use re qw(debug);
$_ = " TCP 192.168.101.2:1519 192.168.101.1:22 ESTABLISHED\n";
/^\s+(.*)\s+(.*):(.*)\s+(.*):(.*)\s+(.*)/;
####
use re qw(debug);
$_ = " TCP 192.168.101.2:1519 192.168.101.1:22 ESTABLISHED\n";
/^\s+(\S+)\s+(\S+):(\S+)\s+(\S+):(\S+)\s+(\S*)/;
####
#!/usr/bin/perl -W
use strict;
use warnings 'all';
# Shorten pattern.
# Remote IP addresses and ports can be '*'.
my $addr = '\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}';
my $port = '\d{1,4}';
foreach (`netstat -an`) {
next if /^Active Connections/;
next if /^$/;
next if /^\s+Proto/;
my ($prot,$laddr,$lport,$eaddr,$eport,$status) =
/
^ # Force start of string
\s* # Optional leading white space.
(TCP|UDP) # Prot is TCP or UDP
\s+ # Required whitespace
($addr) # Local address
: # Seperated by colon
($port) # Local port
\s+ # Required whitespace
(\*|$addr) # Remote address
: # Seperated by colon
(\*|$port) # Remote port
\s+ # Win2K has whitespace, even when next parm is blank
(\w+)? # Optional State
\s* # Optional trailing whitespace
$ # Force end of string
/xo # 'o' to stop pattern from recompiling
or next; # Change to 'warn' while testing regex.
my $syn = 1 if $status =~ /syn/i;
print "\nwarning: $status! I think we're being SYN'ed\n\n" if $syn;
print "Local: $laddr:$lport - External: $eaddr:$eport - $status\n";
}