From: Ciccio on
Hi List,

Given the output below,

$ netstat -an | grep TIME_WAIT
10.159.244.250.80 10.159.244.250.49198 49152 0 49152 0
TIME_WAIT
10.159.244.250.49199 10.159.244.250.1984 51148 0 49152 0
TIME_WAIT
10.159.244.250.49200 10.159.244.250.1984 49944 0 49152 0
TIME_WAIT
10.159.244.250.49167 10.159.244.250.1984 50485 0 49152 0
TIME_WAIT
10.159.244.250.49168 10.159.244.250.1984 50363 0 49152 0
TIME_WAIT
10.159.244.250.49169 10.159.244.250.1984 49247 0 49152 0
TIME_WAIT
10.159.244.250.49170 10.159.244.250.1984 49247 0 49152 0
TIME_WAIT
10.159.244.250.49171 10.159.244.250.1984 49249 0 49152 0
TIME_WAIT
10.159.244.250.49172 10.159.244.250.1984 49247 0 49152 0
TIME_WAIT
10.159.244.250.49173 10.159.244.250.1984 49245 0 49152 0
TIME_WAIT
10.159.244.250.49174 10.159.244.250.1984 49251 0 49152 0
TIME_WAIT
10.159.244.250.49175 10.159.244.250.1984 49663 0 49152 0
TIME_WAIT
10.159.244.250.49176 10.159.244.250.1984 51201 0 49152 0
TIME_WAIT
10.159.244.250.49177 10.159.244.250.1984 49495 0 49152 0
TIME_WAIT
10.159.244.250.49181 10.159.244.250.22 49152 0 49152 0
TIME_WAIT
10.159.244.250.49185 10.159.244.50.22 49640 0 49640 0
TIME_WAIT
10.159.244.250.49186 10.159.244.46.22 49640 0 49640 0
TIME_WAIT
10.159.244.250.49187 10.159.244.135.22 49640 0 49640 0
TIME_WAIT
10.159.244.250.49188 10.159.244.250.1984 52081 0 49152 0
TIME_WAIT
10.159.244.250.49194 10.159.244.250.1984 49541 0 49152 0
TIME_WAIT
10.159.244.250.49195 10.159.244.250.1984 49553 0 49152 0
TIME_WAIT

I need to obtain these 4 variables ($LOCALIP $LOCALPORT $REMOTEIP
$REMOTEPORT) to pass to tcpdrop.

Here is what I came up with - and it works, but is there a better/
faster/neater way of doing it?

Cheers

Ciccio


#!/bin/bash

/usr/bin/netstat -an | grep TIME_WAIT > time.wait.file

while read line
do
LOCAL=`echo $line | awk '{print $1}'`
LOCALIP=`echo $LOCAL | cut -d "." -f 1-4`
LOCALPORT=`echo $LOCAL | cut -d "." -f 5`
REMOTE=`echo $line | awk '{print $2}'`
REMOTEIP=`echo $REMOTE | cut -d "." -f 1-4`
REMOTEPORT=`echo $REMOTE | cut -d "." -f 5`
/usr/local/bin/tcpdrop $LOCALIP $LOCALPORT $REMOTEIP $REMOTEPORT
done < time.wait.file

From: pk on
Ciccio wrote:

> Hi List,
>
> Given the output below,
>
> $ netstat -an | grep TIME_WAIT
> 10.159.244.250.80 10.159.244.250.49198 49152 0 49152 0
> TIME_WAIT

Try

eval $(netstat -an | awk -F '\.| +' -v OFS=. '/TIME_WAIT/{
print "LOCALIP="$1,$2,$3,$4
print "LOCALPORT="$5
print "REMOTEIP="$6,$7,$8,$9
print "REMOTEPORT="$10
}')


From: Ciccio on
On Nov 3, 4:56 pm, pk <p...(a)pk.invalid> wrote:
> Ciccio wrote:
> > Hi List,
>
> > Given the output below,
>
> > $ netstat -an | grep TIME_WAIT
> > 10.159.244.250.80    10.159.244.250.49198 49152      0 49152      0
> > TIME_WAIT
>
> Try
>
> eval $(netstat -an | awk -F '\.| +' -v OFS=. '/TIME_WAIT/{
>   print "LOCALIP="$1,$2,$3,$4
>   print "LOCALPORT="$5
>   print "REMOTEIP="$6,$7,$8,$9
>   print "REMOTEPORT="$10
>
> }')



Hi pk,

Thanks for that - I gave that a shot and it came back with the
following:

$ eval $(netstat -an | awk -F '\.| +' -v OFS=. '/TIME_WAIT/{
> print "LOCALIP="$1,$2,$3,$4
> print "LOCALPORT="$5
> print "REMOTEIP="$6,$7,$8,$9
> print "REMOTEPORT="$10
> }')
awk: syntax error near line 1
awk: bailing out near line 1
$

(should it matter, I'm on a Solaris 10 x64 server).

Ciccio

From: pk on
Ciccio wrote:

> Thanks for that - I gave that a shot and it came back with the
> following:
>
> $ eval $(netstat -an | awk -F '\.| +' -v OFS=. '/TIME_WAIT/{
>> print "LOCALIP="$1,$2,$3,$4
>> print "LOCALPORT="$5
>> print "REMOTEIP="$6,$7,$8,$9
>> print "REMOTEPORT="$10
>> }')
> awk: syntax error near line 1
> awk: bailing out near line 1
> $
>
> (should it matter, I'm on a Solaris 10 x64 server).

Yes that was also indicated by the typical "bailing out" message you got
from awk. Try using /usr/xpg4/bin/awk, which should be a better
implementation.


From: Ciccio on
On Nov 3, 5:07 pm, pk <p...(a)pk.invalid> wrote:
> Ciccio wrote:
> > Thanks for that - I gave that a shot and it came back with the
> > following:
>
> > $ eval $(netstat -an | awk -F '\.| +' -v OFS=. '/TIME_WAIT/{
> >> print "LOCALIP="$1,$2,$3,$4
> >> print "LOCALPORT="$5
> >> print "REMOTEIP="$6,$7,$8,$9
> >> print "REMOTEPORT="$10
> >>  }')
> > awk: syntax error near line 1
> > awk: bailing out near line 1
> > $
>
> > (should it matter, I'm on a Solaris 10 x64 server).
>
> Yes that was also indicated by the typical "bailing out" message you got
> from awk. Try using /usr/xpg4/bin/awk, which should be a better
> implementation.


Ok,

$ eval $(netstat -an | /usr/xpg4/bin/awk -F '\.| +' -v OFS=. '/
TIME_WAIT/{
print "LOCALIP="$1,$2,$3,$4
print "LOCALPORT="$5
print "REMOTEIP="$6,$7,$8,$9
print "REMOTEPORT="$10
}')

no errors now, but no output either...

Ciccio