python/jc
1
0
Fork 0
mirror of https://github.com/kellyjonbrazil/jc.git synced 2025-06-19 00:17:51 +02:00
Code Issues Releases Activity
Files
df1e4b414b2bda5be3153767cd854b2483ba600b
jc/jc/parsers/netstat.py

452 lines
12 KiB
Python
Raw Normal View History

First commit
2019-10-15 15:06:09 -07:00
"""jc - JSON CLI output utility netstat Parser
Usage:
doc formatting change
2019-12-12 09:47:14 -08:00
documentation updates
2019-10-17 12:15:27 -07:00
Specify --netstat as the first argument if the piped input is coming from netstat
First commit
2019-10-15 15:06:09 -07:00
add compatibility to docs
2019-12-12 09:35:42 -08:00
Compatibility:
doc formatting change
2019-12-12 09:47:14 -08:00
initial osx parser
2020-05-19 15:15:08 -07:00
'linux', 'darwin'
add compatibility to docs
2019-12-12 09:35:42 -08:00
document examples
2019-11-07 14:49:21 -08:00
Examples:
update docs
2019-11-11 18:30:46 -08:00
$ sudo netstat -apee | jc --netstat -p
[
{
"proto": "tcp",
"recv_q": 0,
"send_q": 0,
"local_address": "localhost",
"foreign_address": "0.0.0.0",
"state": "LISTEN",
"user": "systemd-resolve",
"inode": 26958,
"program_name": "systemd-resolve",
"kind": "network",
"pid": 887,
"local_port": "domain",
"foreign_port": "*",
"transport_protocol": "tcp",
"network_protocol": "ipv4"
},
{
"proto": "tcp",
"recv_q": 0,
"send_q": 0,
"local_address": "0.0.0.0",
"foreign_address": "0.0.0.0",
"state": "LISTEN",
"user": "root",
"inode": 30499,
"program_name": "sshd",
"kind": "network",
"pid": 1186,
"local_port": "ssh",
"foreign_port": "*",
"transport_protocol": "tcp",
"network_protocol": "ipv4"
},
{
"proto": "tcp",
"recv_q": 0,
"send_q": 0,
"local_address": "localhost",
"foreign_address": "localhost",
"state": "ESTABLISHED",
"user": "root",
"inode": 46829,
"program_name": "sshd: root",
"kind": "network",
"pid": 2242,
"local_port": "ssh",
"foreign_port": "52186",
"transport_protocol": "tcp",
"network_protocol": "ipv4",
"foreign_port_num": 52186
},
{
"proto": "tcp",
"recv_q": 0,
"send_q": 0,
"local_address": "localhost",
"foreign_address": "localhost",
"state": "ESTABLISHED",
"user": "root",
"inode": 46828,
"program_name": "ssh",
"kind": "network",
"pid": 2241,
"local_port": "52186",
"foreign_port": "ssh",
"transport_protocol": "tcp",
"network_protocol": "ipv4",
"local_port_num": 52186
},
{
"proto": "tcp6",
"recv_q": 0,
"send_q": 0,
"local_address": "[::]",
"foreign_address": "[::]",
"state": "LISTEN",
"user": "root",
"inode": 30510,
"program_name": "sshd",
"kind": "network",
"pid": 1186,
"local_port": "ssh",
"foreign_port": "*",
"transport_protocol": "tcp",
"network_protocol": "ipv6"
},
{
"proto": "udp",
"recv_q": 0,
"send_q": 0,
"local_address": "localhost",
"foreign_address": "0.0.0.0",
"state": null,
"user": "systemd-resolve",
"inode": 26957,
"program_name": "systemd-resolve",
"kind": "network",
"pid": 887,
"local_port": "domain",
"foreign_port": "*",
"transport_protocol": "udp",
"network_protocol": "ipv4"
},
{
"proto": "raw6",
"recv_q": 0,
"send_q": 0,
"local_address": "[::]",
"foreign_address": "[::]",
"state": "7",
"user": "systemd-network",
"inode": 27001,
"program_name": "systemd-network",
"kind": "network",
"pid": 867,
"local_port": "ipv6-icmp",
"foreign_port": "*",
"transport_protocol": null,
"network_protocol": "ipv6"
},
{
"proto": "unix",
"refcnt": 2,
"flags": null,
"type": "DGRAM",
"state": null,
"inode": 33322,
"program_name": "systemd",
"path": "/run/user/1000/systemd/notify",
"kind": "socket",
"pid": 1607
},
{
"proto": "unix",
"refcnt": 2,
"flags": "ACC",
"type": "SEQPACKET",
"state": "LISTENING",
"inode": 20835,
"program_name": "init",
"path": "/run/udev/control",
"kind": "socket",
"pid": 1
},
...
]
$ sudo netstat -apee | jc --netstat -p -r
[
{
"proto": "tcp",
"recv_q": "0",
"send_q": "0",
"local_address": "localhost",
"foreign_address": "0.0.0.0",
"state": "LISTEN",
"user": "systemd-resolve",
"inode": "26958",
"program_name": "systemd-resolve",
"kind": "network",
"pid": "887",
"local_port": "domain",
"foreign_port": "*",
"transport_protocol": "tcp",
"network_protocol": "ipv4"
},
{
"proto": "tcp",
"recv_q": "0",
"send_q": "0",
"local_address": "0.0.0.0",
"foreign_address": "0.0.0.0",
"state": "LISTEN",
"user": "root",
"inode": "30499",
"program_name": "sshd",
"kind": "network",
"pid": "1186",
"local_port": "ssh",
"foreign_port": "*",
"transport_protocol": "tcp",
"network_protocol": "ipv4"
},
{
"proto": "tcp",
"recv_q": "0",
"send_q": "0",
"local_address": "localhost",
"foreign_address": "localhost",
"state": "ESTABLISHED",
"user": "root",
"inode": "46829",
"program_name": "sshd: root",
"kind": "network",
"pid": "2242",
"local_port": "ssh",
"foreign_port": "52186",
"transport_protocol": "tcp",
"network_protocol": "ipv4"
},
{
"proto": "tcp",
"recv_q": "0",
"send_q": "0",
"local_address": "localhost",
"foreign_address": "localhost",
"state": "ESTABLISHED",
"user": "root",
"inode": "46828",
"program_name": "ssh",
"kind": "network",
"pid": "2241",
"local_port": "52186",
"foreign_port": "ssh",
"transport_protocol": "tcp",
"network_protocol": "ipv4"
},
{
"proto": "tcp6",
"recv_q": "0",
"send_q": "0",
"local_address": "[::]",
"foreign_address": "[::]",
"state": "LISTEN",
"user": "root",
"inode": "30510",
"program_name": "sshd",
"kind": "network",
"pid": "1186",
"local_port": "ssh",
"foreign_port": "*",
"transport_protocol": "tcp",
"network_protocol": "ipv6"
},
{
"proto": "udp",
"recv_q": "0",
"send_q": "0",
"local_address": "localhost",
"foreign_address": "0.0.0.0",
"state": null,
"user": "systemd-resolve",
"inode": "26957",
"program_name": "systemd-resolve",
"kind": "network",
"pid": "887",
"local_port": "domain",
"foreign_port": "*",
"transport_protocol": "udp",
"network_protocol": "ipv4"
},
{
"proto": "raw6",
"recv_q": "0",
"send_q": "0",
"local_address": "[::]",
"foreign_address": "[::]",
"state": "7",
"user": "systemd-network",
"inode": "27001",
"program_name": "systemd-network",
"kind": "network",
"pid": "867",
"local_port": "ipv6-icmp",
"foreign_port": "*",
"transport_protocol": null,
"network_protocol": "ipv6"
},
{
"proto": "unix",
"refcnt": "2",
"flags": null,
"type": "DGRAM",
"state": null,
"inode": "33322",
"program_name": "systemd",
"path": "/run/user/1000/systemd/notify",
"kind": "socket",
"pid": " 1607"
},
{
"proto": "unix",
"refcnt": "2",
"flags": "ACC",
"type": "SEQPACKET",
"state": "LISTENING",
"inode": "20835",
"program_name": "init",
"path": "/run/udev/control",
"kind": "socket",
"pid": " 1"
},
...
]
First commit
2019-10-15 15:06:09 -07:00
"""
fix compatibility code
2019-11-07 08:07:43 -08:00
add info class
2019-12-13 20:01:51 -08:00
class info():
initial osx parser
2020-05-19 15:15:08 -07:00
version = '1.5'
add "command" to description
2020-02-13 09:47:40 -05:00
description = 'netstat command parser'
add info class
2019-12-13 20:01:51 -08:00
author = 'Kelly Brazil'
author_email = 'kellyjonbrazil@gmail.com'
# compatible options: linux, darwin, cygwin, win32, aix, freebsd
initial osx parser
2020-05-19 15:15:08 -07:00
compatible = ['linux', 'darwin']
add magic_commands list to info
2020-02-11 18:09:21 -08:00
magic_commands = ['netstat']
add info class
2019-12-13 20:01:51 -08:00
add __version__
2020-02-03 16:11:58 -08:00
__version__ = info.version
fix compatibility code
2019-11-07 08:07:43 -08:00
def process(proc_data):
update docs
2019-11-11 18:30:46 -08:00
"""
update process() doc
2019-11-12 11:28:10 -08:00
Final processing to conform to the schema.
Parameters:
pep8 fixes
2019-11-14 16:40:52 -08:00
add colon to parameter in docs
2019-11-13 08:04:40 -08:00
proc_data: (dictionary) raw structured data to process
update process() doc
2019-11-12 11:28:10 -08:00
Returns:
update Return info
2019-12-17 09:56:09 -08:00
List of dictionaries. Structured data with the following schema:
pep8 fixes
2019-11-14 16:40:52 -08:00
update docs
2019-11-11 18:30:46 -08:00
[
{
"proto": string,
"recv_q": integer,
"send_q": integer,
"transport_protocol" string,
"network_protocol": string,
"local_address": string,
"local_port": string,
"local_port_num": integer,
"foreign_address": string,
"foreign_port": string,
"foreign_port_num": integer,
"state": string,
"program_name": string,
"pid": integer,
"user": string,
"security_context": string,
"refcnt": integer,
"flags": string,
"type": string,
"inode": integer,
"path": string,
integer conversions and icmp fix
2020-05-20 15:39:47 -07:00
"kind": string,
"address": string,
"osx_inode": string,
"conn": string,
"refs": string,
"nextref": string,
"name": string,
"unit": integer,
"vendor": integer,
"class": integer,
"subcla": integer,
"osx_flags": integer,
"pcbcount": integer,
"rcvbuf": integer,
"sndbuf": integer,
"rxbytes": integer,
"txbytes": integer
update docs
2019-11-11 18:30:46 -08:00
}
]
"""
process netstat data
2019-11-07 14:43:42 -08:00
for entry in proc_data:
# integer changes
integer conversions and icmp fix
2020-05-20 15:39:47 -07:00
int_list = ['recv_q', 'send_q', 'pid', 'refcnt', 'inode', 'unit', 'vendor', 'class',
'osx_flags', 'subcla', 'pcbcount', 'rcvbuf', 'sndbuf', 'rxbytes', 'txbytes']
process netstat data
2019-11-07 14:43:42 -08:00
for key in int_list:
if key in entry:
try:
key_int = int(entry[key])
entry[key] = key_int
except (ValueError):
entry[key] = None
if 'local_port' in entry:
try:
entry['local_port_num'] = int(entry['local_port'])
except (ValueError):
pass
if 'foreign_port' in entry:
try:
entry['foreign_port_num'] = int(entry['foreign_port'])
except (ValueError):
pass
fix compatibility code
2019-11-07 08:07:43 -08:00
return proc_data
def parse(data, raw=False, quiet=False):
update docs
2019-11-11 18:30:46 -08:00
"""
doc update
2019-11-12 11:17:33 -08:00
Main text parsing function
update docs
2019-11-11 18:30:46 -08:00
doc update
2019-11-12 11:17:33 -08:00
Parameters:
pep8 fixes
2019-11-14 16:40:52 -08:00
doc update
2019-11-12 11:17:33 -08:00
data: (string) text data to parse
raw: (boolean) output preprocessed JSON if True
quiet: (boolean) suppress warning messages if True
update docs
2019-11-11 18:30:46 -08:00
doc update
2019-11-12 11:17:33 -08:00
Returns:
update parse() Return info
2019-12-17 10:09:19 -08:00
List of dictionaries. Raw or processed structured data.
update docs
2019-11-11 18:30:46 -08:00
"""
organize files
2020-05-20 11:24:38 -07:00
import jc.utils
fix compatibility code
2019-11-07 08:07:43 -08:00
if not quiet:
add info class
2019-12-13 20:01:51 -08:00
jc.utils.compatibility(__name__, info.compatible)
linting
2019-10-18 09:57:22 -07:00
First commit
2019-10-15 15:06:09 -07:00
cleandata = data.splitlines()
post_parse flags and program_name
2019-11-07 10:52:02 -08:00
cleandata = list(filter(None, cleandata))
fix compatibility code
2019-11-07 08:07:43 -08:00
raw_output = []
initial osx parser
2020-05-19 15:15:08 -07:00
# check for OSX vs Linux
# is this from OSX?
fix filtered netstat views
2020-05-20 16:43:53 -07:00
if cleandata[0] == 'Active Internet connections' \
or cleandata[0] == 'Active Internet connections (including servers)' \
add multipath condition for osx detection
2020-05-20 17:31:51 -07:00
or cleandata[0] == 'Active Multipath Internet connections' \
fix filtered netstat views
2020-05-20 16:43:53 -07:00
or cleandata[0] == 'Active LOCAL (UNIX) domain sockets' \
or cleandata[0] == 'Registered kernel control modules' \
or cleandata[0] == 'Active kernel event sockets' \
or cleandata[0] == 'Active kernel control sockets':
organize files
2020-05-20 11:24:38 -07:00
import jc.parsers.netstat_osx
initial osx parser
2020-05-19 15:15:08 -07:00
raw_output = jc.parsers.netstat_osx.parse(cleandata)
# use linux parser
else:
organize files
2020-05-20 11:24:38 -07:00
import jc.parsers.netstat_linux
raw_output = jc.parsers.netstat_linux.parse(cleandata)
fix compatibility code
2019-11-07 08:07:43 -08:00
if raw:
return raw_output
else:
return process(raw_output)
Reference in New Issue Copy Permalink