Regex to parse netstat output

miller has asked for the wisdom of the Perl Monks concerning the following question:

Hello,
im trying write a little code that checks if a open is open but it do not seem to work for me, i hope you can help

#!/usr/contrib/bin/perl -w

$portnum=$ARGV[0];

@netstat=`netstat -an`;

@foundlines = grep /^\d+.\d+.\d+.\d+.$portnum/, @netstat;
foreach $port(@foundlines){
   if ( $port =~ /(\d+.\d+.\d+.\d+.$portnum) (\d+.\d+.\d+.\d+.\d+)\s+\
+d+\s+\d\s+\d+\s+\d\s+(\w+)$/){
      if ($3 ne "LISTEN" or $port ne "ESTABLISHED" ){
         print "$1 $3\n";
      }else{
         print "ok";
      }
   }
}
[download]

The problem is if i pick a number like "94" it get also "9494" BUT cuts off the first part of the ip-addr, so : 228.132.245.9494 So how i can define make sure it: 1) only picks the ones that matches precisely the port nummer? 2) and why do it cut of the first part of the ip-addr ?

the std output from a "netstat -an|grep 949"

131.228.132.245.9494 131.228.132.159.41713 24820      0  8760      0 T
+IME_WAIT
131.228.132.245.94 131.228.132.159.41703 24820      0  8760      0 TIM
+E_WAIT
[download]

The funny part ???

root@toybox: perl portstat.pl 94
228.132.245.9494 TIME_WAIT
[download]

this looks right tho

root@toybox: perl portstat.pl 9494
131.228.132.245.9494 TIME_WAIT
[download]

Here is what i want:

root@toybox: perl portstat.pl 9494 
131.228.132.245.94 TIME_WAIT
[download]

EDIT::: Pasted the complete code and added some more stuff... This is really giving me a headache. EDIT:::

Thanks alot for the help.
,Miller

janitored by ybiC: Retitle from "Checking status of ports" for better searching, minor format cleanup for legibility

Comment on Regex to parse netstat output Select or Download Code

Replies are listed 'Best First'.
Re: Regex to parse netstat output by Abigail-II (Bishop) on Feb 04, 2004 at 10:26 UTC
A dot is special in a regex, and will match anything but a newline. So, it will match a digit as well, and that's what is happening here. To match a dot, either put a backslash in front of it, or write is as `[.]`. You also might want to use `Regexp::Common` and `$RE{net}{IPv4}` to match an ip number. Abigail	[reply] [d/l]
Re: Regex to parse netstat output by ysth (Canon) on Feb 04, 2004 at 11:23 UTC
Thanks for posting more detail. Your first regex should have a space at the end, to reject the 9494 when you are looking for 94. Or the second regex should have a ^ anchor at the beginning. And both need to not use `.` where you want to match a literal period. To match a period only, use \. (backslash period) or [.]. To see how it's going wrong, look at this: `$ perl -we'"131.228.132.245.9494 " =~ /(\d+)(.)(\d+)(.)(\d+)(.)(\d+)(. +)(94) / && > print qq<\n\nfirst digits: "$1", first .: "$2",\n > second digits: "$3", second dot: "$4",\n > third digits: "$5", third dot: "$6",\n > fourth digits: "$7", fourth dot "$8", portnum: "$9">' first digits: "228", first .: ".", second digits: "132", second dot: ".", third digits: "245", third dot: ".", fourth digits: "9", fourth dot "4", portnum: "94"` [download] Do you see how the missing ^ and unbackslashed . combine to allow it to match?	[reply] [d/l] [select]
Re: Regex to parse netstat output by ysth (Canon) on Feb 04, 2004 at 10:25 UTC
Can you give us an example of what might be in $ARGV[0] and which pieces you want extracted (and into what variables)? There are several things wrong there to start with. You are setting $portnm but matching against $port, you are using . where you probably mean \. (just . matches any character except a newline).	[reply]
Re: Regex to parse netstat output by z3d (Scribe) on Feb 04, 2004 at 14:07 UTC
Just two cents worth - but you if you want to break out of relying on a call to an external program, there's ncheck.pl (http://search.cpan.org/src/OPITZ/ncheck/ncheck.pl) and Network::Discovery::Scan (http://search.cpan.org/~tscanlan/NetworkInfo-Discovery-0.12/lib/NetworkInfo/Discovery/Scan.pm) to consider for more "pure" perl solutions (less hacking with a regex too :) ). "I have never written bad code. There are merely unanticipated features."	[reply]
Re: Regex to parse netstat output by sedusedan (Monk) on Oct 04, 2012 at 09:12 UTC
Although this didn't exist in 2004, also check out Parse::Netstat.	[reply]


"be consistent"
	PerlMonks