我們有一個正常的套接字轉儲，我們要求客戶執行，我只是想知道社區是否有任何想法來辨識網路統計套接字列表中的多個連接地址。

Active Internet connections (including servers)
PCB      Proto Recv-Q Send-Q  Local Address      Foreign Address    (state)
-------- ----- ------ ------  ------------------ ------------------ -------
18970e0  TCP        0      0  10.51.57.214.1028     10.51.57.211.20021    ESTABLISHED
1897374  TCP        0      0  10.51.57.214.23       10.51.102.86.58998    ESTABLISHED
18960e4  TCP        0      0  10.51.57.214.1028     10.51.102.48.59466    ESTABLISHED
189747c  TCP        0      0  10.51.57.214.1031     10.51.82.22.63682     ESTABLISHED
18972f0  TCP        0      0  10.51.57.214.1028     10.51.101.72.64318    ESTABLISHED
18969a8  TCP        0      0  10.51.57.214.1028     10.51.102.75.61478    ESTABLISHED
1896e4c  TCP        0      0  10.51.57.214.1028     10.51.102.74.52111    ESTABLISHED
1896924  TCP        0      0  10.51.57.214.1028     10.51.57.232.57303    ESTABLISHED
1896d44  TCP        0      0  10.51.57.214.1028     10.51.57.232.57302    ESTABLISHED
1896ed0  TCP        0      0  10.51.57.214.1028     10.51.57.202.49952    ESTABLISHED
1896cc0  TCP        0      0  10.51.57.214.1028     10.51.57.242.56605    ESTABLISHED
1896b34  TCP        0      0  10.51.57.214.1028     10.51.57.245.49418    ESTABLISHED
1895b38  TCP        0      0  10.51.57.214.1028     10.51.57.245.49402    ESTABLISHED
18958a4  TCP        0      0  10.51.57.214.1028     10.51.57.244.49390    ESTABLISHED
18968a0  TCP        0      0  10.51.57.214.1028     10.51.101.36.60993    ESTABLISHED
1896714  TCP        0      0  10.51.57.214.1028     10.51.82.22.53412     ESTABLISHED
1896ab0  TCP        0      0  10.51.57.214.1028     10.51.57.243.50377    ESTABLISHED
1895ed4  TCP        0      0  10.51.57.214.1113     10.51.57.203.62953    ESTABLISHED
1896a2c  TCP        0     25  10.51.57.214.1028     10.51.57.243.50362    ESTABLISHED
1895bbc  TCP        0      0  10.51.57.214.1028     10.51.57.196.49313    ESTABLISHED
189681c  TCP        0      0  10.51.57.214.1028     10.51.57.101.52556    ESTABLISHED
1896798  TCP        0      0  10.51.57.214.1028     10.51.57.201.53746    ESTABLISHED
1896c3c  TCP        0      0  10.51.57.214.1028     10.51.57.193.51058    ESTABLISHED
1896588  TCP        0      0  10.51.57.214.1028     10.51.57.195.49358    ESTABLISHED
18962f4  TCP        0      0  10.51.57.214.1028     10.51.101.92.59060    ESTABLISHED
1896504  TCP        0      0  10.51.57.214.1028     10.51.57.213.62754    ESTABLISHED
18963fc  TCP        0      0  10.51.57.214.1028     10.51.57.213.62753    ESTABLISHED
1896690  TCP        0      0  10.51.57.214.1052     10.51.57.203.62953    ESTABLISHED
189660c  TCP        0      0  10.51.57.214.1028     10.51.57.241.54348    ESTABLISHED
1896168  TCP        0      0  10.51.57.214.1047     10.51.57.203.62953    ESTABLISHED
1896378  TCP        0      0  10.51.57.214.1031     10.51.57.203.62961    ESTABLISHED
1895f58  TCP        0      0  10.51.57.214.1028     10.51.57.203.62958    ESTABLISHED
1896270  TCP        0      0  10.51.57.214.1028     10.51.57.181.55438    ESTABLISHED

我只對外國地址感興趣，因為每個伺服器的本地地址都會發生變化。它們要麼是實際建立的，要麼被視為陳舊的套接字，並且交換機已將它們孤立（這通常是多個已建立套接字的原因）

看起來找到這些的唯一方法是查找選項卡，然後是虛線四邊形，然後是套接字編號，然後是選項卡，然後是 ESTABLISHED。日誌來自一個古老版本的 vxworks，因此套接字號沒有以冒號為前綴，但我們可以假設所有端點都大於 1024

我無法從邏輯上找出顯示一組過濾的 IP 地址的最佳方法，然後按連接數對它們進行排序？我想看看哪個出現了兩個以上的並發連接

我想我可以將本地地址留在那裡，因為有 250 多個連接在邏輯上就是本地地址！

非常感謝

您可以使用awk腳本在數據中搜尋 IP；將它們的每次出現收集到一個counts數組中。當輸入全部被讀取後，循環遍歷數組並列印計數和 IP，但前提是出現兩次以上，然後通過管道將其全部排序：

腳本：

NF == 7 && $7 == "ESTABLISHED" {
 split($6, octets, ".")
 ip=octets[1] "." octets[2] "." octets[3] "." octets[4]
 counts[ip]++
}

END {
 for (i in counts)
   if (counts[i] > 2)
       print counts[i], i
}

像這樣執行它：

awk -f awkscript < input | sort -n

使用範例輸入，只有一個 IP 出現，出現 5 次：

5 10.51.57.203

引用自：https://unix.stackexchange.com/questions/441017