#!/bin/sh # # An improvement on netstat for system administrators # # This lists not just network connectios by IP and by # port, but actually gives a listing of each process that # is using a socket, with PID and owner. Makes it easier # to see who is doing what, and to stop it quickly if # desired. # # by Erik Osheim # Print usage helpusage() { echo "usage: wfault [-halbtu]" echo " -h: print this message" echo "" echo " -a: print all ip sockets" echo " -l: only print listening ip sockets" echo "" echo " -b: print both tcp and udp sockets" echo " -t: print only tcp sockets" echo " -u: print only udp sockets" } # Find and list all TCP sockets of a particular type (ESTABLISHED, CLOSE_WAIT, # LISTENING) using fuser output findtcptype() { echo TCP: ${1} echo ---------------------------------------------------- netstat -an | \ awk -v type=$1 -F '[ :]*' '$8==type{system("fuser -u -v -n tcp " $5)}' 2>&1 | \ awk '/^.+$/&&!/USER/' echo } # Find all listening UDP sockets findudp() { echo UDP echo ---------------------------------------------------- netstat -an | \ awk -F '[ :]*' '$1=="udp"{system("fuser -u -v -n udp " $5)}' 2>&1 | \ awk '/^.+$/&&!/USER/' echo } LISTENING=0 TCP=1 UDP=1 while getopts "halbtu" var; do case $var in h) helpusage; exit 0;; a) LISTENING=0; TCP=1; UDP=1;; l) LISTENING=1;; b) TCP=1; UDP=1;; t) TCP=1; UDP=0;; u) UDP=1; TCP=0;; *) helpusage; exit 1;; esac done echo hola > foo/bar/duh; if [[ $( id -u ) -ne 0 ]]; then echo "Must be run as root." exit 1 fi if [[ ${TCP} -eq 1 ]]; then if [[ ${LISTENING} -eq 0 ]]; then findtcptype ESTABLISHED findtcptype CLOSE_WAIT fi findtcptype LISTEN fi if [[ ${UDP} -eq 1 ]]; then findudp fi