https://github.com/vvelox/net-connection-ncnetstat

https://github.com/vvelox/net-connection-ncnetstat

Last synced: about 1 month ago
JSON representation

• Host: GitHub
• URL: https://github.com/vvelox/net-connection-ncnetstat
• Owner: VVelox
• License: artistic-2.0
• Created: 2024-02-11T08:01:31.000Z (over 1 year ago)
• Default Branch: master
• Last Pushed: 2024-02-11T08:01:48.000Z (over 1 year ago)
• Last Synced: 2025-02-17T01:42:32.695Z (4 months ago)
• Language: Perl
• Size: 122 KB
• Stars: 0
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# About

Provides a enhances colorized netstat like tool that is capable of doing searches.

![ncnetsetstat](ncnetstat.png)

The search criteria can be any of the following.

* CIDR

* Command

* CPU usage percent

* port

* host

* memory usage percent

* PID

* PTR

* state

* UID

* username

* wait channel

# Command Line Options

```

-a         Show all connections.

--drp      Do not resolve port names.

-i         Invert the sort.

-l         Show the listening ports.

-n         Do not resolve the PTRs.

--nc       Do not use colors.

--pct      Show memory and CPU usage percent.

-S   The Net::Connection::Sort to use.

-t         Show only TCP connections.

-u         Show only UDP connections.

-W         Show the wchan.

-c   A comma seperated list of CIDRs to search for.

--ci        Invert the CIDR search.

-C    Show the command to the first space.

--Cl  Show the whole command.

--cmd  A comma seperated list of commands to search for.

--cmdi       Invert the command search.

--cpu  Show connections belonging to procs matching this CPU usage percent.

--cpui      Invert the CPU search.

--mem  Show connections belonging to procs matching this memory usage percent.

--memi      Invert the memory usage search.

-p   A comma seperated list of ports to search for.

--pi        Invert the port search.

-P  A comma seperated list of protocols to search for.

--Pi        Invert your protocol search.

--pid  A comma separated list of PIDs to search for.

--pidi       Invert the pid search.

--ptrr    A comma seperated list of regex to use for a PTR search.

--ptrri        Invert the RegexPTR search.

--lptrr   A comma seperated list of regex to use for a local PTR search.

--lptrri       Invert the local RegexPTR search.

--rptrr   A comma seperated list of regex to use for a remote PTR search.

--rptrri       Invert the remote RegexPTR search.

--ptr    A comma seperated list of PTRs to search for.

--ptri         Invert the PTR search.

--lptr   A comma seperated list of local PTRs to search for.

--lptri        Invert the local PTR search.

--rptr   A comma seperated list of remote PTRs to search for.

--rptri        Invert the remote PTR search.

-s   A comma seperated list of states to search for.

--si         Invert the state search.

-U    A comma seperated list of usernames to search for.

--Ui         Invert the username search.

--uid  A comma separated list of UIDs to search for.

--uidi       Invert the UID search.

-w      A comma separated list of regexp to use for matching wchan values.

--wi         Invert the wchan search.

The default available sort methods are as below.

host_f   foreign host

host_fl  foreign host, local host

host_l   local host

host_lf  local host, foreign host

pid      process ID

port_f   foreign port, numerically

port_fa  foreign port, alphabetically

port_l   local port, numerically

port_la  local port, alphabetically

proto    protocol

ptr_f    foreign PTR

ptr_l    local PTR

state    state

uid      user ID

user     username

For CPU, memory, PID, and UID searches, the equalities below can be

used, by directly prepending them to the number.

<

<=

>

>=

```

# Examples

    ncnetstat -s established,time_wait

Return a list of connection that are in the established or time_wait state.

    ncnetstat -c ::1/128,127.0.0.1/32

Return all connections to localhost.

    ncnetstat -c 192.168.15.2/32 -l

Display all connections listening explicitly on 192.168.15.2.

    ncnetstat -S host_f -i

Sort the connections by the foreign host and invert the results.

    ncnetstat -c 10.0.0.0/24 --ci

Show connections that are either not locally or remotely part of the

10.0.0.0/24 subnet.

    ncnetstat --ptr foo.bar

Find connections to/from IPs that have a PTR record of foo.bar.

    ncnetstat --ptr foo.bar --ptri

Find connections to/from IPs that do not have a PTR record of foo.bar.

    ncnetstat -n --uid '>1000' --Cl

Show every connection by a user with a UID greater than 1000, do not resolve

PTR info and print the whole command.

    ncnetstat -U www -p 80,443 --pi

Show every connecttion by the user www that is not a HTTP or HTTPS connection.

   ncnetstat --cpu '>5' --Cl --pct -W

Search for connections from procs using more than 5% of the CPU time. Show memory

and CPU usage as well whole command and wait channel.

# Installing

## FreeBSD

    pkg install perl5 p5-App-cpanminus lsof

    cpanm Net::Connection::ncnetstat

    

## Linux

### CentOS

    yum install cpanm lsof

    cpanm Net::Connection::ncnetstat

### Debian

This has been tested as working on Debian 9 minimal.

    apt install perl perl-base perl-modules make cpanminus lsof gcc 

    cpanm Net::Connection::ncnetstat

# TODO

* Add support for more collection methods than Net::Connection::lsof

* Support color selection and column ordering.