Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/vesche/histstat
history for netstat
https://github.com/vesche/histstat
command-line-tool netstat network-analysis network-monitoring
Last synced: about 2 months ago
JSON representation
history for netstat
- Host: GitHub
- URL: https://github.com/vesche/histstat
- Owner: vesche
- License: mit
- Created: 2016-07-27T14:21:49.000Z (about 8 years ago)
- Default Branch: master
- Last Pushed: 2022-01-26T17:06:03.000Z (over 2 years ago)
- Last Synced: 2024-04-13T05:05:53.338Z (5 months ago)
- Topics: command-line-tool, netstat, network-analysis, network-monitoring
- Language: Python
- Homepage:
- Size: 35.2 KB
- Stars: 95
- Watchers: 4
- Forks: 21
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - vesche/histstat - history for netstat (Python)
README
# histstat
This is a cross-platform command-line tool for obtaining live, rudimentary network connection data on a computer system. This tool was designed for network and security analysts to easily view connections on a system **as they occur**. It will display useful information about network connections that utilities like netstat typically won't give you such as what time the connection was made, the exact command that created the connection, and the user that connection was made by.
**Note for Windows users:** Detailed process information will not display unless you're running as `NT AUTHORITY\SYSTEM`. An easy way to drop into a system-level command prompt is to use PsExec from [SysInternals](https://technet.microsoft.com/en-us/sysinternals/bb842062.aspx). Run `psexec -i -s cmd.exe` as Administrator and then run histstat.
### Install
*nix/macOS:
```
sudo pip install histstat
```
Windows (open cmd.exe as Administrator):
```
python -m pip install histstat
```
### Example Usage
```
$ histstat --help
usage: histstat [-h] [-i INTERVAL] [-j] [-l LOG] [-p] [-q] [-v] [--hash]
history for netstat
optional arguments:
-h, --help show this help message and exit
-i INTERVAL, --interval INTERVAL
specify update interval in seconds
-j, --json json output
-l LOG, --log LOG log output to a file
-p, --prettify prettify output
-q, --quiet quiet mode, do not output to stdout (for use when logging)
-v, --version display the current version
--hash takes md5 and sha256 hashes of process files (warning: slow!)
$ sudo histstat -p -l log.txt
date time proto laddr lport raddr rport status user pid pname command
19-06-18 21:18:44 tcp 0.0.0.0 22 * * LISTEN root 650 sshd /usr/bin/sshd -D
19-06-18 21:18:44 udp 0.0.0.0 68 * * - root 647 dhcpcd /usr/bin/dhcpcd -q -b
19-06-18 21:18:51 tcp 0.0.0.0 8000 * * LISTEN vesche 5435 python python -m http.server
19-06-18 21:19:11 tcp 0.0.0.0 1337 * * LISTEN vesche 5602 ncat ncat -l -p 1337
19-06-18 21:19:26 tcp 127.0.0.1 39246 * * LISTEN vesche 5772 electron /usr/lib/electron/electron --nolazy --inspect=39246 /usr/lib/code/out/bootstrap-fork --type=extensionHost
19-06-18 21:19:28 tcp 10.13.37.114 43924 13.107.6.175 443 ESTABLISHED vesche 5689 code-oss /usr/lib/electron/electron /usr/lib/code/code.js
...
```
### Thanks
Huge thanks to Giampaolo Rodola' (giampaolo) and all the contributers of [psutil](https://github.com/giampaolo/psutil) for the amazing open source library that this project relies upon completely.
Also, thanks to gleitz and his project [howdoi](https://github.com/gleitz/howdoi), in my refactor of histstat I modeled my code around his command line tool as the code is exceptionally clean and readable.
A big thanks to JavaScriptDude who has a [fantastic fork of histstat](https://github.com/JavaScriptDude/histstat) with many additional features, some of which have now been implemented in this project such as: optional IP geolocation and quiet mode for logging.