linux script check remote ip lists

get network connection
> ss -an

list with estab
> ss -an | grep -i estab

remote address only
> ss -an | grep -i estab | awk '{print $5}'

remove ipv6 info
> ss -an | grep -i estab | awk '{print $5}' | sed 's/::ffff://g'

ip only (remove port info)
> ss -an | grep -i estab | awk '{print $5}' | sed 's/::ffff://g' | awk -F: '{print $1}'

count it
> ss -an | grep -i estab | awk '{print $5}' | sed 's/::ffff://g' | awk -F: '{print $1}' | sort | uniq -c

can be modify to display remote port, local port and so on..

## another example that find out who has connection with local 1521 (oracle db)
> ss -an | grep 1521 | sed 's/::ffff://g' | awk '{print $5}' | cut -d : -f 1 | sort | uniq -c | sort -n

log it with file
> ss -an | grep 1521 | sed 's/::ffff://g' | awk '{print $5}' | cut -d : -f 1 | sort | uniq -c | sort -n > /opt/ray/`date +%Y%m%d%H%M%S`.1521.log