spudw2k Posted December 1, 2017 Share Posted December 1, 2017 (edited) An oldie but goodie, I was cleaning house and found this old snippet I made back in Apr 2013. It still has some utility, so I figured I'd share it. It runs netstat and populates the output into an array. Very Pretty simple. expandcollapse popup#include <Constants.au3> #include <Process.au3> #include <Array.au3> Local $aNetStatData = _NetStat_GetData() Local $sHeaders = _ArrayToString($aNetStatData,"|",0,0) _ArrayDelete($aNetStatData, 0) _ArrayDisplay($aNetStatData,"NetStat", "", 32, Default, $sHeaders) Func _NetStat_GetData($bAddProcessName = True) Local $aNetStatData = _NetStat_ProcessOutput(_NetStat_GetOutput()) If $bAddProcessName Then _NetStat_AddProcessName($aNetStatData) Return $aNetStatData EndFunc Func _NetStat_GetOutput() ;Run netstat CMD and get StdOut Local $sNetStatOutput = _RunCMD("netstat.exe -a -o -f") Return $sNetStatOutput EndFunc Func _NetStat_ProcessOutput($sNetStatOutput) ;Convert netstat StdOut to Array Local $arr = StringSplit(StringStripWS($sNetStatOutput,4),@CR) Local $aRecord Dim $aNetStatData[1][5]=[["Protocol","Local Address","Foreign Address","State","PID"]] ReDim $aNetStatData[$arr[0]-3][5] For $iX = 1 To UBound($aNetStatData)-1 $aRecord = StringSplit($arr[$iX+3]," ") If $aRecord[1]="TCP" Then For $iY = 0 to $aRecord[0]-1 $aNetStatData[$iX][$iY] = $aRecord[$iY+1] Next ElseIf $aRecord[1]="UDP" Then For $iY = 0 to $aRecord[0]-2 $aNetStatData[$iX][$iY] = $aRecord[$iY+1] Next $aNetStatData[$iX][4] = $aRecord[4] EndIf Next Return $aNetStatData EndFunc Func _NetStat_AddProcessName(ByRef $aNetStatData) ;Add processname to NetStat Array ;Create NetStat PID / Process Name Array Local $aPIDs = _ArrayUnique($aNetStatData,4,0,0,0) _ArrayColInsert($aPIDs,1) $aPIDs[0][1] = "Process Name" For $iX = 1 To UBound($aPIDs)-1 $aPIDs[$iX][1] = _ProcessGetName($aPIDs[$iX][0]) Next ;Add Process Names to NetStat Array _ArrayColInsert($aNetStatData,5) $aNetStatData[0][5] = "Process Name" For $iX = 1 to UBound($aNetStatData)-1 Local $sProcessName = $aPIDs[_ArraySearch($aPIDs, $aNetStatData[$iX][4])][1] If $sProcessName Then $aNetStatData[$iX][5] = $sProcessName Next EndFunc Func _RunCMD($sCMD) ;Run CMD and Return StdOut Local $iPID = Run(@ComSpec & " /c " & $sCMD, @SystemDir, @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD) Local $sStdOut While 1 $sStdOut &= StdoutRead($iPID) If @error Then ExitLoop WEnd Return $sStdOut EndFunc Edited October 8, 2019 by spudw2k coffeeturtle, Draygoes and Earthshine 3 Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX BuilderMisc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retreive SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose ArrayProjects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalcCool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF Link to comment Share on other sites More sharing options...
Earthshine Posted December 1, 2017 Share Posted December 1, 2017 👍 My resources are limited. You must ask the right questions Link to comment Share on other sites More sharing options...
Earthshine Posted December 1, 2017 Share Posted December 1, 2017 (edited) dude, this rules! thanks! you can almost tell if you've been hacked by running that report! nice. I use TcpView to see if I am hacked usually, scanning with tools always as well. I am going to see if we can't add those extra columns if you won't... LOL Edited December 1, 2017 by Earthshine My resources are limited. You must ask the right questions Link to comment Share on other sites More sharing options...
argumentum Posted December 3, 2017 Share Posted December 3, 2017 On 12/1/2017 at 8:27 AM, Earthshine said: I use TcpView to see if I am hacked ..you reminded me of a silly story: http://sirkan.iit.bme.hu/~kapolnai/fun/bitchecker.html Earthshine and Draygoes 2 Follow the link to my code contribution ( and other things too ). FAQ - Please Read Before Posting. Link to comment Share on other sites More sharing options...
Earthshine Posted December 3, 2017 Share Posted December 3, 2017 😂 My resources are limited. You must ask the right questions Link to comment Share on other sites More sharing options...
spudw2k Posted January 5, 2018 Author Share Posted January 5, 2018 (edited) Did a little code cleanup / restruct and added functionality to add process name--as determined by PID--to the array by default. Edited January 5, 2018 by spudw2k Earthshine 1 Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX BuilderMisc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retreive SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose ArrayProjects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalcCool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF Link to comment Share on other sites More sharing options...
Earthshine Posted January 5, 2018 Share Posted January 5, 2018 (edited) Thanks! I wanted to do this but I’m in another project right now automation in C-sharp is awesome. Anyway now I don’t have to Edited January 5, 2018 by Earthshine My resources are limited. You must ask the right questions Link to comment Share on other sites More sharing options...
Draygoes Posted January 5, 2018 Share Posted January 5, 2018 Thanks for this man. I can get a lot of use out of it. Earthshine 1 Spoiler "If a vegetarian eats vegetables,What the heck does a humanitarian eat?" "I hear voices in my head, but I ignore them and continue on killing." "You have forced me to raise the indifference warning to beige, it's a beige alert people. As with all beige alerts please prepare to think about the possibility of caring." An optimist says that giving someone power DOESN'T immediately turn them into a sadist. A pessimist says that giving someone power doesn't IMMEDIATELY turn them into a sadist. Link to comment Share on other sites More sharing options...
Earthshine Posted January 5, 2018 Share Posted January 5, 2018 (edited) update. it works but really slow on win10 for some reason. on 2008R2 it seems just fine Edited January 8, 2018 by Earthshine My resources are limited. You must ask the right questions Link to comment Share on other sites More sharing options...
Earthshine Posted January 8, 2018 Share Posted January 8, 2018 (edited) snip Edited January 8, 2018 by Earthshine My resources are limited. You must ask the right questions Link to comment Share on other sites More sharing options...
Earthshine Posted January 8, 2018 Share Posted January 8, 2018 (edited) Solved the problem! I was mucking around on my host box and had installed/enabled the Hyper-V stuff, and it added a default switch that was really slowing me down, even an netstat -ao would bog... now it's all snappy with no changes to code THANKS AGAIN dude! this is coolness Edited January 8, 2018 by Earthshine My resources are limited. You must ask the right questions Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now