Skip to content

Instantly share code, notes, and snippets.

@ingmarioalberto

ingmarioalberto/netstat-map.sh

Last active March 10, 2023 20:43
Show Gist options
  • Save ingmarioalberto/69506454e29ed3ffcaa4c040869a9b11 to your computer and use it in GitHub Desktop.
Save ingmarioalberto/69506454e29ed3ffcaa4c040869a9b11 to your computer and use it in GitHub Desktop.
Download ZIP
Grabs via netstat incoming outgoing and local connections
Raw
netstat-map.sh
#!/bin/bash
FLAGFILE=/tmp/go-ahead.txt
echo 1 >${FLAGFILE}
while [ 1 ]
do
FECHORA="$(date +'%Y-%m-%d')"
LOG="/var/log/${FECHORA}.netstat.txt"
INC="/var/log/${FECHORA}.netstat-inc.txt"
OUT="/var/log/${FECHORA}.netstat-out.txt"
LOC="/var/log/${FECHORA}.netstat-loc.txt"
TEMP=$(mktemp)
PANT=$(netstat -pant|tail -n+3)
echo "----INCOMING----" >&2
INCOMING=$(echo "${PANT}"| grep -e "LISTEN" | awk '{print $4}' | rev | cut -d ":" -f1 | rev| sort -n |uniq | sed 's/$/x/g;s/^/:/g'| sort|tee $TEMP.incoming | tr '\n' '|'|sed 's/|$//g')
echo "${INCOMING}"
echo "----ALL----" >&2
ALL=$(echo "${PANT}"| grep -v -e "LISTEN" | cut -d ":" -f2| cut -d " " -f1|awk '{print ":"$1"x"}' | sort| uniq | tee $TEMP.all)
echo "${ALL}"
echo "----OUTGOING----" >&2
OUTGOING="$(comm -23 ${TEMP}.all ${TEMP}.incoming | tee ${TEMP}.outgoing| tr '\n' '|'|sed 's/|$//g')"
echo "${OUTGOING}"
echo "----ORIG----" >&2
ORIG=$(echo "${PANT}"| grep -v -e "LISTEN" | awk '{print $4"x "$5}' | tee ${TEMP}.map)
echo "${ORIG}"
echo "----ORIG INCOMING FILTERED----" >&2
INCF=$(echo "${ORIG}"| egrep -e "${INCOMING}"|sed 's/x /<-/g'|cut -d ":" -f1,2)
INCFNL=$(echo "${INCF}"| grep -v -e '127.0.0.1')
INCFYL=$(echo "${INCF}"| grep -e '127.0.0.1')
echo "${INCFNL}" | tee -a ${INC}
# echo "${INCFYL}" | tee -a ${LOC} #se repetirían
#echo "----ORIG OUTGOING FILTERED----" >&2
OUTF=$(echo "${ORIG}"| egrep -e "${OUTGOING}"|cut -d " " -f2)
echo "----ORIG OUTGOING FILTERED NOT-LO----" >&2
NOTLO=$(echo "${OUTF}"| grep -v -e '127.0.0.1'|sed 's/^/->/g')
echo "${NOTLO}" | tee -a ${OUT}
echo "----ORIG OUTGOING FILTERED YES-LO----" >&2
YESLO=$(echo "${OUTF}"| grep -e '127.0.0.1'|sed 's/^/->/g')
echo "${YESLO}" | tee -a ${LOC}
#delete tmp files
rm -f $TEMP $TEMP.all $TEMP.incoming $TEMP.outgoing ${TEMP}.map
stat "${FLAGFILE}" 1>/dev/null 2>/dev/null && sleep "$(cat ${FLAGFILE})" || exit 0
done
@ingmarioalberto
Copy link
Author

WIP:
#!/bin/bash
FLAGFILE=/tmp/go-ahead.txt

INPORTS=$(netstat -tlpn | tail -n+3 | awk '{print $4}' | rev | cut -d ":" -f1 | rev|xargs| sed 's/^/:/g;s/\ /$|:/g;s/$/$/g')
CONVERT=$(netstat -tlpn | tail -n+3 | sed 's/// /g;s/:/ /g' | awk '{print "s/:"$5"/"$10"/g;"}'|xargs)
echo 1 >${FLAGFILE}
while [ 1 ]
do
if [ -z "${1}" ]
then
FECHA="$(date +'%Y-%m-%d')"
LOG="/var/log/${FECHA}.netstat.txt"
INC="/var/log/${FECHA}.netstat-inc.txt"
OUT="/var/log/${FECHA}.netstat-out.txt"
LOC="/var/log/${FECHA}.netstat-loc.txt"
else
if [ "${1}" == "null" ]; then
prefix=""
else
prefix="${1}"
fi
LOG="/var/log/${prefix}netstat.txt"
INC="/var/log/${prefix}netstat-inc.txt"
OUT="/var/log/${prefix}netstat-out.txt"
LOC="/var/log/${prefix}netstat-loc.txt"
fi
TIMESTAMP="$(date +'%Y-%m-%dT%H:%M:%S%Z')"
TEMP=$(mktemp)
PANT=$(netstat -pant|tail -n+3)
echo "----INCOMING----" >&2
INCOMING=$(echo "${PANT}"| grep -e "LISTEN" | awk '{print $4}' | rev | cut -d ":" -f1 | rev| sort -n |uniq | sed 's/$/x/g;s/^/:/g'| sort|tee $TEMP.incoming | tr '\n' '|'|sed 's/|$//g')
echo "${INCOMING}"
echo "----ALL----" >&2
ALL=$(echo "${PANT}"| grep -v -e "LISTEN" | cut -d ":" -f2| cut -d " " -f1|awk '{print ":"$1"x"}' | sort| uniq | tee $TEMP.all)
echo "${ALL}"
echo "----OUTGOING----" >&2
OUTGOING="$(comm -23 ${TEMP}.all ${TEMP}.incoming | tee ${TEMP}.outgoing| tr '\n' '|'|sed 's/|$//g')"
echo "${OUTGOING}"
echo "----ORIG----" >&2
ORIG=$(echo "${PANT}"| grep -v -e "LISTEN" | awk '{print $4"x "$5}' | tee ${TEMP}.map)
echo "${ORIG}"
echo "----ORIG INCOMING FILTERED----" >&2
INCF=$(echo "${ORIG}"| egrep -e "${INCOMING}"|sed 's/x /<-/g'|cut -d ":" -f1,2)
INCFNL=$(echo "${INCF}"| grep -v -e '127.0.0.1')
INCFYL=$(echo "${INCF}"| grep -e '127.0.0.1')
echo "${INCFNL}" | while IFS= read -r line;
do
#timestamp,ip_origen,puerto_origen,ip_destino,puerto_destino,nombre_proceso/servicio
MYIP=$(echo ${line} | cut -d ":" -f1)
MYPORT=$(echo ${line} | cut -d ":" -f2| cut -d "<" -f1)
REIP=$(echo ${line} | cut -d "-" -f2)
PROGRAM=$(echo ":"${MYPORT} | sed "${CONVERT}")
echo "${TIMESTAMP},${REIP},N/A,${MYIP},${MYPORT},${PROGRAM}" | tee -a ${INC}
done

# echo "${INCFYL}" | tee -a ${LOC} #se repetirían
#echo "----ORIG OUTGOING FILTERED----" >&2
OUTF=$(echo "${ORIG}"| egrep -e "${OUTGOING}"|cut -d " " -f2)
echo "----ORIG OUTGOING FILTERED NOT-LO----" >&2
NOTLO=$(echo "${OUTF}"| grep -v -e '127.0.0.1'|sed 's/^/->/g')
echo "${NOTLO}" | tee -a ${OUT}
echo "----ORIG OUTGOING FILTERED YES-LO----" >&2
YESLO=$(echo "${OUTF}"| grep -e '127.0.0.1'|sed 's/^/->/g')
echo "${YESLO}" | tee -a ${LOC}
#delete tmp files
rm -f $TEMP $TEMP.all $TEMP.incoming $TEMP.outgoing ${TEMP}.map
stat "${FLAGFILE}" 1>/dev/null 2>/dev/null && sleep "$(cat ${FLAGFILE})" || exit 0

done

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment