ingmarioalberto · March 10, 2023 00:06
diff --git a/netstat-anal.sh b/netstat-anal.sh
 #!/bin/bash

 usage () {
  echo "$0 <incoming-netstat-log> <outgoing-netstat-log> <local-netstat-log> [machine-tag]"
  echo "example:"
  echo "$0 *.netstat-inc.txt *.netstat-out.txt *.netstat-loc.txt"
  echo "$0 *.netstat-inc.txt *.netstat-out.txt *.netstat-loc.txt machine-name-or-something "
  exit 0
 }

 if [ -z "${4}" ]
 then
    TAG="$(hostname)-$(ip a | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '127.0.0.1' | tail -n1)"
 else
 	TAG="${4}"
 fi

 if [ -z "${3}" ]
  then
    echo "Error:At least three arguments must be present"
    usage
  else
  	INC="${1}"
  	OUT="${2}"
  	LOC="${3}"
 fi

 #summary
 SUMi="netsum-${TAG}.inc.txt"
 SUMo="netsum-${TAG}.out.txt"
 SUMl="netsum-${TAG}.loc.txt"
 #
 #INPORTS=$(netstat -tlpn  | tail -n+3 | awk '{print $4}' | rev | cut -d ":" -f1 | rev|xargs| sed 's/^/:/g;s/\ /\|:/g')
 INPORTS=$(netstat -tlpn  | tail -n+3 | awk '{print $4}' | rev | cut -d ":" -f1 | rev|xargs| sed 's/^/:/g;s/\ /\$|:/g;s/$/\$/g')
 #CONVERT=$(netstat -tlpn  | tail -n+3 | sed 's/\// /g' | awk '{print $4" ("$8")"}' | rev | cut -d ":" -f1 | rev|xargs| sed 's/^/:/g;s/\ /\$|:/g;s/$/\$/g')
 CONVERT=$(netstat -tlpn  | tail -n+3 | sed 's/\// /g;s/:/ /g' | awk '{print "s/:"$5"/:"$5" ("$10")/g;"}'|xargs)
 echo "summarizing:"
 echo "	incoming" | tee ${SUMi}
 sed '/^$/d' ${INC} | sort | uniq -c | sort -n | awk '{print $2}' |sed 's/<-/\t/g' | awk '{print $2"\t→\t"$1}' | tee -a ${SUMi}
 sed -i "${CONVERT}" ${SUMi}
 echo "...done"
 echo "	outgoing"| tee ${SUMo}
 sed '/^$/d' ${OUT} | sort | uniq -c | sort -n | cut -d ">" -f2 | awk '{print "HOST\t→\t"$1}' | tee -a ${SUMo}
 echo "...done"
 echo "	local"| tee ${SUMl}
 sed '/^$/d' ${LOC} | sort | uniq -c | sort -n | egrep ${INPORTS} | cut -d ":" -f2 |awk '{print "HOST\t→\t:"$1}' | tee -a ${SUMl}
 echo "...done"
	#!/bin/bash

	usage () {
	echo "$0 <incoming-netstat-log> <outgoing-netstat-log> <local-netstat-log> [machine-tag]"
	echo "example:"
	echo "$0 .netstat-inc.txt .netstat-out.txt *.netstat-loc.txt"
	echo "$0 .netstat-inc.txt .netstat-out.txt *.netstat-loc.txt machine-name-or-something "
	exit 0
	}

	if [ -z "${4}" ]
	then
	TAG="$(hostname)-$(ip a \| grep -Eo 'inet (addr:)?([0-9]\.){3}[0-9]' \| grep -Eo '([0-9]\.){3}[0-9]' \| grep -v '127.0.0.1' \| tail -n1)"
	else
	TAG="${4}"
	fi

	if [ -z "${3}" ]
	then
	echo "Error:At least three arguments must be present"
	usage
	else
	INC="${1}"
	OUT="${2}"
	LOC="${3}"
	fi

	#summary
	SUMi="netsum-${TAG}.inc.txt"
	SUMo="netsum-${TAG}.out.txt"
	SUMl="netsum-${TAG}.loc.txt"
	#
	#INPORTS=$(netstat -tlpn \| tail -n+3 \| awk '{print $4}' \| rev \| cut -d ":" -f1 \| rev\|xargs\| sed 's/^/:/g;s/\ /\\|:/g')
	INPORTS=$(netstat -tlpn \| tail -n+3 \| awk '{print $4}' \| rev \| cut -d ":" -f1 \| rev\|xargs\| sed 's/^/:/g;s/\ /\$\|:/g;s/$/\$/g')
	#CONVERT=$(netstat -tlpn \| tail -n+3 \| sed 's/\// /g' \| awk '{print $4" ("$8")"}' \| rev \| cut -d ":" -f1 \| rev\|xargs\| sed 's/^/:/g;s/\ /\$\|:/g;s/$/\$/g')
	CONVERT=$(netstat -tlpn \| tail -n+3 \| sed 's/\// /g;s/:/ /g' \| awk '{print "s/:"$5"/:"$5" ("$10")/g;"}'\|xargs)
	echo "summarizing:"
	echo " incoming" \| tee ${SUMi}
	sed '/^$/d' ${INC} \| sort \| uniq -c \| sort -n \| awk '{print $2}' \|sed 's/<-/\t/g' \| awk '{print $2"\t→\t"$1}' \| tee -a ${SUMi}
	sed -i "${CONVERT}" ${SUMi}
	echo "...done"
	echo " outgoing"\| tee ${SUMo}
	sed '/^$/d' ${OUT} \| sort \| uniq -c \| sort -n \| cut -d ">" -f2 \| awk '{print "HOST\t→\t"$1}' \| tee -a ${SUMo}
	echo "...done"
	echo " local"\| tee ${SUMl}
	sed '/^$/d' ${LOC} \| sort \| uniq -c \| sort -n \| egrep ${INPORTS} \| cut -d ":" -f2 \|awk '{print "HOST\t→\t:"$1}' \| tee -a ${SUMl}
	echo "...done"