From cad2e16c7aa54a70f476bf4268ff8e5985cff468 Mon Sep 17 00:00:00 2001 From: Kelly Brazil Date: Thu, 7 Nov 2019 14:49:21 -0800 Subject: [PATCH] document examples --- jc/parsers/netstat.py | 354 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 353 insertions(+), 1 deletion(-) diff --git a/jc/parsers/netstat.py b/jc/parsers/netstat.py index b013ba64..d4336ea9 100644 --- a/jc/parsers/netstat.py +++ b/jc/parsers/netstat.py @@ -5,6 +5,358 @@ Usage: Limitations: incorrect parsing can occur when there is a space in the program_name field when using the -p option in netstat + +Examples: + +$ sudo netstat -apWn | jc --netstat -p +[ + { + "proto": "tcp", + "recv_q": 0, + "send_q": 0, + "local_address": "127.0.0.1", + "foreign_address": "0.0.0.0", + "state": "LISTEN", + "program_name": "master", + "kind": "network", + "pid": 1498, + "local_port": "25", + "foreign_port": "*", + "transport_protocol": "tcp", + "network_protocol": "ipv4", + "local_port_num": 25 + }, + { + "proto": "tcp", + "recv_q": 0, + "send_q": 0, + "local_address": "0.0.0.0", + "foreign_address": "0.0.0.0", + "state": "LISTEN", + "program_name": "sshd", + "kind": "network", + "pid": 1219, + "local_port": "22", + "foreign_port": "*", + "transport_protocol": "tcp", + "network_protocol": "ipv4", + "local_port_num": 22 + }, + { + "proto": "tcp", + "recv_q": 0, + "send_q": 0, + "local_address": "192.168.71.138", + "foreign_address": "192.168.71.1", + "state": "ESTABLISHED", + "program_name": "sshd: kbrazil", + "kind": "network", + "pid": 10401, + "local_port": "22", + "foreign_port": "62012", + "transport_protocol": "tcp", + "network_protocol": "ipv4", + "local_port_num": 22, + "foreign_port_num": 62012 + }, + { + "proto": "tcp6", + "recv_q": 0, + "send_q": 0, + "local_address": "::1", + "foreign_address": "::", + "state": "LISTEN", + "program_name": "master", + "kind": "network", + "pid": 1498, + "local_port": "25", + "foreign_port": "*", + "transport_protocol": "tcp", + "network_protocol": "ipv6", + "local_port_num": 25 + }, + { + "proto": "tcp6", + "recv_q": 0, + "send_q": 0, + "local_address": "::", + "foreign_address": "::", + "state": "LISTEN", + "program_name": "sshd", + "kind": "network", + "pid": 1219, + "local_port": "22", + "foreign_port": "*", + "transport_protocol": "tcp", + "network_protocol": "ipv6", + "local_port_num": 22 + }, + { + "proto": "udp", + "recv_q": 0, + "send_q": 0, + "local_address": "0.0.0.0", + "foreign_address": "0.0.0.0", + "state": null, + "program_name": "dhclient", + "kind": "network", + "pid": 10666, + "local_port": "68", + "foreign_port": "*", + "transport_protocol": "udp", + "network_protocol": "ipv4", + "local_port_num": 68 + }, + { + "proto": "udp", + "recv_q": 0, + "send_q": 0, + "local_address": "127.0.0.1", + "foreign_address": "0.0.0.0", + "state": null, + "program_name": "chronyd", + "kind": "network", + "pid": 788, + "local_port": "323", + "foreign_port": "*", + "transport_protocol": "udp", + "network_protocol": "ipv4", + "local_port_num": 323 + }, + { + "proto": "udp6", + "recv_q": 0, + "send_q": 0, + "local_address": "::1", + "foreign_address": "::", + "state": null, + "program_name": "chronyd", + "kind": "network", + "pid": 788, + "local_port": "323", + "foreign_port": "*", + "transport_protocol": "udp", + "network_protocol": "ipv6", + "local_port_num": 323 + }, + { + "proto": "raw6", + "recv_q": 0, + "send_q": 0, + "local_address": "::", + "foreign_address": "::", + "state": "7", + "program_name": "NetworkManager", + "kind": "network", + "pid": 876, + "local_port": "58", + "foreign_port": "*", + "transport_protocol": null, + "network_protocol": "ipv6", + "local_port_num": 58 + }, + { + "proto": "unix", + "refcnt": 3, + "flags": null, + "type": "DGRAM", + "state": null, + "inode": 8971, + "program_name": "systemd", + "path": "/run/systemd/notify", + "kind": "socket", + "pid": 1 + }, + { + "proto": "unix", + "refcnt": 2, + "flags": null, + "type": "DGRAM", + "state": null, + "inode": 8973, + "program_name": "systemd", + "path": "/run/systemd/cgroups-agent", + "kind": "socket", + "pid": 1 + }, + { + "proto": "unix", + "refcnt": 2, + "flags": "ACC", + "type": "STREAM", + "state": "LISTENING", + "inode": 14097, + "program_name": "systemd", + "path": "/run/lvm/lvmpolld.socket", + "kind": "socket", + "pid": 1 + }, + ... +] + +$ sudo netstat -apWn | jc --netstat -p -r +[ + { + "proto": "tcp", + "recv_q": "0", + "send_q": "0", + "local_address": "127.0.0.1", + "foreign_address": "0.0.0.0", + "state": "LISTEN", + "program_name": "master", + "kind": "network", + "pid": "1498", + "local_port": "25", + "foreign_port": "*", + "transport_protocol": "tcp", + "network_protocol": "ipv4" + }, + { + "proto": "tcp", + "recv_q": "0", + "send_q": "0", + "local_address": "0.0.0.0", + "foreign_address": "0.0.0.0", + "state": "LISTEN", + "program_name": "sshd", + "kind": "network", + "pid": "1219", + "local_port": "22", + "foreign_port": "*", + "transport_protocol": "tcp", + "network_protocol": "ipv4" + }, + { + "proto": "tcp", + "recv_q": "0", + "send_q": "0", + "local_address": "192.168.71.138", + "foreign_address": "192.168.71.1", + "state": "ESTABLISHED", + "program_name": "sshd: kbrazil", + "kind": "network", + "pid": "10401", + "local_port": "22", + "foreign_port": "62012", + "transport_protocol": "tcp", + "network_protocol": "ipv4" + }, + { + "proto": "tcp6", + "recv_q": "0", + "send_q": "0", + "local_address": "::1", + "foreign_address": "::", + "state": "LISTEN", + "program_name": "master", + "kind": "network", + "pid": "1498", + "local_port": "25", + "foreign_port": "*", + "transport_protocol": "tcp", + "network_protocol": "ipv6" + }, + { + "proto": "tcp6", + "recv_q": "0", + "send_q": "0", + "local_address": "::", + "foreign_address": "::", + "state": "LISTEN", + "program_name": "sshd", + "kind": "network", + "pid": "1219", + "local_port": "22", + "foreign_port": "*", + "transport_protocol": "tcp", + "network_protocol": "ipv6" + }, + { + "proto": "udp", + "recv_q": "0", + "send_q": "0", + "local_address": "0.0.0.0", + "foreign_address": "0.0.0.0", + "state": null, + "program_name": "dhclient", + "kind": "network", + "pid": "10666", + "local_port": "68", + "foreign_port": "*", + "transport_protocol": "udp", + "network_protocol": "ipv4" + }, + { + "proto": "udp", + "recv_q": "0", + "send_q": "0", + "local_address": "127.0.0.1", + "foreign_address": "0.0.0.0", + "state": null, + "program_name": "chronyd", + "kind": "network", + "pid": "788", + "local_port": "323", + "foreign_port": "*", + "transport_protocol": "udp", + "network_protocol": "ipv4" + }, + { + "proto": "udp6", + "recv_q": "0", + "send_q": "0", + "local_address": "::1", + "foreign_address": "::", + "state": null, + "program_name": "chronyd", + "kind": "network", + "pid": "788", + "local_port": "323", + "foreign_port": "*", + "transport_protocol": "udp", + "network_protocol": "ipv6" + }, + { + "proto": "raw6", + "recv_q": "0", + "send_q": "0", + "local_address": "::", + "foreign_address": "::", + "state": "7", + "program_name": "NetworkManager", + "kind": "network", + "pid": "876", + "local_port": "58", + "foreign_port": "*", + "transport_protocol": null, + "network_protocol": "ipv6" + }, + { + "proto": "unix", + "refcnt": "3", + "flags": null, + "type": "DGRAM", + "state": null, + "inode": "8971", + "program_name": "systemd", + "path": "/run/systemd/notify", + "kind": "socket", + "pid": "1" + }, + { + "proto": "unix", + "refcnt": "2", + "flags": null, + "type": "DGRAM", + "state": null, + "inode": "8973", + "program_name": "systemd", + "path": "/run/systemd/cgroups-agent", + "kind": "socket", + "pid": "1" + }, + ... +] """ import string import jc.utils @@ -29,7 +381,7 @@ def process(proc_data): "program_name": string, "pid": integer, "user": string, - "security_context": string, ", + "security_context": string, "refcnt": integer, "flags": string, "type": stromg,