如何在Python中访问netstat数据?

时间:2020-12-14 23:54:57

I'm trying to need to access/parse all outgoing connections on a particular port number on a Linux machine using a Python script. The simplest implementation seems to be to open a subprocess for netstat and parse its stdout.

我需要使用Python脚本访问/解析Linux机器上特定端口号上的所有传出连接。最简单的实现似乎是为netstat打开子进程并解析其stdout。

I imagine someone somewhere has had this problem before, and am surprised not to find any netstat parsers online. Is this just not big enough of a problem for people to feel the need to share?

我猜想在某些地方曾经有人遇到过这种问题,我很惊讶在网上找不到任何netstat解析器。难道这还不足以让人们感到有必要分享吗?

3 个解决方案

#1


4  

The basic information you could need can be found at /proc documentation If you want to see a a example take a look at: A python netstat in less than 100 lines of code

如果您希望看到一个示例,可以在/proc文档中找到您可能需要的基本信息:少于100行代码的python netstat

#2


19  

If you want to control the connection opened by a certain process you can use psutil:

如果你想控制某个进程打开的连接,你可以使用psutil:

>>> p = psutil.Process(1694)
>>> p.name()
'firefox'
>>> p.connections()
[connection(fd=115, family=2, type=1, local_address=('10.0.0.1', 48776), remote_address=('93.186.135.91', 80), status='ESTABLISHED'),
 connection(fd=117, family=2, type=1, local_address=('10.0.0.1', 43761), remote_address=('72.14.234.100', 80), status='CLOSING'),
 connection(fd=119, family=2, type=1, local_address=('10.0.0.1', 60759), remote_address=('72.14.234.104', 80), status='ESTABLISHED'),
 connection(fd=123, family=2, type=1, local_address=('10.0.0.1', 51314), remote_address=('72.14.234.83', 443), status='SYN_SENT')]

Internally psutil uses /proc. If you're interested in connections to/from a particular port number at system level you might take a look at how psutil implements it.

内部psutil使用/ proc。如果您对系统级的特定端口号的连接感兴趣,您可以看看psutil是如何实现它的。

Edit: starting from psutil 2.1.0 you can also gather system-wide connections using net_connections():

编辑:从psutil 2.1.0开始,您还可以使用net_connections()收集系统范围的连接:

>>> import psutil
>>> psutil.net_connections()
[pconn(fd=115, family=2, type=1, laddr=('10.0.0.1', 48776), raddr=('93.186.135.91', 80), status='ESTABLISHED', pid=1254),
 pconn(fd=117, family=2, type=1, laddr=('10.0.0.1', 43761), raddr=('72.14.234.100', 80), status='CLOSING', pid=2987),
 pconn(fd=-1, family=2, type=1, laddr=('10.0.0.1', 60759), raddr=('72.14.234.104', 80), status='ESTABLISHED', pid=None),
 pconn(fd=-1, family=2, type=1, laddr=('10.0.0.1', 51314), raddr=('72.14.234.83', 443), status='SYN_SENT', pid=None)
 ...]

#3


1  

Instead of parsing output from netstat, you could look through the /proc entry for each process to see the open sockets. There's a rather simple perl script that does this that you could translate to python.

您可以查看每个进程的/proc条目来查看打开的套接字,而不是解析netstat的输出。有一个相当简单的perl脚本可以实现这一点,您可以将它转换为python。

#1


4  

The basic information you could need can be found at /proc documentation If you want to see a a example take a look at: A python netstat in less than 100 lines of code

如果您希望看到一个示例,可以在/proc文档中找到您可能需要的基本信息:少于100行代码的python netstat

#2


19  

If you want to control the connection opened by a certain process you can use psutil:

如果你想控制某个进程打开的连接,你可以使用psutil:

>>> p = psutil.Process(1694)
>>> p.name()
'firefox'
>>> p.connections()
[connection(fd=115, family=2, type=1, local_address=('10.0.0.1', 48776), remote_address=('93.186.135.91', 80), status='ESTABLISHED'),
 connection(fd=117, family=2, type=1, local_address=('10.0.0.1', 43761), remote_address=('72.14.234.100', 80), status='CLOSING'),
 connection(fd=119, family=2, type=1, local_address=('10.0.0.1', 60759), remote_address=('72.14.234.104', 80), status='ESTABLISHED'),
 connection(fd=123, family=2, type=1, local_address=('10.0.0.1', 51314), remote_address=('72.14.234.83', 443), status='SYN_SENT')]

Internally psutil uses /proc. If you're interested in connections to/from a particular port number at system level you might take a look at how psutil implements it.

内部psutil使用/ proc。如果您对系统级的特定端口号的连接感兴趣,您可以看看psutil是如何实现它的。

Edit: starting from psutil 2.1.0 you can also gather system-wide connections using net_connections():

编辑:从psutil 2.1.0开始,您还可以使用net_connections()收集系统范围的连接:

>>> import psutil
>>> psutil.net_connections()
[pconn(fd=115, family=2, type=1, laddr=('10.0.0.1', 48776), raddr=('93.186.135.91', 80), status='ESTABLISHED', pid=1254),
 pconn(fd=117, family=2, type=1, laddr=('10.0.0.1', 43761), raddr=('72.14.234.100', 80), status='CLOSING', pid=2987),
 pconn(fd=-1, family=2, type=1, laddr=('10.0.0.1', 60759), raddr=('72.14.234.104', 80), status='ESTABLISHED', pid=None),
 pconn(fd=-1, family=2, type=1, laddr=('10.0.0.1', 51314), raddr=('72.14.234.83', 443), status='SYN_SENT', pid=None)
 ...]

#3


1  

Instead of parsing output from netstat, you could look through the /proc entry for each process to see the open sockets. There's a rather simple perl script that does this that you could translate to python.

您可以查看每个进程的/proc条目来查看打开的套接字,而不是解析netstat的输出。有一个相当简单的perl脚本可以实现这一点,您可以将它转换为python。