/ 
Parse-Netstat-0.150
River stage one • 3 direct dependents • 9 total dependents
/ Parse::Netstat::win32

NAME

Parse::Netstat::win32 - Parse the output of Windows "netstat" command

VERSION

This document describes version 0.150 of Parse::Netstat::win32 (from Perl distribution Parse-Netstat), released on 2022-12-04.

SYNOPSIS

use Parse::Netstat qw(parse_netstat);
my $res = parse_netstat(output=>join("", `netstat -anp`), flavor=>"win32");

Sample `netstat -anp` output:

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       988
  c:\windows\system32\WS2_32.dll
  C:\WINDOWS\system32\RPCRT4.dll
  c:\windows\system32\rpcss.dll
  C:\WINDOWS\system32\svchost.exe
  -- unknown component(s) --
  [svchost.exe]

  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  [System]

  TCP    127.0.0.1:1027         0.0.0.0:0              LISTENING       1244
  [alg.exe]

  TCP    192.168.0.104:139      0.0.0.0:0              LISTENING       4
  [System]

  UDP    0.0.0.0:1025           *:*                                    1120
  C:\WINDOWS\system32\mswsock.dll
  c:\windows\system32\WS2_32.dll
  c:\windows\system32\DNSAPI.dll
  c:\windows\system32\dnsrslvr.dll
  C:\WINDOWS\system32\RPCRT4.dll
  [svchost.exe]

  UDP    0.0.0.0:500            *:*                                    696
  [lsass.exe]

Sample result:

[
  200,
  "OK",
  {
    active_conns => [
      {
        execs => [
          "c:\\windows\\system32\\WS2_32.dll",
          "C:\\WINDOWS\\system32\\RPCRT4.dll",
          "c:\\windows\\system32\\rpcss.dll",
          "C:\\WINDOWS\\system32\\svchost.exe",
          "[svchost.exe]",
        ],
        foreign_host => "0.0.0.0",
        foreign_port => 0,
        local_host => "0.0.0.0",
        local_port => 135,
        pid => 988,
        proto => "tcp",
        state => "LISTENING",
      },
      {
        execs => ["[System]"],
        foreign_host => "0.0.0.0",
        foreign_port => 0,
        local_host => "0.0.0.0",
        local_port => 445,
        pid => 4,
        proto => "tcp",
        state => "LISTENING",
      },
      {
        execs => ["[alg.exe]"],
        foreign_host => "0.0.0.0",
        foreign_port => 0,
        local_host => "127.0.0.1",
        local_port => 1027,
        pid => 1244,
        proto => "tcp",
        state => "LISTENING",
      },
      {
        execs => ["[System]"],
        foreign_host => "0.0.0.0",
        foreign_port => 0,
        local_host => "192.168.0.104",
        local_port => 139,
        pid => 4,
        proto => "tcp",
        state => "LISTENING",
      },
      {
        execs => [
          "C:\\WINDOWS\\system32\\mswsock.dll",
          "c:\\windows\\system32\\WS2_32.dll",
          "c:\\windows\\system32\\DNSAPI.dll",
          "c:\\windows\\system32\\dnsrslvr.dll",
          "C:\\WINDOWS\\system32\\RPCRT4.dll",
          "[svchost.exe]",
        ],
        foreign_host => "*",
        foreign_port => "*",
        local_host => "0.0.0.0",
        local_port => 1025,
        pid => 1120,
        proto => "udp",
      },
      {
        execs => ["[lsass.exe]"],
        foreign_host => "*",
        foreign_port => "*",
        local_host => "0.0.0.0",
        local_port => 500,
        pid => 696,
        proto => "udp",
      },
    ],
  },
]

FUNCTIONS

parse_netstat

Usage:

parse_netstat(%args) -> [$status_code, $reason, $payload, \%result_meta]

Parse the output of Windows "netstat" command.

Netstat can be called with -n (show raw IP addresses and port numbers instead of hostnames or port names) or without. It can be called with -a (show all listening and non-listening socket) option or without. And can be called with -p (show PID/program names) or without.

This function is not exported by default, but exportable.

Arguments ('*' denotes required arguments):

  • output* => str

    Output of netstat command.

  • tcp => bool (default: 1)

    Whether to parse TCP (and TCP6) connections.

  • udp => bool (default: 1)

    Whether to parse UDP (and UDP6) connections.

Returns an enveloped result (an array).

First element ($status_code) is an integer containing HTTP-like status code (200 means OK, 4xx caller error, 5xx function error). Second element ($reason) is a string containing error message, or something like "OK" if status is 200. Third element ($payload) is the actual result, but usually not present when enveloped result is an error response ($status_code is not 2xx). Fourth element (%result_meta) is called result metadata and is optional, a hash that contains extra information, much like how HTTP response headers provide additional metadata.

Return value: (any)

HOMEPAGE

Please visit the project's homepage at https://metacpan.org/release/Parse-Netstat.

SOURCE

Source repository is at https://github.com/perlancar/perl-Parse-Netstat.

AUTHOR

perlancar <perlancar@cpan.org>

CONTRIBUTING

To contribute, you can send patches by email/via RT, or send pull requests on GitHub.

Most of the time, you don't need to build the distribution yourself. You can simply modify the code, then test via:

% prove -l

If you want to build the distribution (e.g. to try to install it locally on your system), you can install Dist::Zilla, Dist::Zilla::PluginBundle::Author::PERLANCAR, Pod::Weaver::PluginBundle::Author::PERLANCAR, and sometimes one or two other Dist::Zilla- and/or Pod::Weaver plugins. Any additional steps required beyond that are considered a bug and can be reported to me.

COPYRIGHT AND LICENSE

This software is copyright (c) 2022, 2017, 2015, 2014, 2012, 2011 by perlancar <perlancar@cpan.org>.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

BUGS

Please report any bugs or feature requests on the bugtracker website https://rt.cpan.org/Public/Dist/Display.html?Name=Parse-Netstat

When submitting a bug or request, please include a test-file or a patch to an existing test-file that illustrates the bug or desired feature.