walle Posted February 19, 2009 Posted February 19, 2009 (edited) I'm looking for a way to list or log all IP network connections (indexed by IP address or hostname) and the associated local process (and possibly other information). How should I proceed? Edit: netstat -ano ... Edited February 19, 2009 by walle
SpookMeister Posted February 19, 2009 Posted February 19, 2009 (edited) Are you saying you want to grab the results of "netstat -ano" and use it in a script? #include <Constants.au3> $cmd = "netstat -ano" $string = _CMDreturn($cmd) MsgBox(0, $cmd, $string) Func _CMDreturn($sCommand) ; Returns a the output of a DOS command as a string $cmdreturn = "" $stream = Run(@ComSpec & " /c " & $sCommand, @SystemDir, @SW_HIDE, $STDOUT_CHILD + $STDIN_CHILD) While 1 ; loop through the return from the command until there is no more $line = StdoutRead($stream) If @error Then ExitLoop $cmdreturn &= $line WEnd Return $cmdreturn EndFunc ;==>_CMDreturn Edited February 19, 2009 by SpookMeister [u]Helpful tips:[/u]If you want better answers to your questions, take the time to reproduce your issue in a small "stand alone" example script whenever possible. Also, make sure you tell us 1) what you tried, 2) what you expected to happen, and 3) what happened instead.[u]Useful links:[/u]BrettF's update to LxP's "How to AutoIt" pdfValuater's Autoit 1-2-3 Download page for the latest versions of Autoit and SciTE[quote]<glyph> For example - if you came in here asking "how do I use a jackhammer" we might ask "why do you need to use a jackhammer"<glyph> If the answer to the latter question is "to knock my grandmother's head off to let out the evil spirits that gave her cancer", then maybe the problem is actually unrelated to jackhammers[/quote]
walle Posted February 20, 2009 Author Posted February 20, 2009 (edited) Are you saying you want to grab the results of "netstat -ano" and use it in a script? Well, sort off. I was looking for the command "netstat -ano" Found it just after having created this thread. Thanks anway! So, I got the pid but I still have some difficulties to collect the assoicated ip. I want to, based on the pid, collect the associated ip. Sounds easy? Well, I have never been good at collecting info from dos. This is what i got so far. Lets say I want the ip for pid 2260. How should I proceed? #include <Constants.au3> $list = ProcessList("Software.exe") for $i = 1 to $list[0][0] $pid = $list[$i][1] next Local $foo = Run("netstat -ano", @SystemDir, @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD) Local $sStdOutRead = "" While 1 $sStdOutRead &= StdoutRead($foo) if not $sStdOutRead = "" then ExitLoop Wend Active Connections Proto Local Address Foreign Address State PID TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1216 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING 1488 TCP 127.0.0.1:1029 0.0.0.0:0 LISTENING 2260 TCP 127.0.0.1:5152 0.0.0.0:0 LISTENING 1596 TCP 127.0.0.1:5152 127.0.0.1:2271 CLOSE_WAIT 1596 TCP 192.168.1.5:139 0.0.0.0:0 LISTENING 4 Edited February 20, 2009 by walle
SpookMeister Posted February 23, 2009 Posted February 23, 2009 (edited) Sorry about taking so long to get back to you... took a long weekend off This should give you an idea of how to handle it. expandcollapse popup#include <Constants.au3> $list = ProcessList("OUTLOOK.EXE") For $i = 1 To $list[0][0] $pid = $list[$i][1] Next $cmd = "netstat -ano" $string = _CMDreturn($cmd) ;split the string into an array of individual lines for processing $result = StringSplit($string, @CR) ;process the array For $x = 1 To $result[0] $line = $result[$x] ;get rid of extra white space $newline = StringStripWS($line, 4) ;strip leading @LF characters from the results If StringMid($newline, 1, 1) = @LF Then $newline = StringTrimLeft($newline, 1) ;split the line into another array so we can compare just the PIDs $a_line = StringSplit($newline, " ") If $a_line[0] = 5 Then ;only look at lines that had 5 pieces of info If $a_line[5] = $pid Then MsgBox(0, "Results", "PID=" & $a_line[5] & @CRLF & "IP=" & $a_line[3]) EndIf Next Func _CMDreturn($sCommand) ; Returns the output of a DOS command as a string $cmdreturn = "" $stream = Run(@ComSpec & " /c " & $sCommand, @SystemDir, @SW_HIDE, $STDOUT_CHILD + $STDIN_CHILD) While 1 ; loop through the return from the command until there is no more $line = StdoutRead($stream) If @error Then ExitLoop $cmdreturn &= $line WEnd Return $cmdreturn EndFunc ;==>_CMDreturn Edited February 23, 2009 by SpookMeister [u]Helpful tips:[/u]If you want better answers to your questions, take the time to reproduce your issue in a small "stand alone" example script whenever possible. Also, make sure you tell us 1) what you tried, 2) what you expected to happen, and 3) what happened instead.[u]Useful links:[/u]BrettF's update to LxP's "How to AutoIt" pdfValuater's Autoit 1-2-3 Download page for the latest versions of Autoit and SciTE[quote]<glyph> For example - if you came in here asking "how do I use a jackhammer" we might ask "why do you need to use a jackhammer"<glyph> If the answer to the latter question is "to knock my grandmother's head off to let out the evil spirits that gave her cancer", then maybe the problem is actually unrelated to jackhammers[/quote]
walle Posted February 23, 2009 Author Posted February 23, 2009 Thank you SpookMeister Really grateful.
toxicvn Posted February 23, 2009 Posted February 23, 2009 If $a_line[5] = $pid Then MsgBox(0, "Results", "PID=" & $a_line[5] & @CRLF & "IP=" & $a_line[3]) If $a_line[5] = ^ ERROR
SpookMeister Posted February 23, 2009 Posted February 23, 2009 (edited) If $a_line[5] = $pid Then MsgBox(0, "Results", "PID=" & $a_line[5] & @CRLF & "IP=" & $a_line[3]) If $a_line[5] = ^ ERROR That is probably because you did not have "OUTLOOK.EXE" running and there was no error detection built into the script... Here is a version that has more error handling built in: expandcollapse popup#include <Constants.au3> $proc = "OUTLOOK.EXE" ; change this to the process you want to monitor $list = ProcessList($proc) If $list[0][0] = 0 Then MsgBox(0, "Error", " The " & $proc & " process is not running") Exit EndIf For $i = 1 To $list[0][0] $pid = $list[$i][1] Next $cmd = "netstat -ano" $string = _CMDreturn($cmd) ;split the string into an array of individual lines for processing $result = StringSplit($string, @CR) ;process the array For $x = 1 To $result[0] $line = $result[$x] ;get rid of extra white space $newline = StringStripWS($line, 4) ;strip leading @LF characters from the results If StringMid($newline, 1, 1) = @LF Then $newline = StringTrimLeft($newline, 1) ;split the line into another array so we can compare just the PIDs $a_line = StringSplit($newline, " ") If $a_line[0] = 5 Then ;only look at lines that had 5 pieces of info If $a_line[5] = $pid Then MsgBox(0, "Results", "PID=" & $a_line[5] & @CRLF & "IP=" & $a_line[3]) EndIf Next Func _CMDreturn($sCommand) ; Returns the output of a DOS command as a string $cmdreturn = "" $stream = Run(@ComSpec & " /c " & $sCommand, @SystemDir, @SW_HIDE, $STDOUT_CHILD + $STDIN_CHILD) While 1 ; loop through the return from the command until there is no more $line = StdoutRead($stream) If @error Then ExitLoop $cmdreturn &= $line WEnd Return $cmdreturn EndFunc ;==>_CMDreturn Edited February 23, 2009 by SpookMeister [u]Helpful tips:[/u]If you want better answers to your questions, take the time to reproduce your issue in a small "stand alone" example script whenever possible. Also, make sure you tell us 1) what you tried, 2) what you expected to happen, and 3) what happened instead.[u]Useful links:[/u]BrettF's update to LxP's "How to AutoIt" pdfValuater's Autoit 1-2-3 Download page for the latest versions of Autoit and SciTE[quote]<glyph> For example - if you came in here asking "how do I use a jackhammer" we might ask "why do you need to use a jackhammer"<glyph> If the answer to the latter question is "to knock my grandmother's head off to let out the evil spirits that gave her cancer", then maybe the problem is actually unrelated to jackhammers[/quote]
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now