Skip to content

presider/histstat

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
old
old
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
histstat.py
histstat.py
 
 

Repository files navigation

histstat

This is a cross-platform command line tool for obtaining live, rudimentary network connection data on a computer system. This tool was designed for network and security analysts to easily view connections on a system as they occur. In a world filled with noisy computers, histstat can help someone quickly understand network connections that are happening on a system without having to dig into heaps of packet capture data. It will display useful information about network connections that utilities like netstat typically won't give you such as what time the connection was made, the exact command that created the connection, and the user that connection was made by. It can used to troubleshoot network issues, profile traffic on a system, and potentially find malicious activity.

Note: On Windows, detailed process information will not display unless you're running as NT AUTHORITY\SYSTEM. An easy way to drop into a system-level command prompt is to use PsExec from SysInternals. Run psexec -i -s cmd.exe as Administrator and then run histstat.

Requirements

  • Python 2.x or 3.x
  • psutil

Install

sudo pip install psutil
git clone https://github.com/vesche/histstat && cd histstat

Example Usage

$ python histstat.py --help
usage: histstat.py [-h] [-i INTERVAL] [-l LOG] [-p]

history for netstat

optional arguments:
  -h, --help            show this help message and exit
  -i INTERVAL, --interval INTERVAL
                        specify update interval in seconds
  -l LOG, --log LOG     log output to a text file
  -p, --prettify        prettify output

$ sudo python histstat.py -p -l log.txt
proto laddr           lport raddr           rport status      pid   pname        time     date     user         command
tcp   192.168.1.137   58822 172.217.1.206   443   ESTABLISHED 14896 firefox      10:41:45 16-07-28 vesche       firefox
tcp   192.168.1.137   60176 192.30.253.124  443   ESTABLISHED 14896 firefox      10:41:45 16-07-28 vesche       firefox
tcp   192.168.1.137   59798 45.58.74.36     443   TIME_WAIT   -     -            10:41:45 16-07-28 -            -
tcp   192.168.1.137   40994 108.160.173.132 443   TIME_WAIT   -     -            10:41:45 16-07-28 -            -
tcp   192.168.1.137   40986 108.160.173.132 443   TIME_WAIT   -     -            10:41:45 16-07-28 -            -
tcp   192.168.1.137   41752 173.194.206.155 443   ESTABLISHED 14896 firefox      10:41:45 16-07-28 vesche       firefox
tcp   192.168.1.137   48396 198.41.209.142  443   TIME_WAIT   -     -            10:41:45 16-07-28 -            -
tcp   192.168.1.137   40978 108.160.173.132 443   TIME_WAIT   -     -            10:41:45 16-07-28 -            -
tcp   192.168.1.137   60130 192.30.253.124  443   ESTABLISHED 14896 firefox      10:41:45 16-07-28 vesche       firefox
tcp   192.168.1.137   40194 45.58.70.36     443   TIME_WAIT   -     -            10:41:45 16-07-28 -            -
tcp   192.168.1.137   32894 198.41.209.151  443   TIME_WAIT   -     -            10:41:45 16-07-28 -            -
tcp   192.168.1.137   60154 192.30.253.124  443   ESTABLISHED 14896 firefox      10:41:45 16-07-28 vesche       firefox
tcp   192.168.1.137   57808 45.58.70.4      443   TIME_WAIT   -     -            10:41:45 16-07-28 -            -
tcp   0.0.0.0         22    *               *     LISTEN      198   sshd         10:41:45 16-07-28 root         /usr/bin/sshd -D
tcp   192.168.1.137   39732 199.16.156.6    443   ESTABLISHED 14896 firefox      10:41:45 16-07-28 vesche       firefox
tcp   192.168.1.137   57816 45.58.70.4      443   TIME_WAIT   -     -            10:41:45 16-07-28 -            -
tcp   192.168.1.137   35508 104.16.107.25   443   TIME_WAIT   -     -            10:41:45 16-07-28 -            -
tcp   192.168.1.137   49674 198.41.208.122  443   TIME_WAIT   -     -            10:41:45 16-07-28 -            -
tcp   192.168.1.137   34076 162.125.4.1     443   TIME_WAIT   -     -            10:41:45 16-07-28 -            -
udp   0.0.0.0         68    *               *     -           362   dhcpcd       10:41:45 16-07-28 root         dhcpcd -4 -q -t 30 -L wlp1s0
tcp   192.168.1.137   49752 104.16.2.9      443   TIME_WAIT   -     -            10:41:45 16-07-28 -            -
tcp   192.168.1.137   40182 45.58.70.36     443   TIME_WAIT   -     -            10:41:45 16-07-28 -            -
tcp   0.0.0.0         2002  *               *     LISTEN      31327 nc           10:42:03 16-07-28 vesche       nc -l -p 2002
tcp   192.168.1.137   39600 10.4.0.11       22    ESTABLISHED 31975 ssh          10:42:59 16-07-28 vesche       ssh root@10.4.0.11
tcp   192.168.1.137   39600 10.4.0.11       22    TIME_WAIT   -     -            10:43:05 16-07-28 -            -
tcp   0.0.0.0         8080  *               *     LISTEN      32490 python2      10:43:49 16-07-28 root         python2 -m SimpleHTTPServer 8080
tcp   192.168.1.137   8080  192.168.1.137   45162 TIME_WAIT   -     -            10:44:12 16-07-28 -            -

Thanks

Huge thanks to Giampaolo Rodola' (giampaolo) and all the contributers of psutil for the amazing open source library that this project relies upon completely.

Also, thanks to gleitz and his project howdoi, in my refactor of histstat I modeled my code around his command line tool as the code is exceptionally clean and readable.

About

history for netstat

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%