A netstat command macro

Blue Bar separator

The netstat command can be used to display the state of sockets and their addresses. If you have less than 50, or if you are more patient than me 100, sockets sending the output to the terminal screen and just looking for the sockets you want is not too painful. But when the number of sockets gets large doing this by eye can be challenging.

The following macro called fnet (filtered netstat) will execute the netstat command sending the output to a file and then do a display -match on the file looking for then MATCH string. It also adds the system and module names and a date.time stamp to the output.

Note that this macro uses attach_default_output. If you interrupt the macro while it is executing you will probably have to issue the detach_default_output command to restore output to the terminal.

Some examples:

Looking for the connections in FIN_WAIT_1 or FIN_WAIT_2 states (there weren't any)

fnet fin
=============== fnet fin == %phx_vos#m15 == 06-12-24.16:04:56 ===============   

ready  16:04:56

Looking for connections in the ESTABLISHED state. Note that because the macro uses "display -match" any substring will work, you don't need to spell out "established". You also can use lower case.

fnet est
=============== fnet est == %phx_vos#m15 == 06-12-24.16:05:06 ===============   

86677840  tcp        0      0  164.152.77.34:3004 164.152.77.203:51488 ESTABLISH
+ED
86677ec0  tcp        0      0  164.152.77.34:3002 164.152.77.11:51756 ESTABLISHE
+D
86bdcb00  tcp        0      0  164.152.77.34:3005 164.152.77.11:51757 ESTABLISHE
+D
86ac7440  tcp        0      0  164.152.77.34:22   164.152.77.50:3862 ESTABLISHED
86a25ec0  tcp        0      0  164.152.77.34:49161 164.152.77.203:3000 ESTABLISH
+ED
86aa6040  tcp        0      0  164.152.77.34:49364 164.152.77.11:3000 ESTABLISHE
+D
85e7d940  tcp        0      0  10.10.1.1:49185    10.10.1.3:48879    ESTABLISHED

Connections with 77.50 in the IP address. Note this can appear anywhere in the IP address not just the last 2 octets and can be either the local or remote address.

fnet 77.50
============== fnet 77.50 == %phx_vos#m15 == 06-12-24.16:05:19 ==============   

86ac7440  tcp        0      0  164.152.77.34:22   164.152.77.50:3862 ESTABLISHED
86a18000  tcp        0     40  164.152.77.34:22   164.152.77.50:4691 ESTABLISHED
ready  16:05:19

Sockets with a port number which begins with 22. Note that 2200 is also displayed.

fnet :22
=============== fnet :22 == %phx_vos#m15 == 06-12-24.16:05:40 ===============   

869c0180  tcp        0      0  *:2200             *:*                LISTEN
869c0d80  tcp        0      0  *:22               *:*                LISTEN
86ac7440  tcp        0      0  164.152.77.34:22   164.152.77.50:3862 ESTABLISHED
86a18000  tcp        0     40  164.152.77.34:22   164.152.77.50:4691 ESTABLISHED
ready  16:05:40

In version 1.2a of this macro a second match string was added. Matching lines must match BOTH strings. So, for example, you can match on all intermodule OSL connections by matching on :300 (assuming that the OSL base port is 3000) and the string ESTAB (for ESTABLISHED).

fnet :300 ESTAB
==================== fnet :300 ESTAB -- 08-08-19.12:45:40 ====================

87a6cf80  tcp        0      0  164.152.77.34:49183 164.152.77.203:3000 ESTABLISH
+ED
87ecd600  tcp        0      0  164.152.77.34:49184 164.152.77.203:3001 ESTABLISH
+ED
87ecf180  tcp        0      0  164.152.77.34:49185 164.152.77.203:3002 ESTABLISH
+ED
87abc100  tcp        0      0  164.152.77.34:3007 164.152.77.203:58826 ESTABLISH
+ED
87edfac0  tcp        0      0  164.152.77.34:49187 164.152.77.11:3000 ESTABLISHE
+D
87eeba80  tcp        0      0  172.16.1.34:49188  172.16.1.116:3000  ESTABLISHED
87ef0cc0  tcp        0      0  164.152.77.34:49189 164.152.77.11:3001 ESTABLISHE
+D
87ef3ac0  tcp        0      0  172.16.1.34:49190  172.16.1.116:3001  ESTABLISHED
87ef0140  tcp        0      0  164.152.77.34:3007 164.152.77.11:55534 ESTABLISHE
+D
87ef9b00  tcp        0      0  164.152.77.34:49192 164.152.77.11:3002 ESTABLISHE
+D
87efca40  tcp        0      0  172.16.1.34:49193  172.16.1.116:3002  ESTABLISHED
87eee6c0  tcp        0      0  164.152.77.34:3006 164.152.77.128:49370 ESTABLISH
+ED
87b69380  tcp        0      0  164.152.77.34:3008 164.152.77.11:55535 ESTABLISHE
+D
ready  12:45:40

Or just the OSL listening sockets by matching on :300 and LIST

fnet :300 LIST
===================== fnet :300 LIST -- 08-08-19.12:47:04 =====================

87a48340  tcp        0      0  *:3000             *:*                LISTEN
87a491c0  tcp        0      0  *:3001             *:*                LISTEN
87a49fc0  tcp        0      0  *:3002             *:*                LISTEN
87a4ae40  tcp        0      0  *:3003             *:*                LISTEN
87a4bc40  tcp        0      0  *:3004             *:*                LISTEN
87a4cac0  tcp        0      0  *:3005             *:*                LISTEN
87a4d8c0  tcp        0      0  *:3006             *:*                LISTEN
87a50780  tcp        0      0  *:3007             *:*                LISTEN
87a51580  tcp        0      0  *:3008             *:*                LISTEN
87a52400  tcp        0      0  *:3009             *:*                LISTEN
ready  12:47:04

By default the script uses the netstat arguments -numeric, -PCB_addr and -all_sockets. This is because these are the arguments I use most often. The script does allow you to turn these off by using the -no_numeric, -no_PCB_addr, and -no_all_sockets arguments

------------------------------------- fnet -----------------------------------
 match:                                                                    
 -numeric:     yes                                                         
 -all_sockets: yes                                                         
 -PCB_addr:    yes
 match2:      

Some more examples:

fnet :22 -no_PCB_addr
=============== fnet :22 == %phx_vos#m15 == 06-12-24.16:06:03 ===============   

tcp        0      0  *:2200             *:*                LISTEN
tcp        0      0  *:22               *:*                LISTEN
tcp        0      0  164.152.77.34:22   164.152.77.50:3862 ESTABLISHED
tcp        0     40  164.152.77.34:22   164.152.77.50:4691 ESTABLISHED
ready  16:06:03


fnet :22 -no_PCB_addr -no_all_sockets
=============== fnet :22 == %phx_vos#m15 == 06-12-24.16:06:15 ===============   

tcp        0      0  164.152.77.34:22   164.152.77.50:3862 ESTABLISHED
tcp        0     40  164.152.77.34:22   164.152.77.50:4691 ESTABLISHED
ready  16:06:15


fnet :22 -no_PCB_addr -no_all_sockets -no_numeric
=============== fnet :22 == %phx_vos#m15 == 06-12-24.16:06:35 ===============   

ready  16:06:35

Why did the last example not show any rows? Because I was matching on a numeric port number and when I included the -no_numeric the port number was given a name. For it to work I have to use the name of the port, not the number.

fnet :ssh -no_PCB_addr -no_all_sockets -no_numeric
============== fnet :ssh == %phx_vos#m15 == 06-12-24.16:07:10 ==============    

tcp        0      0  phxtest-m15:ssh    paradisevalley:3862 ESTABLISHED
tcp        0     40  phxtest-m15:ssh    paradisevalley:4691 ESTABLISHED
ready  16:07:10

fnet.cm


& fnet begins here
&
& fnet.cm
& version 1.1  06-07-27
& version 1.2  08-08-17 added listen_only switch
& version 1.2a 08-08-17 changed listen_only to match2
& version 1.3  10-11-26 added disclaimer
& Noah Davids Stratus CAC noah.davids@stratus.com
&
& This software is provided on an "AS IS" basis, WITHOUT ANY WARRANTY OR ANY
& SUPPORT OF ANY KIND. The AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES
& OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE.  This disclaimer
& applies, despite any verbal representations of any kind provided by the
& author or anyone else.
&
&begin_parameters
MATCH match:string
NUM   switch(-numeric),=1
ALL   switch(-all_sockets),=1
PCB   switch(-PCB_addr),=1
MATCH2 match2:string
&end_parameters
&
&set_string EQUALS ========================================================
&set_string CMD (master_disk)>system>stcp>command_library>netstat
&
&if &NUM&
&then &set_string CMD (string &CMD& -numeric)
&if &ALL&
&then &set_string CMD (string &CMD& -all_sockets)
&if &PCB&
&then &set_string CMD (string &CMD& -PCB_addr)

&set_string OP (process_dir)>fnet.out
attach_default_output &OP&
 !&CMD&
detach_default_output

&if (length &MATCH&) > 0
&then &do
display &OP& -match &MATCH& -output_path (process_dir)>fnet-m.out -no_header
copy_file (process_dir)>fnet-m.out &OP& -truncate
&end

&set_string HEADER fnet &MATCH& &MATCH2& -- (date).(time)
&set HEADER_LENGTH (length &HEADER&)
&set_string EQUALS (substr &EQUALS& 1 (calc (calc 77 - &HEADER_LENGTH&) / 2))

display_line &EQUALS& &HEADER& &EQUALS&
display_line

&if (length &MATCH2&) > 0
&then display &OP& -match &MATCH2& -no_header
&else display &OP& -no_header
&
& fnet ends here



Blue Bar separator
This page was last modified on 10-11-26
mailbox Send comments and suggestions
to ndav1@cox.net