spudw2k

GetNetStatData

5 posts in this topic

#1 ·  Posted (edited)

An oldie but goodie, I was cleaning house and found this old snippet I made back in Apr 2013.  It still has some utility, so I figured I'd share it.

Ii runs netstat and populates the output into an array.  Very simple.

#include <Constants.au3>
#include <Array.au3>

_ArrayDisplay(_GetNetStatData())

Func _GetNetStatData()
    Return _ProcessNetStatData(_GetNetStatOutput())
EndFunc

Func _GetNetStatOutput()
    Local $pid = Run(@ComSpec & " /c netstat.exe -a -o -n", @SystemDir, @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD)
    Local $stdout
    While 1
        $stdout &= StdoutRead($pid)
        If @error Then ExitLoop
    WEnd
    Return $stdout
EndFunc

Func _ProcessNetStatData($data)
    Local $arr = StringSplit(StringStripWS($data,4),@CR)
    Local $arrRecord
    Dim $arrData[1][5]=[["Protocol","Local Address","Foreign Address","State","PID"]]
    ReDim $arrData[$arr[0]-3][5]
    For $x = 1 To UBound($arrData)-1
        $arrRecord = StringSplit($arr[$x+3]," ")
        If $arrRecord[1]="TCP" Then
            For $y = 0 to $arrRecord[0]-1
                $arrData[$x][$y] = $arrRecord[$y+1]
            Next
        ElseIf $arrRecord[1]="UDP" Then
            For $y = 0 to $arrRecord[0]-2
                $arrData[$x][$y] = $arrRecord[$y+1]
            Next
            $arrData[$x][4] = $arrRecord[4]
        EndIf
    Next
    Return $arrData
EndFunc

 

Edited by spudw2k
1 person likes this

Share this post


Link to post
Share on other sites



👍 


Earthshine
A beacon in the night
I can raise my eyes to 
Earthshine -- RUSH, Earthshine - Vapor Trails

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

dude, this rules! thanks! you can almost tell if you've been hacked by running that report! nice. 

I use TcpView to see if I am hacked usually, scanning with tools always as well. I am going to see if we can't add those extra columns if you won't... LOL

 

tcpview.PNG

NetStatReport.PNG

Edited by Earthshine

Earthshine
A beacon in the night
I can raise my eyes to 
Earthshine -- RUSH, Earthshine - Vapor Trails

Share this post


Link to post
Share on other sites

😂 


Earthshine
A beacon in the night
I can raise my eyes to 
Earthshine -- RUSH, Earthshine - Vapor Trails

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Similar Content

    • dragan
      By dragan
      I'm using my script to monitor established connections with the network. I'm using combination of RUN and NETSTAT command, however, constantly calling netstat from CMD doesn't feel elegant enough, and it's causing my script to perform really slow. Is there more elegant solution, an alternative for calling netstat?