From e712cd3fc4cec1b3137c73e199b2d89fd42fb3bb Mon Sep 17 00:00:00 2001 From: Kelly Brazil Date: Fri, 1 Nov 2019 22:29:08 -0700 Subject: [PATCH] netstat2 skeleton --- jc/parsers/netstat2.py | 138 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 138 insertions(+) create mode 100644 jc/parsers/netstat2.py diff --git a/jc/parsers/netstat2.py b/jc/parsers/netstat2.py new file mode 100644 index 00000000..3615a1fe --- /dev/null +++ b/jc/parsers/netstat2.py @@ -0,0 +1,138 @@ +"""jc - JSON CLI output utility netstat Parser + +Usage: + Specify --netstat as the first argument if the piped input is coming from netstat +""" + + +def normalize_headers(header): + header = header.lower() + header = header.replace('local address', 'local_address') + header = header.replace('foreign address', 'foreign_address') + header = header.replace('pid/program name', 'program_name') + header = header.replace('security context', 'security_context') + return header.split() + + +def parse_network(headers, entry): + # Count words in header + # if len of line is one less than len of header, then insert None in field 5 + output_line = {} + return output_line + + +def parse_socket(headers, entry): + # get the column # of first letter of "state" + # for each line check column # to see if state column is populated + # remove [ and ] from each line + output_line = {} + return output_line + + +def post_process(network_list, socket_list): + output = {} + + if network_list: + output['network'] = network_list + + if socket_list: + output['socket'] = socket_list + + # post process to split pid and program name and ip addresses and ports + + return output + + +def parse(data): + cleandata = data.splitlines() + + network = False + socket = False + headers = '' + + for line in cleandata: + + if line.find('Active Internet') == 0: + network_list = [] + network = True + socket = False + continue + + if line.find('Active UNIX') == 0: + socket_list = [] + network = False + socket = True + continue + + if line.find('Proto') == 0: + headers = normalize_headers(line) + continue + + if network: + network_list.append(parse_network(headers, line)) + continue + + if socket: + socket_list.append(parse_socket(headers, line)) + continue + + return post_process(network_list, socket_list) + + + + + + + + + + + + + + + + if entry.find('tcp') == 0: + output_line['transport_protocol'] = 'tcp' + + if entry.find('p6') == 2: + output_line['network_protocol'] = 'ipv6' + + else: + output_line['network_protocol'] = 'ipv4' + + elif entry.find('udp') == 0: + output_line['transport_protocol'] = 'udp' + + if entry.find('p6') == 2: + output_line['network_protocol'] = 'ipv6' + + else: + output_line['network_protocol'] = 'ipv4' + else: + return + + parsed_line = entry.split() + + output_line['local_address'] = parsed_line[3].rsplit(':', 1)[0] + output_line['local_port'] = parsed_line[3].rsplit(':', 1)[-1] + output_line['foreign_address'] = parsed_line[4].rsplit(':', 1)[0] + output_line['foreign_port'] = parsed_line[4].rsplit(':', 1)[-1] + + if len(parsed_line) > 5: + + if parsed_line[5][0] not in string.digits and parsed_line[5][0] != '-': + output_line['state'] = parsed_line[5] + + if len(parsed_line) > 6 and parsed_line[6][0] in string.digits: + output_line['pid'] = parsed_line[6].split('/')[0] + output_line['program_name'] = parsed_line[6].split('/')[1] + else: + if parsed_line[5][0] in string.digits: + output_line['pid'] = parsed_line[5].split('/')[0] + output_line['program_name'] = parsed_line[5].split('/')[1] + + output_line['receive_q'] = parsed_line[1] + output_line['send_q'] = parsed_line[2] + + return output_line \ No newline at end of file