Linux
如何使用一些空格 grep 數據並忽略塊?
我正在嘗試從以下內容中檢索-port和)
Local Address中每個 IP 地址使用的不同塊中的埠號,並將其儲存在文件中:Foreign Address``PID/Program name我用了:
netstat -natp | grep '^[a-z0-9P]*'之後,我想忽略
Recv-Q並Send-Q阻止並Local Address使用其埠號獲取Foreign Address,然後再次忽略State並獲取PID/Program name。哪個正則表達式對我有幫助?此外,如果我能夠在每個地址之後將兩個埠號保留在不同的塊中,那將會更有幫助。
這就是我所擁有的:
$ netstat -natp | grep '^[a-z0-9P]*' (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:5939 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:7071 0.0.0.0:* LISTEN - tcp 0 0 192.168.42.157:37960 106.10.218.42:443 ESTABLISHED 21019/firefox tcp 0 0 192.168.42.157:35636 117.18.237.29:80 ESTABLISHED 21019/firefox tcp 1 32 192.168.42.157:40444 5.39.93.71:443 CLOSING - tcp 0 0 192.168.42.157:35626 52.27.200.224:443 TIME_WAIT - tcp 0 0 192.168.42.157:43004 122.252.255.200:80 ESTABLISHED 21019/firefox tcp 0 0 192.168.42.157:35734 117.18.237.29:80 TIME_WAIT - tcp 0 0 192.168.42.157:35776 52.27.200.224:443 TIME_WAIT - tcp 0 0 192.168.42.157:41690 54.182.1.219:443 ESTABLISHED 21019/firefox tcp 0 0 192.168.42.157:56472 54.182.0.97:443 ESTABLISHED 21019/firefox tcp 1 32 192.168.42.157:48390 198.252.206.25:443 CLOSING - tcp 0 0 192.168.42.157:37322 34.107.221.82:80 ESTABLISHED 21019/firefox tcp 0 0 192.168.42.157:57724 204.79.197.204:443 ESTABLISHED 21019/firefox tcp 0 0 192.168.42.157:43142 23.57.14.17:443 ESTABLISHED 21019/firefox tcp 0 0 192.168.42.157:46286 13.227.138.58:443 ESTABLISHED 21019/firefox tcp 0 0 192.168.42.157:55576 112.133.250.163:443 ESTABLISHED 21019/firefox tcp 0 0 192.168.42.157:52328 151.101.120.193:443 ESTABLISHED 21019/firefox tcp 0 0 192.168.42.157:35736 52.39.214.89:443 ESTABLISHED 21019/firefox tcp 0 0 192.168.42.157:57252 99.83.135.170:443 ESTABLISHED 21019/firefox tcp 0 0 192.168.42.157:48394 198.252.206.25:443 ESTABLISHED 21019/firefox tcp 0 0 192.168.42.157:45020 54.182.0.113:443 ESTABLISHED 21019/firefox tcp 0 0 192.168.42.157:50396 27.123.42.205:443 ESTABLISHED 21019/firefox tcp 1 32 192.168.42.157:48092 198.252.206.25:443 CLOSING - tcp 0 0 192.168.42.157:55798 142.250.192.99:80 TIME_WAIT - tcp 0 0 192.168.42.157:34190 157.240.16.52:443 ESTABLISHED 21019/firefox tcp 0 0 192.168.42.157:37320 34.107.221.82:80 ESTABLISHED 21019/firefox tcp 0 0 192.168.42.157:44806 54.87.110.85:443 ESTABLISHED 21019/firefox tcp 0 0 192.168.42.157:51202 103.229.10.173:443 ESTABLISHED 21019/firefox這就是我要的:
Prot Local Address PortofLocalA Foreign Address PortofForeignA PID/Program name以及它下面的所有o/p
雖然很笨拙,但你可以試試這個:
$ netstat -natp 2> /dev/null | awk 'NR==2 {printf("%s\t%s %s\t%s %s\t%s %s\n",$1,$4,$5,$6,$7,$9,$10)} NR>=3 {OFS="\t";print($1,$4,$5,$7)}'編輯
…並且,為了完成,如果您需要在最終輸出中將埠列與其 IP 方向分開,您可以在 中引入更細粒度的格式
awk,如下所示:$ netstat -natp 2>/dev/null | awk ' NR==2 {printf("%s\t%8s %s\tPort\t%8s %s\tPort\t%s\n",$1,$4,$5,$6,$7,$9)} NR>=3 {$8=$7; idx=match($5,":[^:]+$"); $7=substr($5,idx+1); $6=substr($5,1,idx-1); idx=match($4,":[^:]+$"); $5=substr($4,idx+1); $4=substr($4,1,idx-1); printf("%s\t%16s\t%s\t%16s\t%s\t%s\n",$1,$4,$5,$6,$7,$8)} ' Proto Local Address Port Foreign Address Port PID/Program tcp 0.0.0.0 22 0.0.0.0 * - tcp 127.0.0.1 631 0.0.0.0 * - tcp 127.0.0.1 25 0.0.0.0 * - tcp 0.0.0.0 445 0.0.0.0 * - tcp 127.0.0.1 12150 0.0.0.0 * - tcp 0.0.0.0 139 0.0.0.0 * - tcp 127.0.0.1 37580 127.0.0.1 12150 2962/firefox tcp 127.0.0.1 12150 127.0.0.1 40684 - [...] tcp 127.0.0.1 12150 127.0.0.1 47646 - tcp 127.0.0.1 12150 127.0.0.1 48982 - tcp 127.0.0.1 12150 127.0.0.1 1414 - tcp6 :: 22 :: * - tcp6 ::1 631 :: * - tcp6 :: 445 :: * - tcp6 :: 139 :: * -使用 Gawk (GNU Awk) v5.1.0 測試,上面的範例輸出來自我附近的一個隨機盒子。
與我之前的回答不同的是:
- 對於每條記錄的欄位 4 和 5,檢查字元串
idx中最後一個:字元的位置 ( )。之後是港口。字元串的開頭是 IP。這適用於 IPv4 和 IPv6 IP 字元串。例如,這在分隔 IP 和埠號時很有127.0.0.1:12345用::1:432。- 失去以在第二個塊
OFS="\t"中指定輸出欄位分隔符,並在兩個塊的格式化字元串awk之間的適當位置添加整數寬度。%``s``printf``awk