awk 实战

1.显示本机IP

# ifconfig | awk '/eth/ { inter=$1; getline; sub(/inet addr:/,""); print inter,$1}'

eth0 192.168.1.143

2.查看TCP连接状态

# netstat -nat | awk '{print $6}'|sort |uniq -c|sort

     18 LISTEN

      1 established)

      1 Foreign

      4 TIME_WAIT

     93 ESTABLISHED

3.查找请求数排名前5名的IP地址

# netstat -anlp | grep 80 | grep tcp | awk '{print $5}' |awk -F: '{print $1}'|sort|uniq -c |sort -nr |head -n 5

      1 192.168.1.109

      1 0.0.0.0

4.用tcpdump嗅探80端口的访问

# tcpdump -i eth0 -tnn dst port 80 -c 100 |awk -F"." '{print $1"."$2"."$3"."$4}' |sort | uniq -c |sort -rn |head -n 5

    100 IP 192.168.1.109

5.锁定time_wait连接较多的源IP

# netstat -n | grep TIME_WAIT | awk '{print $5}' | awk -F: '{print $(NF-1)}' | sort | uniq -c | sort -rn |head -n 5

      1 192.168.1.109

      1 114.113.159.196

6.根据端口列进程

# netstat -ntlp | grep 80  | awk '{print $7}' | cut -d/ -f 1

14783

13822

14086

13822

14086

8578

13822