python/jc
1
0
Fork 0
mirror of https://github.com/kellyjonbrazil/jc.git synced 2025-08-08 22:36:48 +02:00
Code Issues Releases Activity

finalize parse_post

Browse Source
This commit is contained in:
Kelly Brazil
2019-11-07 13:53:23 -08:00
parent 8c78f95973
commit 21b56096c5
1 changed files with 37 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
jc/parsers/netstat.py
View File

@ -88,7 +88,9 @@ def parse_socket(header_text, headers, entry):
def parse_post(raw_data): def parse_post(raw_data):
# clean up trailing whitespace on each item in each entry
# flags --- = null # flags --- = null
# program_name - = null
# post process to split pid and program name and ip addresses and ports # post process to split pid and program name and ip addresses and ports
for entry in raw_data: for entry in raw_data:
@ -102,10 +104,45 @@ def parse_post(raw_data):
if 'flags' in entry: if 'flags' in entry:
if entry['flags'] == '---': if entry['flags'] == '---':
entry['flags'] = None entry['flags'] = None
if 'program_name' in entry: if 'program_name' in entry:
if entry['program_name'] == '-': if entry['program_name'] == '-':
entry['program_name'] = None entry['program_name'] = None
if entry['program_name']:
pid = entry['program_name'].split('/', maxsplit=1)[0]
name = entry['program_name'].split('/', maxsplit=1)[1]
entry['pid'] = pid
entry['program_name'] = name
if 'local_address' in entry:
if entry['local_address']:
ladd = entry['local_address'].rsplit(':', maxsplit=1)[0]
lport = entry['local_address'].rsplit(':', maxsplit=1)[1]
entry['local_address'] = ladd
entry['local_port'] = lport
if 'foreign_address' in entry:
if entry['foreign_address']:
fadd = entry['foreign_address'].rsplit(':', maxsplit=1)[0]
fport = entry['foreign_address'].rsplit(':', maxsplit=1)[1]
entry['foreign_address'] = fadd
entry['foreign_port'] = fport
if 'proto' in entry and 'kind' in entry:
if entry['kind'] == 'network':
if entry['proto'].find('tcp') != -1:
entry['transport_protocol'] = 'tcp'
elif entry['proto'].find('udp') != -1:
entry['transport_protocol'] = 'udp'
else:
entry['transport_protocol'] = None
if entry['proto'].find('6') != -1:
entry['network_protocol'] = 'ipv6'
else:
entry['network_protocol'] = 'ipv4'
return raw_data return raw_data