How do I parse relevant IP addresses from netstat and redirect it to NSlookup in a batch script?

Question

How do you parse the IP addresses in the foreign address column and redirect them to nslookup whilst ignoring everything else?

Proto  Local Address          Foreign Address        State           PID
TCP    127.0.0.1:5354         0.0.0.0:0              LISTENING       2076
TCP    127.0.0.1:5354         127.0.0.1:49671        ESTABLISHED     2076
TCP    127.0.0.1:5354         127.0.0.1:49672        ESTABLISHED     2076
TCP    127.0.0.1:27015        0.0.0.0:0              LISTENING       1360
TCP    127.0.0.1:27015        127.0.0.1:51666        ESTABLISHED     1360
TCP    127.0.0.1:49671        127.0.0.1:5354         ESTABLISHED     1360
TCP    127.0.0.1:49672        127.0.0.1:5354         ESTABLISHED     1360
TCP    127.0.0.1:49769        127.0.0.1:49770        ESTABLISHED     7916
TCP    127.0.0.1:49770        127.0.0.1:49769        ESTABLISHED     7916
TCP    127.0.0.1:49773        127.0.0.1:49774        ESTABLISHED     6952
TCP    127.0.0.1:49774        127.0.0.1:49773        ESTABLISHED     6952
TCP    127.0.0.1:51666        127.0.0.1:27015        ESTABLISHED     7944
TCP    192.168.1.4:139        0.0.0.0:0              LISTENING       4
TCP    192.168.1.4:50031      40.77.229.23:443       ESTABLISHED     3268
TCP    192.168.1.4:50047      17.252.60.32:5223      ESTABLISHED     8684
TCP    192.168.1.4:50197      104.82.252.232:443     CLOSE_WAIT      12640
TCP    192.168.1.4:50198      104.82.252.232:443     CLOSE_WAIT      12640

you cant view the IP address and the fully qualified domain name simultaneously. at some point i'd like to equate the domain name with the IP address. — Blake K Akiti, Jan 23 '17 at 18:27
@Psychomatician Read the help topics about [asking](http://stackoverflow.com/help/asking). Stack Overflow is mainly for programmers helping other programmers to finish their coding task when stuck somewhere. A question with no code at all, just with a task description, and asking how to do that using ... means you have done no efforts to solve the coding task by yourself and use Stack Overflow as free code writing service. Many programmers on SO don't like it being used as not paid code writers for others with not having tried anything at all themselves to write the code for the task. — Mofi, Jan 25 '17 at 07:15
You should ask a specific question for a particular problem. Since Stack Overflow hides the Close reason from you: *"Questions asking us to recommend or find a book, tool, software library, tutorial or other off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it."* — jww, Jul 25 '17 at 04:51

score 1 · Answer 1 · 2017-01-23T18:54:07.183

Try this, limited to IPv4 addresses.

@Echo off
For /f "tokens=3" %%A in (
  'netstat -n -o ^| find /V "[" ^| find ":"'
) Do For /f "tokens=1,2 delims=:" %%B in ("%%A"
) Do For /f "tokens=2 delims=: " %%D in (
  'nslookup %%B ^| findstr /i "^Name:" ^|find /v "localhost"'
) Do Echo %%B:%%C     %%D
Goto :Eof

Sample shortened output:

212.227.17.178:993     imap.web.de
40.77.229.46:443     db5sch101101929.wns.windows.com
40.77.229.3:443     db5sch101100831.wns.windows.com
40.77.229.64:443     db5sch101110343.wns.windows.com
54.149.244.33:443     ec2-54-149-244-33.us-west-2.compute.amazonaws.com
212.227.17.162:993     imap.web.de
212.227.15.171:993     imap.1und1.de

The 1st for parses ip:port from the netstat output dropping IPv6 results The 2nd for splits ip and port The 3rd for parses netstat output

How do I parse relevant IP addresses from netstat and redirect it to NSlookup in a batch script?

1 Answers1