1. What tcp sockets are open?
Unix
netstat -an | egrep -I “^tcp.*LISTEN”
netstat -an | egrep -I “^tcp.*LISTEN” | awk ‘{split($4,a,”:”);print a[2]}’
Powershell
netstat -an | select-string “LISTEN”
netstat -an | select-string “LISTEN” | %{$i=%{$_.Line.Split(“:”)};$j=$i[1] -replace ‘\s+’,’ ‘;$k=$j.Split(” “);$k[0]} | where {$_ -ne “”}
2. What TCP ports are in an ESTABLISHED/LISTEN state
Unix
netstat -an | egrep ESTABLISH
netstat -an | egrep ESTABLISH | awk ‘{split($4,a,”:”);print a[2]}’
Powershell
netstat -an | select-string “ESTABLISHED”
netstat -an | select-string “ESTABLISHED” | %{$i=%{$_.Line.Split(“:”)};$j=$i[1] -replace ‘\s+’,’ ‘;$k=$j.Split(” “);$k[0]} | where {$_ -ne “”}
3. What connections are in some sort of Wait State?
Unix
netstat -an | egrep WAIT
Powershell
netstat -an | select-string “WAIT”
4. How many connections are in some sort of WAIT state?
Unix
netstat –an | egrep WAIT | wc –l
Powershell
netstat -an | select-string “WAIT” | where {$_ -ne “”} | Measure-Object –Line
5. What are the IP address and ports of the remote machines that are in some sort of WAIT state to this machine?
Unix
nestat -an | egrep WAIT | awk ‘{print $4}’
Powershell
netstat -an | select-string “WAIT” | %{$_ -replace ‘\s+’,’ ‘ } | %{$i=$_.Split(” “);$i[3]}
6. What are the IP address (no ports) of the remote machines that are in some sort of WAIT state to this machine?
Unix
netstat -an | egrep WAIT | awk ‘{print($4,a,”:”);print a[1]}’
Powershell
netstat -an | select-string “WAIT” | %{$_ -replace ‘\s+’,’ ‘ } | %{$i=$_.Split(” “);$i[3]} | %{$i=$_.Split(“:”);$i[0]}
7. What are the unique IP address of remote connections in some sort of WAIT state?
Unix
netstat -an | egrep WAIT | awk ‘{split($4,a,”:”);print a[1]}’ | sort -u
Powershell
netstat -an | select-string “WAIT” | %{$_ -replace ‘\s+’,’ ‘ } | %{$i=$_.Split(” “);$i[3]} | %{$i=$_.Split(“:”);$i[0]} | Sort-Object | Get-Unique