abhi-bit · August 27, 2014 11:18 · zgmarx · Apr 24, 2023
diff --git a/netstat.py b/netstat.py
 #!/usr/bin/python

 import pwd
 import os
 import re
 import glob

 PROC_TCP = "/proc/net/tcp"
 STATE = {
        '01':'ESTABLISHED',
        '02':'SYN_SENT',
        '03':'SYN_RECV',
        '04':'FIN_WAIT1',
        '05':'FIN_WAIT2',
        '06':'TIME_WAIT',
        '07':'CLOSE',
        '08':'CLOSE_WAIT',
        '09':'LAST_ACK',
        '0A':'LISTEN',
        '0B':'CLOSING'
        }

 def _load():
    ''' Read the table of tcp connections & remove header  '''
    with open(PROC_TCP,'r') as f:
        content = f.readlines()
        content.pop(0)
    return content

 def _hex2dec(s):
    return str(int(s,16))

 def _ip(s):
    ip = [(_hex2dec(s[6:8])),(_hex2dec(s[4:6])),(_hex2dec(s[2:4])),(_hex2dec(s[0:2]))]
    return '.'.join(ip)

 def _remove_empty(array):
    return [x for x in array if x !='']

 def _convert_ip_port(array):
    host,port = array.split(':')
    return _ip(host),_hex2dec(port)

 def netstat():
    '''
    Function to return a list with status of tcp connections at linux systems
    To get pid of all network process running on system, you must run this script
    as superuser
    '''

    content=_load()
    result = []
    for line in content:
        line_array = _remove_empty(line.split(' '))     # Split lines and remove empty spaces.
        l_host,l_port = _convert_ip_port(line_array[1]) # Convert ipaddress and port from hex to decimal.
        r_host,r_port = _convert_ip_port(line_array[2]) 
        tcp_id = line_array[0]
        state = STATE[line_array[3]]
        uid = pwd.getpwuid(int(line_array[7]))[0]       # Get user from UID.
        inode = line_array[9]                           # Need the inode to get process pid.
        pid = _get_pid_of_inode(inode)                  # Get pid prom inode.
        try:                                            # try read the process name.
            exe = os.readlink('/proc/'+pid+'/exe')
        except:
            exe = None

        nline = [tcp_id, uid, l_host+':'+l_port, r_host+':'+r_port, state, pid, exe]
        result.append(nline)
    return result

 def _get_pid_of_inode(inode):
    '''
    To retrieve the process pid, check every running process and look for one using
    the given inode.
    '''
    for item in glob.glob('/proc/[0-9]*/fd/[0-9]*'):
        try:
            if re.search(inode,os.readlink(item)):
                return item.split('/')[2]
        except:
            pass
    return None

 if __name__ == '__main__':
    for conn in netstat():
        print conn
	#!/usr/bin/python

	import pwd
	import os
	import re
	import glob

	PROC_TCP = "/proc/net/tcp"
	STATE = {
	'01':'ESTABLISHED',
	'02':'SYN_SENT',
	'03':'SYN_RECV',
	'04':'FIN_WAIT1',
	'05':'FIN_WAIT2',
	'06':'TIME_WAIT',
	'07':'CLOSE',
	'08':'CLOSE_WAIT',
	'09':'LAST_ACK',
	'0A':'LISTEN',
	'0B':'CLOSING'
	}

	def _load():
	''' Read the table of tcp connections & remove header '''
	with open(PROC_TCP,'r') as f:
	content = f.readlines()
	content.pop(0)
	return content

	def _hex2dec(s):
	return str(int(s,16))

	def _ip(s):
	ip = [(_hex2dec(s[6:8])),(_hex2dec(s[4:6])),(_hex2dec(s[2:4])),(_hex2dec(s[0:2]))]
	return '.'.join(ip)

	def _remove_empty(array):
	return [x for x in array if x !='']

	def _convert_ip_port(array):
	host,port = array.split(':')
	return _ip(host),_hex2dec(port)

	def netstat():
	'''
	Function to return a list with status of tcp connections at linux systems
	To get pid of all network process running on system, you must run this script
	as superuser
	'''

	content=_load()
	result = []
	for line in content:
	line_array = _remove_empty(line.split(' ')) # Split lines and remove empty spaces.
	l_host,l_port = _convert_ip_port(line_array[1]) # Convert ipaddress and port from hex to decimal.
	r_host,r_port = _convert_ip_port(line_array[2])
	tcp_id = line_array[0]
	state = STATE[line_array[3]]
	uid = pwd.getpwuid(int(line_array[7]))[0] # Get user from UID.
	inode = line_array[9] # Need the inode to get process pid.
	pid = _get_pid_of_inode(inode) # Get pid prom inode.
	try: # try read the process name.
	exe = os.readlink('/proc/'+pid+'/exe')
	except:
	exe = None

	nline = [tcp_id, uid, l_host+':'+l_port, r_host+':'+r_port, state, pid, exe]
	result.append(nline)
	return result

	def _get_pid_of_inode(inode):
	'''
	To retrieve the process pid, check every running process and look for one using
	the given inode.
	'''
	for item in glob.glob('/proc/[0-9]/fd/[0-9]'):
	try:
	if re.search(inode,os.readlink(item)):
	return item.split('/')[2]
	except:
	pass
	return None

	if __name__ == '__main__':
	for conn in netstat():
	print conn