.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .if !\nF .nr F 0 .if \nF>0 \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} .\} .\" ======================================================================== .\" .IX Title "Parse::Netstat::win32 3pm" .TH Parse::Netstat::win32 3pm "2017-11-15" "perl v5.26.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" Parse::Netstat::win32 \- Parse the output of Windows "netstat" command .SH "VERSION" .IX Header "VERSION" This document describes version 0.14 of Parse::Netstat::win32 (from Perl distribution Parse-Netstat), released on 2017\-02\-10. .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 2 \& use Parse::Netstat qw(parse_netstat); \& my $res = parse_netstat(output=>join("", \`netstat \-anp\`), flavor=>"win32"); .Ve .PP Sample `netstat \-anp` output: .PP .Vb 1 \& Active Connections \& \& Proto Local Address Foreign Address State PID \& TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 988 \& c:\ewindows\esystem32\eWS2_32.dll \& C:\eWINDOWS\esystem32\eRPCRT4.dll \& c:\ewindows\esystem32\erpcss.dll \& C:\eWINDOWS\esystem32\esvchost.exe \& \-\- unknown component(s) \-\- \& [svchost.exe] \& \& TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 \& [System] \& \& TCP 127.0.0.1:1027 0.0.0.0:0 LISTENING 1244 \& [alg.exe] \& \& TCP 192.168.0.104:139 0.0.0.0:0 LISTENING 4 \& [System] \& \& UDP 0.0.0.0:1025 *:* 1120 \& C:\eWINDOWS\esystem32\emswsock.dll \& c:\ewindows\esystem32\eWS2_32.dll \& c:\ewindows\esystem32\eDNSAPI.dll \& c:\ewindows\esystem32\ednsrslvr.dll \& C:\eWINDOWS\esystem32\eRPCRT4.dll \& [svchost.exe] \& \& UDP 0.0.0.0:500 *:* 696 \& [lsass.exe] .Ve .PP Sample result: .PP .Vb 10 \& [ \& 200, \& "OK", \& { \& active_conns => [ \& { \& execs => [ \& "c:\e\ewindows\e\esystem32\e\eWS2_32.dll", \& "C:\e\eWINDOWS\e\esystem32\e\eRPCRT4.dll", \& "c:\e\ewindows\e\esystem32\e\erpcss.dll", \& "C:\e\eWINDOWS\e\esystem32\e\esvchost.exe", \& "[svchost.exe]", \& ], \& foreign_host => "0.0.0.0", \& foreign_port => 0, \& local_host => "0.0.0.0", \& local_port => 135, \& pid => 988, \& proto => "tcp", \& state => "LISTENING", \& }, \& { \& execs => ["[System]"], \& foreign_host => "0.0.0.0", \& foreign_port => 0, \& local_host => "0.0.0.0", \& local_port => 445, \& pid => 4, \& proto => "tcp", \& state => "LISTENING", \& }, \& { \& execs => ["[alg.exe]"], \& foreign_host => "0.0.0.0", \& foreign_port => 0, \& local_host => "127.0.0.1", \& local_port => 1027, \& pid => 1244, \& proto => "tcp", \& state => "LISTENING", \& }, \& { \& execs => ["[System]"], \& foreign_host => "0.0.0.0", \& foreign_port => 0, \& local_host => "192.168.0.104", \& local_port => 139, \& pid => 4, \& proto => "tcp", \& state => "LISTENING", \& }, \& { \& execs => [ \& "C:\e\eWINDOWS\e\esystem32\e\emswsock.dll", \& "c:\e\ewindows\e\esystem32\e\eWS2_32.dll", \& "c:\e\ewindows\e\esystem32\e\eDNSAPI.dll", \& "c:\e\ewindows\e\esystem32\e\ednsrslvr.dll", \& "C:\e\eWINDOWS\e\esystem32\e\eRPCRT4.dll", \& "[svchost.exe]", \& ], \& foreign_host => "*", \& foreign_port => "*", \& local_host => "0.0.0.0", \& local_port => 1025, \& pid => 1120, \& proto => "udp", \& }, \& { \& execs => ["[lsass.exe]"], \& foreign_host => "*", \& foreign_port => "*", \& local_host => "0.0.0.0", \& local_port => 500, \& pid => 696, \& proto => "udp", \& }, \& ], \& }, \& ] .Ve .SH "FUNCTIONS" .IX Header "FUNCTIONS" .SS "parse_netstat" .IX Subsection "parse_netstat" Usage: .PP .Vb 1 \& parse_netstat(%args) \-> [status, msg, result, meta] .Ve .PP Parse the output of Windows \*(L"netstat\*(R" command. .PP Netstat can be called with \f(CW\*(C`\-n\*(C'\fR (show raw \s-1IP\s0 addresses and port numbers instead of hostnames or port names) or without. It can be called with \f(CW\*(C`\-a\*(C'\fR (show all listening and non-listening socket) option or without. And can be called with \&\f(CW\*(C`\-p\*(C'\fR (show PID/program names) or without. .PP This function is not exported by default, but exportable. .PP Arguments ('*' denotes required arguments): .IP "\(bu" 4 \&\fBoutput\fR* => \fIstr\fR .Sp Output of netstat command. .IP "\(bu" 4 \&\fBtcp\fR => \fIbool\fR (default: 1) .Sp Whether to parse \s-1TCP\s0 (and \s-1TCP6\s0) connections. .IP "\(bu" 4 \&\fBudp\fR => \fIbool\fR (default: 1) .Sp Whether to parse \s-1UDP\s0 (and \s-1UDP6\s0) connections. .PP Returns an enveloped result (an array). .PP First element (status) is an integer containing \s-1HTTP\s0 status code (200 means \s-1OK,\s0 4xx caller error, 5xx function error). Second element (msg) is a string containing error message, or '\s-1OK\s0' if status is 200. Third element (result) is optional, the actual result. Fourth element (meta) is called result metadata and is optional, a hash that contains extra information. .PP Return value: (any) .SH "HOMEPAGE" .IX Header "HOMEPAGE" Please visit the project's homepage at . .SH "SOURCE" .IX Header "SOURCE" Source repository is at . .SH "BUGS" .IX Header "BUGS" Please report any bugs or feature requests on the bugtracker website .PP When submitting a bug or request, please include a test-file or a patch to an existing test-file that illustrates the bug or desired feature. .SH "AUTHOR" .IX Header "AUTHOR" perlancar .SH "COPYRIGHT AND LICENSE" .IX Header "COPYRIGHT AND LICENSE" This software is copyright (c) 2017, 2015, 2014, 2012, 2011 by perlancar@cpan.org. .PP This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.