Sign in to follow this  
Followers 0
walle

Ip and associated process.

7 posts in this topic

#1 ·  Posted (edited)

I'm looking for a way to list or log all IP network connections

(indexed by IP address or hostname) and the associated local process

(and possibly other information).

How should I proceed?

Edit: netstat -ano ... :)

Edited by walle

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

Are you saying you want to grab the results of "netstat -ano" and use it in a script?

#include <Constants.au3>

$cmd = "netstat -ano"
$string = _CMDreturn($cmd)
MsgBox(0, $cmd, $string)

Func _CMDreturn($sCommand) ; Returns a the output of a DOS command as a string
    $cmdreturn = ""
    $stream = Run(@ComSpec & " /c " & $sCommand, @SystemDir, @SW_HIDE, $STDOUT_CHILD + $STDIN_CHILD)
    While 1 ; loop through the return from the command until there is no more
        $line = StdoutRead($stream)
        If @error Then ExitLoop
        $cmdreturn &= $line
    WEnd
    Return $cmdreturn
EndFunc   ;==>_CMDreturn
Edited by SpookMeister

[u]Helpful tips:[/u]If you want better answers to your questions, take the time to reproduce your issue in a small "stand alone" example script whenever possible. Also, make sure you tell us 1) what you tried, 2) what you expected to happen, and 3) what happened instead.[u]Useful links:[/u]BrettF's update to LxP's "How to AutoIt" pdfValuater's Autoit 1-2-3 Download page for the latest versions of Autoit and SciTE[quote]<glyph> For example - if you came in here asking "how do I use a jackhammer" we might ask "why do you need to use a jackhammer"<glyph> If the answer to the latter question is "to knock my grandmother's head off to let out the evil spirits that gave her cancer", then maybe the problem is actually unrelated to jackhammers[/quote]

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

Are you saying you want to grab the results of "netstat -ano" and use it in a script?

Well, sort off.

I was looking for the command "netstat -ano"

Found it just after having created this thread.

Thanks anway!

So, I got the pid but I still have some difficulties to collect the assoicated ip.

I want to, based on the pid, collect the associated ip. Sounds easy?

Well, I have never been good at collecting info from dos.

This is what i got so far. Lets say I want the ip for pid 2260.

How should I proceed?

#include <Constants.au3>

$list = ProcessList("Software.exe")
for $i = 1 to $list[0][0]
$pid = $list[$i][1]
next

Local $foo = Run("netstat -ano", @SystemDir, @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD)
Local $sStdOutRead = ""
While 1
    $sStdOutRead &= StdoutRead($foo)
    if not $sStdOutRead = "" then ExitLoop
Wend

Active Connections

  Proto  Local Address        Foreign Address       State          PID
  TCP   0.0.0.0:135         0.0.0.0:0             LISTENING    1216
  TCP   0.0.0.0:445         0.0.0.0:0             LISTENING    4
  TCP   0.0.0.0:2869           0.0.0.0:0              LISTENING    1488
  TCP   127.0.0.1:1029       0.0.0.0:0            LISTENING    2260
  TCP   127.0.0.1:5152       0.0.0.0:0            LISTENING    1596
  TCP   127.0.0.1:5152       127.0.0.1:2271      CLOSE_WAIT   1596
  TCP   192.168.1.5:139     0.0.0.0:0             LISTENING    4
Edited by walle

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Sorry about taking so long to get back to you... took a long weekend off :)

This should give you an idea of how to handle it.

#include <Constants.au3>

$list = ProcessList("OUTLOOK.EXE")
For $i = 1 To $list[0][0]
    $pid = $list[$i][1]
Next

$cmd = "netstat -ano"
$string = _CMDreturn($cmd)

;split the string into an array of individual lines for processing
$result = StringSplit($string, @CR)

;process the array
For $x = 1 To $result[0]
    $line = $result[$x]
    ;get rid of extra white space
    $newline = StringStripWS($line, 4)
    ;strip leading @LF characters from the results
    If StringMid($newline, 1, 1) = @LF Then $newline = StringTrimLeft($newline, 1)
    ;split the line into another array so we can compare just the PIDs
    $a_line = StringSplit($newline, " ")
    If $a_line[0] = 5 Then ;only look at lines that had 5 pieces of info
        If $a_line[5] = $pid Then MsgBox(0, "Results", "PID=" & $a_line[5] & @CRLF & "IP=" & $a_line[3])
    EndIf
Next

Func _CMDreturn($sCommand) ; Returns the output of a DOS command as a string
    $cmdreturn = ""
    $stream = Run(@ComSpec & " /c " & $sCommand, @SystemDir, @SW_HIDE, $STDOUT_CHILD + $STDIN_CHILD)
    While 1 ; loop through the return from the command until there is no more
        $line = StdoutRead($stream)
        If @error Then ExitLoop
        $cmdreturn &= $line
    WEnd
    Return $cmdreturn
EndFunc   ;==>_CMDreturn
Edited by SpookMeister

[u]Helpful tips:[/u]If you want better answers to your questions, take the time to reproduce your issue in a small "stand alone" example script whenever possible. Also, make sure you tell us 1) what you tried, 2) what you expected to happen, and 3) what happened instead.[u]Useful links:[/u]BrettF's update to LxP's "How to AutoIt" pdfValuater's Autoit 1-2-3 Download page for the latest versions of Autoit and SciTE[quote]<glyph> For example - if you came in here asking "how do I use a jackhammer" we might ask "why do you need to use a jackhammer"<glyph> If the answer to the latter question is "to knock my grandmother's head off to let out the evil spirits that gave her cancer", then maybe the problem is actually unrelated to jackhammers[/quote]

Share this post


Link to post
Share on other sites

Thank you SpookMeister :)

Really grateful.

Share this post


Link to post
Share on other sites

If $a_line[5] = $pid Then MsgBox(0, "Results", "PID=" & $a_line[5] & @CRLF & "IP=" & $a_line[3])

If $a_line[5] = ^ ERROR

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

If $a_line[5] = $pid Then MsgBox(0, "Results", "PID=" & $a_line[5] & @CRLF & "IP=" & $a_line[3])

If $a_line[5] = ^ ERROR

That is probably because you did not have "OUTLOOK.EXE" running and there was no error detection built into the script...

Here is a version that has more error handling built in:

#include <Constants.au3>

$proc = "OUTLOOK.EXE" ; change this to the process you want to monitor
$list = ProcessList($proc)
If $list[0][0] = 0 Then
    MsgBox(0, "Error", " The " & $proc & " process is not running")
    Exit
EndIf

For $i = 1 To $list[0][0]
    $pid = $list[$i][1]
Next

$cmd = "netstat -ano"
$string = _CMDreturn($cmd)

;split the string into an array of individual lines for processing
$result = StringSplit($string, @CR)

;process the array
For $x = 1 To $result[0]
    $line = $result[$x]
    ;get rid of extra white space
    $newline = StringStripWS($line, 4)
    ;strip leading @LF characters from the results
    If StringMid($newline, 1, 1) = @LF Then $newline = StringTrimLeft($newline, 1)
    ;split the line into another array so we can compare just the PIDs
    $a_line = StringSplit($newline, " ")
    If $a_line[0] = 5 Then ;only look at lines that had 5 pieces of info
        If $a_line[5] = $pid Then MsgBox(0, "Results", "PID=" & $a_line[5] & @CRLF & "IP=" & $a_line[3])
    EndIf
Next

Func _CMDreturn($sCommand) ; Returns the output of a DOS command as a string
    $cmdreturn = ""
    $stream = Run(@ComSpec & " /c " & $sCommand, @SystemDir, @SW_HIDE, $STDOUT_CHILD + $STDIN_CHILD)
    While 1 ; loop through the return from the command until there is no more
        $line = StdoutRead($stream)
        If @error Then ExitLoop
        $cmdreturn &= $line
    WEnd
    Return $cmdreturn
EndFunc   ;==>_CMDreturn
Edited by SpookMeister

[u]Helpful tips:[/u]If you want better answers to your questions, take the time to reproduce your issue in a small "stand alone" example script whenever possible. Also, make sure you tell us 1) what you tried, 2) what you expected to happen, and 3) what happened instead.[u]Useful links:[/u]BrettF's update to LxP's "How to AutoIt" pdfValuater's Autoit 1-2-3 Download page for the latest versions of Autoit and SciTE[quote]<glyph> For example - if you came in here asking "how do I use a jackhammer" we might ask "why do you need to use a jackhammer"<glyph> If the answer to the latter question is "to knock my grandmother's head off to let out the evil spirits that gave her cancer", then maybe the problem is actually unrelated to jackhammers[/quote]

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0