88 lines
2.4 KiB
Python
88 lines
2.4 KiB
Python
|
#!/usr/bin/python
|
||
|
|
||
|
import pwd
|
||
|
import os
|
||
|
import re
|
||
|
import glob
|
||
|
|
||
|
PROC_TCP = "/proc/net/tcp"
|
||
|
STATE = {
|
||
|
'01':'ESTABLISHED',
|
||
|
'02':'SYN_SENT',
|
||
|
'03':'SYN_RECV',
|
||
|
'04':'FIN_WAIT1',
|
||
|
'05':'FIN_WAIT2',
|
||
|
'06':'TIME_WAIT',
|
||
|
'07':'CLOSE',
|
||
|
'08':'CLOSE_WAIT',
|
||
|
'09':'LAST_ACK',
|
||
|
'0A':'LISTEN',
|
||
|
'0B':'CLOSING'
|
||
|
}
|
||
|
|
||
|
def _load():
|
||
|
''' Read the table of tcp connections & remove header '''
|
||
|
with open(PROC_TCP,'r') as f:
|
||
|
content = f.readlines()
|
||
|
content.pop(0)
|
||
|
return content
|
||
|
|
||
|
def _hex2dec(s):
|
||
|
return str(int(s,16))
|
||
|
|
||
|
def _ip(s):
|
||
|
ip = [(_hex2dec(s[6:8])),(_hex2dec(s[4:6])),(_hex2dec(s[2:4])),(_hex2dec(s[0:2]))]
|
||
|
return '.'.join(ip)
|
||
|
|
||
|
def _remove_empty(array):
|
||
|
return [x for x in array if x !='']
|
||
|
|
||
|
def _convert_ip_port(array):
|
||
|
host,port = array.split(':')
|
||
|
return _ip(host),_hex2dec(port)
|
||
|
|
||
|
def netstat():
|
||
|
'''
|
||
|
Function to return a list with status of tcp connections at linux systems
|
||
|
To get pid of all network process running on system, you must run this script
|
||
|
as superuser
|
||
|
'''
|
||
|
|
||
|
content=_load()
|
||
|
result = []
|
||
|
for line in content:
|
||
|
line_array = _remove_empty(line.split(' ')) # Split lines and remove empty spaces.
|
||
|
l_host,l_port = _convert_ip_port(line_array[1]) # Convert ipaddress and port from hex to decimal.
|
||
|
r_host,r_port = _convert_ip_port(line_array[2])
|
||
|
tcp_id = line_array[0]
|
||
|
state = STATE[line_array[3]]
|
||
|
uid = pwd.getpwuid(int(line_array[7]))[0] # Get user from UID.
|
||
|
inode = line_array[9] # Need the inode to get process pid.
|
||
|
pid = _get_pid_of_inode(inode) # Get pid prom inode.
|
||
|
try: # try read the process name.
|
||
|
exe = os.readlink('/proc/'+pid+'/exe')
|
||
|
except:
|
||
|
exe = None
|
||
|
|
||
|
nline = [tcp_id, uid, l_host+':'+l_port, r_host+':'+r_port, state, pid, exe]
|
||
|
result.append(nline)
|
||
|
return result
|
||
|
|
||
|
def _get_pid_of_inode(inode):
|
||
|
'''
|
||
|
To retrieve the process pid, check every running process and look for one using
|
||
|
the given inode.
|
||
|
'''
|
||
|
for item in glob.glob('/proc/[0-9]*/fd/[0-9]*'):
|
||
|
try:
|
||
|
if re.search(inode,os.readlink(item)):
|
||
|
return item.split('/')[2]
|
||
|
except:
|
||
|
pass
|
||
|
return None
|
||
|
|
||
|
if __name__ == '__main__':
|
||
|
for conn in netstat():
|
||
|
print conn
|
||
|
|