How to parse netstat command in order to get process name and PID from it?
Try
ps -p $(lsof -ti tcp:80) o comm=,pid=
or
netstat -tlnp | awk '/:80 */ {split($NF,a,"/"); print a[2],a[1]}'
Capturing just the `PID` field from `netstat`
Assuming that you'll only get the one result (which seems likely), you can use a simple regex to capture the last group of digits from the line.
$netstat = "TCP 127.0.0.1:51135 r151:51135 ESTABLISHED 7968";
$PortNumRegex = [regex]"(\d+)$";
$portnum = $PortNumRegex.Match($netstat);
$portnum.captures[0].Value;
In your case, replace the $netstat
line with netstat -ao | findstr 51135
; you could also eliminate findstr 51135
by running the output of netstat -ao
through select-string
or other regex matches, but for a simple case like this, the above should work just fine.
How to parse netstat command to get the send-q number from the line
Something like
$ netstat -naputeo 2>/dev/null | awk -v OFS=';' '$1 ~ /^tcp/ && $3 > 4000 { sub(/^.+:/, "", $4); print $3, $4, $9 }'
?
That would output the 3rd column (Send-Q
), the port part of the 4th column (Local Address
) and the 9th column (PID/Program name
) if Send-Q > 4000
, separated by semicolons so you can pipe it into your CSV.
E.g. (for Send-Q > 0
on my box)
$ netstat -naputeo 2>/dev/null | awk -v OFS=';' '$1 ~ /^tcp/ && $3 > 0 { sub(/^.+:/, "", $4); print $3, $4, $9 }'
52;22;4363/sshd:
EDIT:
If you really need to further process the values in bash
, then you can just print the respective columns via awk
and iterate over the lines like this:
#!/bin/bash
while read recv send address pid_program; do
ip=${address%%:*}
port=${address##*:}
pid=${pid_program%%/*}
program=${pid_program#*/}
echo "recv=${recv} send=${send} ip=${ip} port=${port} pid=${pid} program=${program}"
# do stuff here
done < <(netstat -naputeo 2>/dev/null | awk '$1 ~ /^(tcp|udp)/ && ($2 > 4000 || $3 > 4000) { print $2, $3, $4, $9 }')
E.g.:
$ ./t.sh
recv=0 send=52 ip=x.x.x.x port=22 pid=12345 program=sshd:
Note: I don't understand why you need the -o
switch to netstat
since you don't seem to be interested in the timers output, so you could probably drop that.
Flatten netstat command output in powershell
I would probably do something like this:
mangle the output into a single string:
netstat -bano | Out-String
remove indention of the lines beginning with UDP or TCP to make them distinguishable from the other lines:
-replace '(?m)^ (TCP|UDP)', '$1'
join all indented lines that don't begin with a square bracket to the line preceding them:
-replace '\r?\n\s+([^\[])', "`t`$1"
join all indented lines that do begin with a square bracket to the line preceding them:
-replace '\r?\n\s+\[', "`t["
Complete statement:
(netstat -bano | Out-String) -replace '(?m)^ (TCP|UDP)', '$1' -replace '\r?\n\s+([^\[])', "`t`$1" -replace '\r?\n\s+\[', "`t["
How to parse and access columns based on headers in file? - Python
Answer updated to handle missing State value
Skip the first row, indicate that there is no header, assign header names and then split on one or more spaces.
df = pd.read_csv(sim_txt, skiprows=1, header=None, sep='\s+',
names=['Proto','cv-Q','Send-Q','Local Address','Foreign Address','State','PID/Program name']
).apply(row_fixer, axis=1)
print(df)
Proto cv-Q Send-Q Local Address Foreign Address State PID/Program name
0 tcp 0 0 123.345.789:1234 0.0.0.0:* LISTEN 23044/test
1 tcp 0 0 0.0.0.0:5915 0.0.0.0:* LISTEN 99800/./serv
2 tcp 0 0 0.0.0.0:5916 0.0.0.0:* NaN 99801/./serv
3 tcp 0 0 0.0.0.0:1501 0.0.0.0:* LISTEN -
df.to_csv('output.csv', index=None)
The above depends on the following function. It looks for a NaN
the last column in the row which would indicate that the State
value is missing. When that situation is found the last two values are swapped. (Note: this function detects NaN
s by leveraging the fact that NaN != NaN
):
def row_fixer(x):
if x.iat[-1] != x.iat[-1]:
xc = x.copy()
xc.iat[-1] = xc.iat[-2]
xc.iat[-2] = np.NaN
return xc
return x
The example above is based on the following example data:
Proto cv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 123.345.789:1234 0.0.0.0:* LISTEN 23044/test
tcp 0 0 0.0.0.0:5915 0.0.0.0:* LISTEN 99800/./serv
tcp 0 0 0.0.0.0:5916 0.0.0.0:* 99801/./serv
tcp 0 0 0.0.0.0:1501 0.0.0.0:* LISTEN -
capturing network packet and group them according to their process (program) name
To do that, you should retrieve the tcp or udp header from the ip packet, read the port from it, then try to execute netstat
command using Runtime
class,
parse the result, you will find the pid
of the process in the last column of the result, you will also find the port
, netstat will list the running process, their state and the ports their are listening on.
Related Topics
Linux - Threads and Process Scheduling Priorities
Openvpn on Linux: Passing Username and Password in Command Line
How to Stop a Running R Command in Linux Other Than with Ctrl + C
Get the Last 4 Characters of Output from Standard Out
Ffmpeg Split Avi into Frames with Known Frame Rate
How to Automate HTML-To-Pdf Conversions
After Changing /Etc/Profile, What Do I Have to Do to Reset My Shell
Integrate Emacs Copy/Paste with System Copy/Paste
Installing Ghc Binaries on Linux (Can't Find Libgmp.So)
How to Grep a String After a Specified Line Number
Does the Linux Filesystem Cache Files Efficiently
Copy Every File of Entire Directory Structure into Base Path of Another