The netstat command offers an incredible amount on information on network activity. With the -s alternative (netstat -s), it will display summaries for various procedures such as packages gotten, active connections, stopped working connections and a lot more. While the data is comprehensive enough to make you dizzy, the more you get utilized to what the command’s output appears like, the more you’ll end up being knowledgeable about what to anticipate and perhaps even improve at spotting what’s unusual. In this post, we’re going to take a look at different portions of the netstat -s command’s output using crafted aliases to make it easier.What type of statistics
does the netstat-s command provide?To list the different kinds of stats the netstat -s command provides, I ran a command like that shown listed below to list the procedures it displays. The grep -v” ^”portion of the command selects only lines that don’t begin with a blank. Since the details are all indented, this command reveals simply the procedures.$ netstat-s|grep -v”^ “Ip: Icmp: IcmpMsg: Tcp: Udp: UdpLite: TcpExt: IpExt: MPTcpExt: The following command reveals the procedure headings
with their line numbers consisted of by needing colons and omitting lines with tabs. The line numbers will assist isolate the areas for the aliases. $netstat -s|nl|grep”[ A-Za-z]:$ “| grep-Pv’ t’1 Ip: 10 Icmp: 19 IcmpMsg: 22 Tcp: 33 Udp: 41 UdpLite: 42 TcpExt: 93 IpExt: 104 MPTcpExt: This command counts the total lines on the output: $netstat -s |
. w -l 104 From the above output, I could figure out the starting line and the length of each area and produce the aliases for each too.
begin area lines head command ====================================================== 1 Ip: 1-9 head -9 10 Icmp: 10-18 head -18|tail -9 19 IcmpMsg: 19-21 head -21|tail -3 22 Tcp: 22-32 head -32|tail -11 33 Udp: 33-40 head -40|tail -8 41 UdpLite: 41-41 head -41|tail -1 42 TcpExt: 42-92 head -88|tail -47 93 IpExt: 93-103 head -99|tail -11 104 MPTcpExt: 104-104 head -100|tail -1
After this, it was fairly easy to build aliases like these since I knew where each area began and ended.
alias Ip=’netstat -s|head -9′ alias Icmp=’netstat -s|head -18|tail -9′
On the other hand, knowing that the variety of lines in each area might not always be the very same, I turned to building a script that would build the aliases for me. An essential part in this script is the case statement, which consists of commands to be run for each area of the netstat -s output.Note that each section of the script gathers its starting point and determines the ending point for the prior protocol (the line before its start). Only MPTcpExt area defines its own alias and does this by computing the lines in the file containing the netstat- s output. #!/ bin/bash # conserve netstat -s output in file netstat -s > netstat-s # count lines lines=’wc-l netstat-s|awk’print $1”n= 0 while IFS=read -r line do ((n=n +1)) w=’echo $line|wc -w’ if [$ w == 1]; then # echo $line $n protocol=’echo $line|sed’s/://” case $protocol in Ip) Ip=$n;; Icmp) Icmp=$n; Ip2=’expr $n – 1′; echo alias IP=”‘netstat …
Source