NAME

Parse::Netstat::win32 - Parse the output of Windows "netstat" command

VERSION

This document describes version 0.13 of Parse::Netstat::win32 (from Perl distribution Parse-Netstat), released on 2017-02-09.

SYNOPSIS

use Parse::Netstat qw(parse_netstat);
my $res = parse_netstat(output=>join("", `netstat -anp`), flavor=>"win32");

Sample `netstat -anp` output:

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       988
  c:\windows\system32\WS2_32.dll
  C:\WINDOWS\system32\RPCRT4.dll
  c:\windows\system32\rpcss.dll
  C:\WINDOWS\system32\svchost.exe
  -- unknown component(s) --
  [svchost.exe]

  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  [System]

  TCP    127.0.0.1:1027         0.0.0.0:0              LISTENING       1244
  [alg.exe]

  TCP    192.168.0.104:139      0.0.0.0:0              LISTENING       4
  [System]

  UDP    0.0.0.0:1025           *:*                                    1120
  C:\WINDOWS\system32\mswsock.dll
  c:\windows\system32\WS2_32.dll
  c:\windows\system32\DNSAPI.dll
  c:\windows\system32\dnsrslvr.dll
  C:\WINDOWS\system32\RPCRT4.dll
  [svchost.exe]

  UDP    0.0.0.0:500            *:*                                    696
  [lsass.exe]

Sample result:

[
  200,
  "OK",
  {
    active_conns => [
      {
        execs => [
          "c:\\windows\\system32\\WS2_32.dll",
          "C:\\WINDOWS\\system32\\RPCRT4.dll",
          "c:\\windows\\system32\\rpcss.dll",
          "C:\\WINDOWS\\system32\\svchost.exe",
          "[svchost.exe]",
        ],
        foreign_host => "0.0.0.0",
        foreign_port => 0,
        local_host => "0.0.0.0",
        local_port => 135,
        pid => 988,
        proto => "tcp",
        state => "LISTENING",
      },
      {
        execs => ["[System]"],
        foreign_host => "0.0.0.0",
        foreign_port => 0,
        local_host => "0.0.0.0",
        local_port => 445,
        pid => 4,
        proto => "tcp",
        state => "LISTENING",
      },
      {
        execs => ["[alg.exe]"],
        foreign_host => "0.0.0.0",
        foreign_port => 0,
        local_host => "127.0.0.1",
        local_port => 1027,
        pid => 1244,
        proto => "tcp",
        state => "LISTENING",
      },
      {
        execs => ["[System]"],
        foreign_host => "0.0.0.0",
        foreign_port => 0,
        local_host => "192.168.0.104",
        local_port => 139,
        pid => 4,
        proto => "tcp",
        state => "LISTENING",
      },
      {
        execs => [
          "C:\\WINDOWS\\system32\\mswsock.dll",
          "c:\\windows\\system32\\WS2_32.dll",
          "c:\\windows\\system32\\DNSAPI.dll",
          "c:\\windows\\system32\\dnsrslvr.dll",
          "C:\\WINDOWS\\system32\\RPCRT4.dll",
          "[svchost.exe]",
        ],
        foreign_host => "*",
        foreign_port => "*",
        local_host => "0.0.0.0",
        local_port => 1025,
        pid => 1120,
        proto => "udp",
      },
      {
        execs => ["[lsass.exe]"],
        foreign_host => "*",
        foreign_port => "*",
        local_host => "0.0.0.0",
        local_port => 500,
        pid => 696,
        proto => "udp",
      },
    ],
  },
]

FUNCTIONS

parse_netstat

Usage:

parse_netstat(%args) -> [status, msg, result, meta]

Parse the output of Windows "netstat" command.

Netstat can be called with -n (show raw IP addresses and port numbers instead of hostnames or port names) or without. It can be called with -a (show all listening and non-listening socket) option or without. And can be called with -p (show PID/program names) or without.

This function is not exported by default, but exportable.

Arguments ('*' denotes required arguments):

  • output* => str

    Output of netstat command.

  • tcp => bool (default: 1)

    Whether to parse TCP (and TCP6) connections.

  • udp => bool (default: 1)

    Whether to parse UDP (and UDP6) connections.

Returns an enveloped result (an array).

First element (status) is an integer containing HTTP status code (200 means OK, 4xx caller error, 5xx function error). Second element (msg) is a string containing error message, or 'OK' if status is 200. Third element (result) is optional, the actual result. Fourth element (meta) is called result metadata and is optional, a hash that contains extra information.

Return value: (any)

HOMEPAGE

Please visit the project's homepage at https://metacpan.org/release/Parse-Netstat.

SOURCE

Source repository is at https://github.com/perlancar/perl-Parse-Netstat.

BUGS

Please report any bugs or feature requests on the bugtracker website https://rt.cpan.org/Public/Dist/Display.html?Name=Parse-Netstat

When submitting a bug or request, please include a test-file or a patch to an existing test-file that illustrates the bug or desired feature.

AUTHOR

perlancar <perlancar@cpan.org>

COPYRIGHT AND LICENSE

This software is copyright (c) 2017, 2015, 2014, 2012, 2011 by perlancar@cpan.org.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.