The netstat command can be used to display the state of sockets and their addresses. If you have less than 50, or if you are more patient than me 100, sockets sending the output to the terminal screen and just looking for the sockets you want is not too painful. But when the number of sockets gets large doing this by eye can be challenging.
The following macro called fnet (filtered netstat) will execute the netstat command sending the output to a file and then do a display -match on the file looking for then MATCH string. It also adds the system and module names and a date.time stamp to the output.
Note that this macro uses attach_default_output. If you interrupt the macro while it is executing you will probably have to issue the detach_default_output command to restore output to the terminal.
Some examples:
Looking for the connections in FIN_WAIT_1 or FIN_WAIT_2 states (there weren't any)
fnet fin =============== fnet fin == %phx_vos#m15 == 06-12-24.16:04:56 =============== ready 16:04:56 |
Looking for connections in the ESTABLISHED state. Note that because the macro uses "display -match" any substring will work, you don't need to spell out "established". You also can use lower case.
fnet est =============== fnet est == %phx_vos#m15 == 06-12-24.16:05:06 =============== 86677840 tcp 0 0 164.152.77.34:3004 164.152.77.203:51488 ESTABLISH +ED 86677ec0 tcp 0 0 164.152.77.34:3002 164.152.77.11:51756 ESTABLISHE +D 86bdcb00 tcp 0 0 164.152.77.34:3005 164.152.77.11:51757 ESTABLISHE +D 86ac7440 tcp 0 0 164.152.77.34:22 164.152.77.50:3862 ESTABLISHED 86a25ec0 tcp 0 0 164.152.77.34:49161 164.152.77.203:3000 ESTABLISH +ED 86aa6040 tcp 0 0 164.152.77.34:49364 164.152.77.11:3000 ESTABLISHE +D 85e7d940 tcp 0 0 10.10.1.1:49185 10.10.1.3:48879 ESTABLISHED |
Connections with 77.50 in the IP address. Note this can appear anywhere in the IP address not just the last 2 octets and can be either the local or remote address.
fnet 77.50 ============== fnet 77.50 == %phx_vos#m15 == 06-12-24.16:05:19 ============== 86ac7440 tcp 0 0 164.152.77.34:22 164.152.77.50:3862 ESTABLISHED 86a18000 tcp 0 40 164.152.77.34:22 164.152.77.50:4691 ESTABLISHED ready 16:05:19 |
Sockets with a port number which begins with 22. Note that 2200 is also displayed.
fnet :22 =============== fnet :22 == %phx_vos#m15 == 06-12-24.16:05:40 =============== 869c0180 tcp 0 0 *:2200 *:* LISTEN 869c0d80 tcp 0 0 *:22 *:* LISTEN 86ac7440 tcp 0 0 164.152.77.34:22 164.152.77.50:3862 ESTABLISHED 86a18000 tcp 0 40 164.152.77.34:22 164.152.77.50:4691 ESTABLISHED ready 16:05:40 |
In version 1.2a of this macro a second match string was added. Matching lines must match BOTH strings. So, for example, you can match on all intermodule OSL connections by matching on :300 (assuming that the OSL base port is 3000) and the string ESTAB (for ESTABLISHED).
fnet :300 ESTAB ==================== fnet :300 ESTAB -- 08-08-19.12:45:40 ==================== 87a6cf80 tcp 0 0 164.152.77.34:49183 164.152.77.203:3000 ESTABLISH +ED 87ecd600 tcp 0 0 164.152.77.34:49184 164.152.77.203:3001 ESTABLISH +ED 87ecf180 tcp 0 0 164.152.77.34:49185 164.152.77.203:3002 ESTABLISH +ED 87abc100 tcp 0 0 164.152.77.34:3007 164.152.77.203:58826 ESTABLISH +ED 87edfac0 tcp 0 0 164.152.77.34:49187 164.152.77.11:3000 ESTABLISHE +D 87eeba80 tcp 0 0 172.16.1.34:49188 172.16.1.116:3000 ESTABLISHED 87ef0cc0 tcp 0 0 164.152.77.34:49189 164.152.77.11:3001 ESTABLISHE +D 87ef3ac0 tcp 0 0 172.16.1.34:49190 172.16.1.116:3001 ESTABLISHED 87ef0140 tcp 0 0 164.152.77.34:3007 164.152.77.11:55534 ESTABLISHE +D 87ef9b00 tcp 0 0 164.152.77.34:49192 164.152.77.11:3002 ESTABLISHE +D 87efca40 tcp 0 0 172.16.1.34:49193 172.16.1.116:3002 ESTABLISHED 87eee6c0 tcp 0 0 164.152.77.34:3006 164.152.77.128:49370 ESTABLISH +ED 87b69380 tcp 0 0 164.152.77.34:3008 164.152.77.11:55535 ESTABLISHE +D ready 12:45:40 |
Or just the OSL listening sockets by matching on :300 and LIST
fnet :300 LIST ===================== fnet :300 LIST -- 08-08-19.12:47:04 ===================== 87a48340 tcp 0 0 *:3000 *:* LISTEN 87a491c0 tcp 0 0 *:3001 *:* LISTEN 87a49fc0 tcp 0 0 *:3002 *:* LISTEN 87a4ae40 tcp 0 0 *:3003 *:* LISTEN 87a4bc40 tcp 0 0 *:3004 *:* LISTEN 87a4cac0 tcp 0 0 *:3005 *:* LISTEN 87a4d8c0 tcp 0 0 *:3006 *:* LISTEN 87a50780 tcp 0 0 *:3007 *:* LISTEN 87a51580 tcp 0 0 *:3008 *:* LISTEN 87a52400 tcp 0 0 *:3009 *:* LISTEN ready 12:47:04 |
By default the script uses the netstat arguments -numeric, -PCB_addr and -all_sockets. This is because these are the arguments I use most often. The script does allow you to turn these off by using the -no_numeric, -no_PCB_addr, and -no_all_sockets arguments
------------------------------------- fnet ----------------------------------- match: -numeric: yes -all_sockets: yes -PCB_addr: yes match2: |
Some more examples:
fnet :22 -no_PCB_addr =============== fnet :22 == %phx_vos#m15 == 06-12-24.16:06:03 =============== tcp 0 0 *:2200 *:* LISTEN tcp 0 0 *:22 *:* LISTEN tcp 0 0 164.152.77.34:22 164.152.77.50:3862 ESTABLISHED tcp 0 40 164.152.77.34:22 164.152.77.50:4691 ESTABLISHED ready 16:06:03 fnet :22 -no_PCB_addr -no_all_sockets =============== fnet :22 == %phx_vos#m15 == 06-12-24.16:06:15 =============== tcp 0 0 164.152.77.34:22 164.152.77.50:3862 ESTABLISHED tcp 0 40 164.152.77.34:22 164.152.77.50:4691 ESTABLISHED ready 16:06:15 fnet :22 -no_PCB_addr -no_all_sockets -no_numeric =============== fnet :22 == %phx_vos#m15 == 06-12-24.16:06:35 =============== ready 16:06:35 |
Why did the last example not show any rows? Because I was matching on a numeric port number and when I included the -no_numeric the port number was given a name. For it to work I have to use the name of the port, not the number.
fnet :ssh -no_PCB_addr -no_all_sockets -no_numeric ============== fnet :ssh == %phx_vos#m15 == 06-12-24.16:07:10 ============== tcp 0 0 phxtest-m15:ssh paradisevalley:3862 ESTABLISHED tcp 0 40 phxtest-m15:ssh paradisevalley:4691 ESTABLISHED ready 16:07:10 |
& fnet begins here & & fnet.cm & version 1.1 06-07-27 & version 1.2 08-08-17 added listen_only switch & version 1.2a 08-08-17 changed listen_only to match2 & version 1.3 10-11-26 added disclaimer & Noah Davids Stratus CAC noah.davids@stratus.com & & This software is provided on an "AS IS" basis, WITHOUT ANY WARRANTY OR ANY & SUPPORT OF ANY KIND. The AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES & OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE. This disclaimer & applies, despite any verbal representations of any kind provided by the & author or anyone else. & &begin_parameters MATCH match:string NUM switch(-numeric),=1 ALL switch(-all_sockets),=1 PCB switch(-PCB_addr),=1 MATCH2 match2:string &end_parameters & &set_string EQUALS ======================================================== &set_string CMD (master_disk)>system>stcp>command_library>netstat & &if &NUM& &then &set_string CMD (string &CMD& -numeric) &if &ALL& &then &set_string CMD (string &CMD& -all_sockets) &if &PCB& &then &set_string CMD (string &CMD& -PCB_addr) &set_string OP (process_dir)>fnet.out attach_default_output &OP& !&CMD& detach_default_output &if (length &MATCH&) > 0 &then &do display &OP& -match &MATCH& -output_path (process_dir)>fnet-m.out -no_header copy_file (process_dir)>fnet-m.out &OP& -truncate &end &set_string HEADER fnet &MATCH& &MATCH2& -- (date).(time) &set HEADER_LENGTH (length &HEADER&) &set_string EQUALS (substr &EQUALS& 1 (calc (calc 77 - &HEADER_LENGTH&) / 2)) display_line &EQUALS& &HEADER& &EQUALS& display_line &if (length &MATCH2&) > 0 &then display &OP& -match &MATCH2& -no_header &else display &OP& -no_header & & fnet ends here |