the desired output
I've build this command:
arp -a | grep <mac here> | grep -P '\((.*?)\)' -o
This should return an IP address for a specific mac. The problem is that the IP get's returned but with () around them. I need them without the (). Any idea how I can fix this?
Currently: (192.168.187.136)
Should be 192.168.187.136
I believe arp is somewhat deprecated and ip neighbor is the proper replacement. Since ip n output doesn't have those parenthesis, you also avoid this issue
ip n | grep <mac here> | cut -d' ' -f1
You can remove the 1st and last character using sed:
arp -a | grep <mac here> | grep -P '\((.*?)\)' -o | sed 's/^|\(.*\)|$/\1/'
Also, on BASH 4.2 and newer:
ip=$(arp -a | grep <mac here> | grep -P '\((.*?)\)' -o)
echo "${ip:1:-1}"
using sed in one command
arp -a | grep <mac here> | grep -P '\((.*?)\)' -o | sed 's/^|\(.*\)|$/\1/'
Since you're already using grep -P :
arp -a | grep <mac here> | grep -oP '\(\K[^)]*'
\K is a PCRE meta-character meaning "drop the string matched so far", so you will check that there's a bracket before your result without outputting it, and the negated class [^)] will match up to the next bracket excluded.
You can also fuse both greps if the mac address appears before the IP :
arp -a | grep -oP '<mac here>.*\(\K[^)]*'
Using ip neighboor and (posix) awk:
ip n | awk -v mac='<mac here>' 'mac{print $1}'
or using GNU awk and arp:
arp -a | awk -F'[()]' -v mac='<mac here>' '$0 ~ mac{print $2}'
I am using
ifconfig | grep en0 -A 5 | grep 'inet ' | cut -d ' ' -f 2
to find my system's local ip address. I am certain there is a way to shorten this.
ipconfig getifaddr en0 assuming that en0 is the network interface you're using.
If you aren't sure...
ipconfig getifaddr `route -n get default | grep interface | awk '{print $2}'`
is pretty bulletproof, but loses the conciseness.
Not shorter, but useful too:
echo $(/usr/sbin/arp $(hostname) | awk -F'[()]' '{print $2}')
I am using this command to get the process ID of another command:
ps aux | grep 7000.conf | awk '{print $2}'
This will return two PIDs:
7731
22125
I only want the first one. The second is the PID for grep in the above command. Thanks in advance to any one who knows how to alter the above command to return just the first pid.
p.s. open to a new command that does the same thing
In this particular case, escaping the . to what I assume it was meant to do should work:
ps aux | grep '7000\.conf' | awk '{print $2}'
Alternatively, exclude grep:
ps aux | grep 7000.conf | grep -v grep | awk '{print $2}'
ps aux | grep "[7]000.conf" will work as well.
Context:
On *nix systems, one may get the IP address of the machine in a shell script this way:
ifconfig | grep 'inet' | grep -v '127.0.0.1' | cut -d: -f2 | awk '{print $1}'
Or this way too:
ifconfig | grep 'inet' | grep -v '127.0.0.1' | awk '{print $2}' | sed 's/addr://'
Question:
Would there be a more straightforward, still portable, way to get the IP address for use in a shell script?
(my apologies to *BSD and Solaris users as the above command may not work; I could not test)
you can do it with just one awk command. No need to use too many pipes.
$ ifconfig | awk -F':' '/inet addr/&&!/127.0.0.1/{split($2,_," ");print _[1]}'
you give direct interface thereby reducing one grep.
ifconfig eth0 | grep 'inet addr:' | cut -d: -f2 | awk '{print $1}'
Based on this you can use the following command
ip route get 8.8.8.8 | awk 'NR==1 {print $NF}'
Look here at the Beej's guide to networking to obtain the list of sockets using a simple C program to print out the IP addresses using getaddrinfo(...) call. This simple C Program can be used in part of the shell script to just print out the IP addresses available to stdout which would be easier to do then rely on the ifconfig if you want to remain portable as the output of ifconfig can vary.
Hope this helps,
Best regards,
Tom.
ifconfig | grep 'broadcast\|Bcast' | awk -F ' ' {'print $2'} | head -n 1 | sed -e 's/addr://g'
May be this could help.
more /etc/hosts | grep `hostname` | awk '{print $1}'
# for bash/linux
ipaddr(){
if="${1:-eth0}"
result=$(/sbin/ip -o -4 addr show dev "${if}" | sed 's/^.*inet // ; s/\/...*$//')
printf %s "${result}"
tty -s && printf "\n"
}