[Discuss] awk command line help

Steven Kurylo sk at infinitepigeons.org
Wed May 27 10:56:59 PDT 2009 

On Wed, May 27, 2009 at 10:07 AM, J. Bakshi <bakshi12 at gmail.com> wrote:
> On Sun, 24 May 2009 10:45:31 -0700
> Steven Kurylo <sk at infinitepigeons.org> wrote:
>
>> On Sun, May 24, 2009 at 10:06 AM, Lionel Widdifield
>> <lwiddif-vlug at nexus.spydernet.com> wrote:
>> > On Sun, May 24, 2009 at 02:36:17PM +0530, J. Bakshi wrote:
>> >>
>> >> excellent solutions. with the example you have shown, I can now
>> >> built a little script as below to do the job
>> >>
>> >> ```````````````````````````
>> >> lsof -i | grep ssh | awk -F ">" '{print $2}' | awk -F ":" '{print
>> >> $1}'>t1 lsof -i |grep ssh | awk '{print $2}'>t2
>> >> paste -d ":" t2 t1
>> >> `````````````````````````
>> >
>> >  Now programming 201, race conditions.
>> >
>> >  You are using the data from to separate executions of lsof as if
>> > they contain the same data. You have a live system and you are
>> > taking a snapshot of the connections. Yes most of the time the data
>> > should be the same, but what happens when it is not.
>>
>> And here is a one liner for him instead:
>>
>> # lsof -i TCP:22 |sed -r '1d; s/ssh *([0-9]+)[^>]*>([^:]*):.*/\1:\2/'
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> Hello Steven ( and all ),
>
> Thanks for this one liner, but I have come back again with two more questions in my mind.
>
> 1> trying to extract the PID and the IP/domain of all Established/Listen connection
>
> 2> trying to get the protocol too like
>
> 8523:delhi1.thouhost.com:ssh
> 2343:gmail.com:pop
> 1789:10.10.0.1:ftp
>
> I have tried with
>
> `````````````````````
> lsof -i  |sed -r 's/([0-9]+)[^>]*>([^:]*):.*/\1: \2/'
>
> COMMAND    PID USER   FD   TYPE DEVICE SIZE NODE NAME
> claws-mai 1853: rv-in-f111.google.com
> ssh       8523: delhi1.thouhost.com
> `````````````````````````````
>
> see the output is showing the header ( like COMMAND PID etc.. which is not required here and like to skip the first line )

The "1d;" in my original command tells sed to delete the first line.


> and the output is also missing the protocol ( example for gmail the protocol is missing)

So to get the protocol we change the regular expression "ssh
*([0-9]+)[^>]*>([^:]*):.*"

First the "ssh *", since we're not only looking for ssh we want to
match non space (ssh or claws), so its now "[^ ]* *"

Next we want to grab the protocol "([^:]*):.*" - it comes after the
colon so "([^:]*):([^ ]+).*"  Thats saying grab everything after the
colon which isn't a space.

Putting it all together

lsof -i |sed -r '1d; s/[^ ]* *([0-9]+)[^>]*>([^:]*):([^ ]*).*/\1:\2:\3/'

Now that could be simplified to

lsof -i |sed -r '1d; s/[^ ]* *([0-9]+)[^>]*>([^ ]*).*/\1:\2/'

More information about the Discuss mailing list