Note: ++stefp, who already covered part of this.

Regex comments:

  1. Change * to + where you require input (all but the last parameter).
  2. Change . to \S where you mean "non-whitespace".
    This vastly reduces the paths that the regex processor has to check.
To see these in action, you can use Perl's regex debugger.
You will want to redirect STDERR to a file (perlprogram 2>file). 
use re qw(debug);
$_ = " TCP   192.168.101.2:1519   192.168.101.1:22     ESTABLISHED\n";
/^\s+(.*)\s+(.*):(.*)\s+(.*):(.*)\s+(.*)/;

[download]
35664 lines of output. 
use re qw(debug);
$_ = " TCP   192.168.101.2:1519   192.168.101.1:22     ESTABLISHED\n";
/^\s+(\S+)\s+(\S+):(\S+)\s+(\S+):(\S+)\s+(\S*)/;

[download]
120 lines of output.

Other comments:

  1. BEGIN block is not needed. Move the code into the main body of your script.
  2. When debugging non-CGI problems in a CGI program, copy the code to a non-CGI test script.
  3. Don't backwhack ' inside "".
  4. foreach $line (@lines){$_ = $line; ...} is confusing and redundant.
    Say foreach (@lines){...} instead. $_ is assigned to by default.
  5. Try #!/usr/bin/perl -w as the first line of your scripts. It will probably work (it does for all my Win32 boxes), and you will be happier when writing cross-platform code in the future.

FWIW, here is how I would do it. Tested on Windows 2000, ActivePerl 631. 

#!/usr/bin/perl -W
use strict;
use warnings 'all';

# Shorten pattern.
# Remote IP addresses and ports can be '*'.
my $addr = '\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}';
my $port = '\d{1,4}';
foreach (`netstat -an`) {
  next if /^Active Connections/;
  next if /^$/;
  next if /^\s+Proto/;
  my ($prot,$laddr,$lport,$eaddr,$eport,$status) =
   /
    ^            # Force start of string

    \s*          # Optional leading white space.

    (TCP|UDP)    # Prot is TCP or UDP
    \s+          # Required whitespace

    ($addr)      # Local address
    :            # Seperated by colon
    ($port)      # Local port
    \s+          # Required whitespace

    (\*|$addr)   # Remote address
    :            # Seperated by colon
    (\*|$port)   # Remote port
    \s+          # Win2K has whitespace, even when next parm is blank

    (\w+)?       # Optional State
    \s*          # Optional trailing whitespace

    $            # Force end of string
   /xo           # 'o' to stop pattern from recompiling
   or next;      # Change to 'warn' while testing regex.

  my $syn = 1 if $status =~ /syn/i;
  print "\nwarning: $status! I think we're being SYN'ed\n\n" if $syn;
  print "Local: $laddr:$lport - External: $eaddr:$eport - $status\n";
}

[download]

In reply to Re: problem with regex to extract netstat info by Util
in thread problem with regex to extract netstat info by Anonymous Monk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.