NAME

Parse::Netstat::win32 - Parse the output of Windows "netstat" command

VERSION

This document describes version 0.14 of Parse::Netstat::win32 (from Perl distribution Parse-Netstat), released on 2017-02-10.

SYNOPSIS

 use Parse::Netstat qw(parse_netstat);
 my $res = parse_netstat(output=>join("", `netstat -anp`), flavor=>"win32");

Sample `netstat -anp` output:

 Active Connections
 
   Proto  Local Address          Foreign Address        State           PID
   TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       988
   c:\windows\system32\WS2_32.dll
   C:\WINDOWS\system32\RPCRT4.dll
   c:\windows\system32\rpcss.dll
   C:\WINDOWS\system32\svchost.exe
   -- unknown component(s) --
   [svchost.exe]
 
   TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
   [System]
 
   TCP    127.0.0.1:1027         0.0.0.0:0              LISTENING       1244
   [alg.exe]
 
   TCP    192.168.0.104:139      0.0.0.0:0              LISTENING       4
   [System]
 
   UDP    0.0.0.0:1025           *:*                                    1120
   C:\WINDOWS\system32\mswsock.dll
   c:\windows\system32\WS2_32.dll
   c:\windows\system32\DNSAPI.dll
   c:\windows\system32\dnsrslvr.dll
   C:\WINDOWS\system32\RPCRT4.dll
   [svchost.exe]
 
   UDP    0.0.0.0:500            *:*                                    696
   [lsass.exe]

Sample result:

 [
   200,
   "OK",
   {
     active_conns => [
       {
         execs => [
           "c:\\windows\\system32\\WS2_32.dll",
           "C:\\WINDOWS\\system32\\RPCRT4.dll",
           "c:\\windows\\system32\\rpcss.dll",
           "C:\\WINDOWS\\system32\\svchost.exe",
           "[svchost.exe]",
         ],
         foreign_host => "0.0.0.0",
         foreign_port => 0,
         local_host => "0.0.0.0",
         local_port => 135,
         pid => 988,
         proto => "tcp",
         state => "LISTENING",
       },
       {
         execs => ["[System]"],
         foreign_host => "0.0.0.0",
         foreign_port => 0,
         local_host => "0.0.0.0",
         local_port => 445,
         pid => 4,
         proto => "tcp",
         state => "LISTENING",
       },
       {
         execs => ["[alg.exe]"],
         foreign_host => "0.0.0.0",
         foreign_port => 0,
         local_host => "127.0.0.1",
         local_port => 1027,
         pid => 1244,
         proto => "tcp",
         state => "LISTENING",
       },
       {
         execs => ["[System]"],
         foreign_host => "0.0.0.0",
         foreign_port => 0,
         local_host => "192.168.0.104",
         local_port => 139,
         pid => 4,
         proto => "tcp",
         state => "LISTENING",
       },
       {
         execs => [
           "C:\\WINDOWS\\system32\\mswsock.dll",
           "c:\\windows\\system32\\WS2_32.dll",
           "c:\\windows\\system32\\DNSAPI.dll",
           "c:\\windows\\system32\\dnsrslvr.dll",
           "C:\\WINDOWS\\system32\\RPCRT4.dll",
           "[svchost.exe]",
         ],
         foreign_host => "*",
         foreign_port => "*",
         local_host => "0.0.0.0",
         local_port => 1025,
         pid => 1120,
         proto => "udp",
       },
       {
         execs => ["[lsass.exe]"],
         foreign_host => "*",
         foreign_port => "*",
         local_host => "0.0.0.0",
         local_port => 500,
         pid => 696,
         proto => "udp",
       },
     ],
   },
 ]

FUNCTIONS

parse_netstat

Usage:

 parse_netstat(%args) -> [status, msg, result, meta]

Parse the output of Windows "netstat" command.

Netstat can be called with "-n" (show raw IP addresses and port numbers instead of hostnames or port names) or without. It can be called with "-a" (show all listening and non-listening socket) option or without. And can be called with "-p" (show PID/program names) or without.

This function is not exported by default, but exportable.

Arguments ('*' denotes required arguments):

output* => str
Output of netstat command.
tcp => bool (default: 1)
Whether to parse TCP (and TCP6) connections.
udp => bool (default: 1)
Whether to parse UDP (and UDP6) connections.

Returns an enveloped result (an array).

First element (status) is an integer containing HTTP status code (200 means OK, 4xx caller error, 5xx function error). Second element (msg) is a string containing error message, or 'OK' if status is 200. Third element (result) is optional, the actual result. Fourth element (meta) is called result metadata and is optional, a hash that contains extra information.

Return value: (any)

HOMEPAGE

Please visit the project's homepage at <https://metacpan.org/release/Parse-Netstat>.

SOURCE

Source repository is at <https://github.com/perlancar/perl-Parse-Netstat>.

BUGS

Please report any bugs or feature requests on the bugtracker website <https://rt.cpan.org/Public/Dist/Display.html?Name=Parse-Netstat>

When submitting a bug or request, please include a test-file or a patch to an existing test-file that illustrates the bug or desired feature.

AUTHOR

perlancar <perlancar@cpan.org>

COPYRIGHT AND LICENSE

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.