1
00:00:03,240 --> 00:00:09,510
Let's say we want a list of port numbers that are open on our local system without any extra data around

2
00:00:09,510 --> 00:00:16,590
it we just want you know number 22 to be displayed if we have S-sh listening on port 22 for example

3
00:00:16,940 --> 00:00:21,840
the nets that command can display open ports and instead of me showing you the man page for it I'm just

4
00:00:21,840 --> 00:00:24,780
going to walk you through the options that we're going to use today.

5
00:00:24,990 --> 00:00:30,840
So we'll use the net stack command we'll use the dash in option to display numbers instead of names

6
00:00:30,840 --> 00:00:40,830
so instead of displaying S-sh or S-sh d it will display 22 for 4:22 we can use you to get information

7
00:00:40,830 --> 00:00:47,960
on UDP and use ti to get information on TCAP and dash well for listening port.

8
00:00:47,970 --> 00:00:51,790
So when we run that command we have this output.

9
00:00:52,020 --> 00:00:56,220
So in this particular case we have two lines that comprise the header.

10
00:00:56,280 --> 00:01:03,200
So there are a couple of different ways to manage this one way would be to pipe it to grep and do dash

11
00:01:03,240 --> 00:01:09,780
VI which we know how to do and then use a pattern like this so that we'll get rid of the first line

12
00:01:10,170 --> 00:01:15,720
and then we could continue this by using grap again and we could get rid of the second line like this.

13
00:01:15,720 --> 00:01:19,700
So that would leave us with just the pure data without the header.

14
00:01:19,710 --> 00:01:24,840
Now I didn't really talk about this in grep but what you can also do is use extended regular expressions

15
00:01:24,840 --> 00:01:30,170
with a dash capital E option and then allows you to do something like this.

16
00:01:30,380 --> 00:01:33,020
The pipe symbol in regular expressions is an order.

17
00:01:33,040 --> 00:01:41,480
So if we match active or Prato then we will have made a match and if we hit enter.

18
00:01:41,570 --> 00:01:45,400
You can see that it gets the same results as using those two grip commands above.

19
00:01:45,590 --> 00:01:48,200
So it's a little bit shorter some people like that.

20
00:01:48,200 --> 00:01:50,670
Again this is one way to solve this problem.

21
00:01:50,720 --> 00:01:56,000
Now for looking at the data that we have left there are some things in common with each line.

22
00:01:56,000 --> 00:01:57,350
Some things that are not uncommon.

23
00:01:57,350 --> 00:02:02,260
Some lines have TCAP some have decent B-6 some UDP some have a.

24
00:02:02,390 --> 00:02:04,220
Some have numbers and so on.

25
00:02:04,280 --> 00:02:07,760
But one thing that is constant throughout here are Colon's.

26
00:02:07,760 --> 00:02:11,840
So again let me run this without any declaration or filtering.

27
00:02:12,050 --> 00:02:17,390
So we see the first two lines here do not have any colons so we can do something like this script for

28
00:02:17,390 --> 00:02:21,800
a colon and that would just display all the lines of had a colon in it.

29
00:02:21,800 --> 00:02:25,910
So either way the goal here is to get the data without the header.

30
00:02:25,910 --> 00:02:28,280
Now let's just go ahead and proceed this way.

31
00:02:28,280 --> 00:02:31,540
So let me tell you that the data we're looking to extracts on line 1.

32
00:02:31,640 --> 00:02:34,370
We want to pull out 22 because that's the port.

33
00:02:34,370 --> 00:02:38,560
The second line there we want to pull out 25 which is the port for that.

34
00:02:38,720 --> 00:02:43,110
At first thought you may be thinking we can just split this on a colon and print the second feelable

35
00:02:43,130 --> 00:02:45,200
let's just try that and see what happens.

36
00:02:45,260 --> 00:02:51,880
So do cut Dashti for a colon as a delimiter and we'll print the second feel.

37
00:02:52,010 --> 00:02:56,850
So that doesn't give us exactly what we want because we have some extra data on some lines.

38
00:02:56,870 --> 00:02:58,930
And then on other lines we have blank lines.

39
00:02:59,090 --> 00:03:05,060
So as you'll notice up here this line has a three colon so when we do dash F 2 we get nothing to return

40
00:03:05,090 --> 00:03:08,330
because there's no data in the second field for that line.

41
00:03:08,330 --> 00:03:11,950
So using the cut command in that way is not going to work.

42
00:03:11,990 --> 00:03:17,120
Now if we go back to our original data here we see that all the ports we're interested in are actually

43
00:03:17,120 --> 00:03:20,970
in the fourth column and that column being local address.

44
00:03:21,080 --> 00:03:25,820
You can also see that these columns aren't separated by a consistent number of spaces for example.

45
00:03:25,910 --> 00:03:27,630
So that rolls out cut.

46
00:03:27,770 --> 00:03:31,570
But we know that óg handles these kind of whitespace situations well.

47
00:03:31,640 --> 00:03:34,190
So we're going to use that to pull out the fourth column

48
00:03:36,890 --> 00:03:41,870
so we'll narrow it down to the fields I have the data that we're looking for and then we'll print the

49
00:03:41,870 --> 00:03:42,790
fourth column.

50
00:03:42,830 --> 00:03:48,500
Even further narrowing down the data again we're left with a similar situation where cut wouldn't work

51
00:03:48,860 --> 00:03:56,570
because on every line the port numbers that we're after are on the end of the line so and 22 and 25

52
00:03:56,570 --> 00:04:02,920
call and 22 call and 25 call and 68 call and sevens and 5 5 and call and 2 6 3 1 4.

53
00:04:02,930 --> 00:04:08,690
Now I have the answer there in my description of the data which is every one of those is preceded by

54
00:04:08,690 --> 00:04:14,540
a colon so we could actually use that as a delimiter and just print dollar N.F. which is the last field.

55
00:04:14,690 --> 00:04:20,990
So if we have Colin Colin Colin 22 Deller NF is not going to be the same as you know some numbers and

56
00:04:20,990 --> 00:04:22,360
then Colin 22.

57
00:04:22,490 --> 00:04:26,320
So at one case we have two fields in the other case we have more than two fields.

58
00:04:26,360 --> 00:04:30,620
So let's use Aga's specify a colon as the field separator.

59
00:04:30,770 --> 00:04:37,680
And then what we'll do is just print the last field on that line with dollar aneath.

60
00:04:37,720 --> 00:04:41,570
So now we are left with the data that we want.

61
00:04:41,590 --> 00:04:46,870
Now if we just go back and run our regular nets set command here we can see that we're getting data

62
00:04:46,870 --> 00:04:53,560
from TCAP A.S.C. P-Six OTCBB VOR and TCAP V-6 and the same with UDP.

63
00:04:53,560 --> 00:05:03,140
So one way we can just get TCAP before is to use the dash for option 2 nets that so we can do this.

64
00:05:03,330 --> 00:05:06,720
And that eliminates the TPV 6 data there.

65
00:05:06,870 --> 00:05:10,180
I'm not really using TCAP V-6 so I'm not really worried about that.

66
00:05:10,200 --> 00:05:17,120
So let's break it down with this set of data the same idea just extracting the ports that are listening.

67
00:05:17,130 --> 00:05:22,500
So here again we can use grep to either exclude the headers or include the data as something that's

68
00:05:22,500 --> 00:05:25,620
common and we know that a colon is common in the data.

69
00:05:25,620 --> 00:05:32,070
So that leaves us with the data and then we can do something like fill out the fourth field with AWC

70
00:05:32,880 --> 00:05:35,960
and now in this particular case we are left with two columns of data.

71
00:05:36,060 --> 00:05:39,610
The first column being an IP address and the second column being a port.

72
00:05:39,720 --> 00:05:42,260
And those are separated by a colon.

73
00:05:42,270 --> 00:05:49,440
So this would be an ideal situation where we could use cut so we could use cut the SD colon and get

74
00:05:49,440 --> 00:05:51,150
the second field.

75
00:05:51,150 --> 00:05:56,850
Now we're left with 20 to 25 68 and 77 5:5 on this particular system.

76
00:05:56,850 --> 00:05:59,150
It may not look this way on your system.

77
00:05:59,220 --> 00:06:02,540
We could also use the command in this situation as well.

78
00:06:02,550 --> 00:06:03,680
It doesn't have to be cut.

79
00:06:03,690 --> 00:06:10,000
We could use AHC the field separator of a colon and then print a dollar sign to for example that works.

80
00:06:10,200 --> 00:06:16,770
Or we can even go back to our original command and use dollar sign and F for the last field.

81
00:06:16,860 --> 00:06:19,950
Even though we know there's two fields this will still work.

82
00:06:19,950 --> 00:06:28,600
So in this regard it works with Dash 4 and with out the dash 4 it also works with TCAP V-6 and TZP for

83
00:06:28,920 --> 00:06:33,090
let's put this little command into a script so we can have it when we need it later.

84
00:06:33,090 --> 00:06:36,400
This way we don't have to solve this same problem again in the future.

85
00:06:36,420 --> 00:06:55,900
So I'm really just going to copy this and put it in a script.

86
00:06:55,980 --> 00:07:02,510
We're going to allow a dash for option as we were working on that stat so as to only display the CPV

87
00:07:02,520 --> 00:07:03,320
for Portes

88
00:07:13,390 --> 00:07:17,190
So if I pace our command in here this gets us 99 percent of the way.

89
00:07:17,410 --> 00:07:23,320
The last piece here is if we pass in this dollar sign for the simplest way to do this would be to do

90
00:07:23,320 --> 00:07:30,490
this just pass along whatever was passed to our script to the nets that command itself without doing

91
00:07:30,490 --> 00:07:31,590
any checks.

92
00:07:31,600 --> 00:07:35,950
So this is a personal script and I'm not sharing and I'm not worried about there's a good chance that

93
00:07:35,950 --> 00:07:37,830
I would leave it as is.

94
00:07:38,230 --> 00:07:42,400
Let's try it out and then let's talk about some safeguards that we could put in place here.

95
00:07:42,520 --> 00:07:47,830
So we need to make sure it's executable and then run it and it shows us our report.

96
00:07:48,070 --> 00:07:52,490
And then if we use dash for then it limits those ports to the V for protocols.

97
00:07:52,780 --> 00:07:59,530
But if we do something like this then we get an error from net step because dash block is not a valid

98
00:07:59,530 --> 00:08:05,230
option to Netz that and then we could also send all kinds of different things to net stat that we may

99
00:08:05,230 --> 00:08:07,170
or may not want to do.

100
00:08:07,570 --> 00:08:10,060
So if you want to be more exact you could do something like this.

101
00:08:10,060 --> 00:08:20,590
You have dollar sign one is equal to dash for then and do something like that you can put a check like

102
00:08:20,590 --> 00:08:21,120
that.

103
00:08:21,370 --> 00:08:23,530
I'm not going to do that I'm going to leave that as is.

104
00:08:23,590 --> 00:08:26,380
And that works for our situation here.

105
00:08:26,380 --> 00:08:31,420
One last thing that isn't exactly related to scripting but it's kind of useful to know it's the dash

106
00:08:31,750 --> 00:08:33,190
option to next.

107
00:08:33,460 --> 00:08:38,130
And it displays the PID in the name of the program that has the port open.

108
00:08:38,260 --> 00:08:42,210
But to get that information you need to run that stat with super user privileges.

109
00:08:42,250 --> 00:08:43,010
So we can do this

110
00:08:47,110 --> 00:08:54,860
actually let's limit this data down a little bit what this shows is that we have this HD with a head

111
00:08:54,860 --> 00:09:00,050
of 9 0 9 listening on port 22 on our system.

112
00:09:00,050 --> 00:09:02,160
So that's just a handy command to know.

113
00:09:02,980 --> 00:09:04,160
Hey enough random tips.

114
00:09:04,160 --> 00:09:06,880
Let's get back to what you learned here today.

115
00:09:07,130 --> 00:09:14,000
And this lesson you learned how to extract sections from input using the cut command you learn how to

116
00:09:14,030 --> 00:09:17,210
cut based on byte character and field.

117
00:09:17,300 --> 00:09:23,600
You also learn how to specify a delimiter so you can easily work with CSFB files password files and

118
00:09:23,630 --> 00:09:26,780
any other type of data that is organized in columns.

119
00:09:26,840 --> 00:09:31,970
You also learned about the carrot and dollar sign Ingur regular expressions and use them with a grep

120
00:09:31,970 --> 00:09:32,960
command.

121
00:09:32,960 --> 00:09:39,060
Finally we spent some time dealing with awk and how I can handle multi-character delimiters and whitespace

122
00:09:39,080 --> 00:09:40,010
better than cut.