观察一、先输出两个值,其中NF为awk正在处理记录(行)的字段总数,$NF为每行最后一个字段的值

# netstat -na |awk '/^tcp/ {print NF,$NF}'
6 LISTEN
6 LISTEN
6 LISTEN
6 LISTEN
6 LISTEN
6 LISTEN
6 LISTEN
6 LISTEN
6 LISTEN
6 LISTEN
6 TIME_WAIT
6 TIME_WAIT
6 TIME_WAIT
6 TIME_WAIT
6 ESTABLISHED
6 ESTABLISHED
6 ESTABLISHED
6 ESTABLISHED
6 ESTABLISHED
6 TIME_WAIT
6 TIME_WAIT
6 LISTEN
6 LISTEN
6 ESTABLISHED

观察二、如下命令输出4个值,注意前后俩字段的值是怎么来的。。。S[LISTEN], ++S[LISTEN]

# netstat -na |awk '/^tcp/ {print NF,$NF,S[$NF],++S[$NF]}'
6 LISTEN   1
6 LISTEN 1 2
6 LISTEN 2 3
6 LISTEN 3 4
6 LISTEN 4 5
6 LISTEN 5 6
6 LISTEN 6 7
6 LISTEN 7 8
6 LISTEN 8 9
6 LISTEN 9 10
6 TIME_WAIT  1
6 ESTABLISHED  1
6 TIME_WAIT 1 2
6 TIME_WAIT 2 3
6 TIME_WAIT 3 4
6 ESTABLISHED 1 2
6 ESTABLISHED 2 3
6 ESTABLISHED 3 4
6 ESTABLISHED 4 5
6 LISTEN 10 11
6 LISTEN 11 12
6 ESTABLISHED 5 6

观察三、利用awk的行处理特性,遍历了所有tcp开头的行。定义出不同状态命名的数组下标,并分别++计数赋值给数组元素,最后打印$NF和数组S[$NF]的值。观察粗体部分

 # netstat -na | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'
TIME_WAIT 4
ESTABLISHED 6
LISTEN 12

SYN_RECV表示正在等待处理的请求数;
ESTABLISHED表示正常数据传输状态;
TIME_WAIT表示处理完毕,等待超时结束的请求数。