|
Pages: [1] |  |
|
|
Author
|
Topic: Help with netstat to see which domains are connected to by httpd? (Read 1767 times)
|
Joined: Jan 2006
Posts: 6215
Administrator
 
   United States
|
 Sep 23, 2007, 06:56:04 AM | #1 |
First, I have multiple domains on multiple ips on a server. I was wondering if it's possible to use netstat or some other command to see which domains are being connected to via httpd on a server.
I know netstat -ane will give me something like this
tcp 0 0 66.132.196.93:80 125.162.167.245:3091 ESTABLISHED 99 63514592
tcp 0 0 66.132.246.171:25 82.43.217.105:4536 ESTABLISHED 47 63514739
tcp 0 0 66.132.196.93:80 122.164.88.55:25808 TIME_WAIT 0 0
tcp 0 0 66.132.196.93:80 88.14.120.102:54533 ESTABLISHED 99 63514834
tcp 0 0 66.132.196.93:80 213.240.205.135:1364 TIME_WAIT 0 0
Where the fourth column is the IP of the domain being bound to by the IP in the fifth column, but is there a way to do a reverse lookup in the netstat command itself where column four coud contain the hostname intead of just the ip?
I know I can get all the httpd connections out of netstat by doing this
netstat -ane | grep :80
and I can isolate the host ip by using awk in the comand line like this
netstat -ane | grep :80 | awk '{ print $4 }'
but the IP still has :80 tacked onto the end of it, so I do this to get just the ip
netstat -ane | grep :80 | awk '{ print $4 }' | awk '{ sub(/:80/,"");print }'
the problem is when I pipe it into xargs the command blows up if I use dig with -x for reverse lookup as follows
netstat -ane | grep :80 | awk '{ print $4 }' | awk '{ sub(/:80/,"");print }' | xargs -n1 dig -x +short
so I used the deprecated nslookup and grepped "arpa" from the results
netstat -ane | grep :80 | awk '{ print $4 }' | awk '{ sub(/:80/,"");print }' | xargs -n1 nslookup | grep arpa
but this is hideously slow and terribly ugly..... Is there a more logical way ???
|
|
Latest Blog Post :
8 Tips for Creating a Marketing Buzz
|
|
| |
|
|
|
|
|
 |
|
Pages: [1]
|
|
|
 |
