The other day, I needed to find out what connection were connecting to one of my Linux boxes. I’ve written a shell script one-liner that will pull all the uniq IP addresses, perform a reverse lookup, and return the results by way of IP ADDRESS ---> REVERSE LOOKUP. Later, I plan on adding to this will the amount of connections per IP, but for now, it just grabs the reverse address and displays it will the originating IP address.
for i in `netstat -napl | awk '{ print $5 }' | grep -vP '(STREAM|DGRAM|]|State|and|Address|\(servers)|0.0.0.0' | sed 's/^[ \t]*//;s/[ \t]*$//' | sort -rn | cut -d":" -f1 | uniq`; do echo -en "$i --> "`dig -x $i +short`"\n"; done |
