netstat -nt| \
awk -F':'\
'$5==80 {count[$8]++} \
END{ for (i in count) { \
cmd="host "i; \
cmd |& getline j; \
split(j, a, " "); \
printf "%40s - %d\n", a[5], count[i]}}'| \
sort -n -k 3
First netstat provided the list of all connection (netstat -nt); -n stands for numeric and -t for only TCP connections.
Next awk, with the ':' defined as a field separator (awk -F':'), used lines where local port was 80 ($5==80) to create an associated array with a key define by connected host ip and a value equal to number of connection from it ({count[$8]++}). At the end of the script execution, awk looped over all element of the array (END{for (i in count)). Next there was a crux of the script, the cmd was define as a run the OS host command with the awk variable i as an argument (cmd="host" i). The |& operator created two-way pipe between awk and a execution of the previously defined cmd. The getline command was used to store cmd output into the variable j (cmd |& getline j). Next the split command split the content of the j into separate words and saved them into the a array (split(j, a, " ")). Finally the printf formatted output (printf "%40s - %d\n", a[5], count[i])). The actual hostname was fifth element of the a.
For continence, output lines were sorted by numeric order on third column (sort -n -k 3). Each output line consisted of a hostname ,'-' and a number - e.g. important.com - 3456.
No comments:
Post a Comment