Sign in to follow this  
Followers 0
iamtheky

NetStat To Names

5 posts in this topic

#1 ·  Posted (edited)

Netstat -f is slow as balls so I wrote this 3 parter to add to my AuditShot which runs substantially quicker in my testing.

1) runs netstat -n,

2) uniques the foreign addresses

3) runs those through nslookup

As always, improvements and/or berating inefficiencies are both welcome:

*Fixed IPv6 fail

;netstat -f replacement v2 (potential IPv6 fix)
#include<array.au3>

$sCommand = "netstat -n"
$iPID = run($sCommand, "" , @SW_HIDE , $stdout_child)

$sOutput = ""
$sNSLookupOut = ""
local $aNSfinal[0]
local $aNSLookupFinal[0]

     While 1
        $sOutput &= StdoutRead($iPID)
        If @error Then ExitLoop
    WEnd


ProcessClose($iPID)

$aOut = stringsplit($sOutput , @LF , 2)

For $i = 4 to ubound($aOut) - 1
    $aLine = stringsplit($aOut[$i] , " " , 2)
        For $k = ubound($aLine) - 1 to 0 step - 1
            If stringstripWS($aLine[$k] , 8) = "" Then _ArrayDelete($aLine , $k)
        Next

;~ msgbox(0, '' , stringleft($aLine[2] , stringinstr($aLine[2] , ":" , 0 , -1) - 1))

If ubound($aLine) > 1 Then _ArrayAdd($aNSfinal , stringleft($aLine[2] , stringinstr($aLine[2] , ":" , 0 , -1) - 1))


$aUniqueNS = _ArrayUnique($aNSfinal)
_ArrayDelete($aUniqueNS , 0)



Next

;_ArrayDisplay($aUniqueNS)


For $k = 0 to ubound($aUniqueNS) - 1

        $iPID = run("nslookup " & $aUniqueNS[$k] , "" , @SW_HIDE , $stdout_child)

            While 1
                $sNSLookupOut &= StdoutRead($iPID)
                If @error Then ExitLoop
            WEnd

        ProcessClose($iPID)

        $aNSLookup = stringsplit($sNSLookupOut , @LF , 2)

            _ArrayDelete($aNSLookup , "0-2")

            _ArrayAdd($aNSLookupFinal , $aNSLookup)


$sNSLookupOut = ""

Next

_ArrayDisplay($aNSLookupFinal , "Final")

 

Edited by iamtheky
spelng and grmmr
2 people like this

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites



just tested on my ipv6 friendly box and splitting on the colon was not wise, i will have to fix that.


,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Fix confirmed, edited post #1

 

Edited by iamtheky
duplicate

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0