DOKK / manpages / debian 11 / libparse-netstat-perl / Parse::Netstat::win32.3pm.en
Parse::Netstat::win32(3pm) User Contributed Perl Documentation Parse::Netstat::win32(3pm)

Parse::Netstat::win32 - Parse the output of Windows "netstat" command

This document describes version 0.14 of Parse::Netstat::win32 (from Perl distribution Parse-Netstat), released on 2017-02-10.

 use Parse::Netstat qw(parse_netstat);
 my $res = parse_netstat(output=>join("", `netstat -anp`), flavor=>"win32");

Sample `netstat -anp` output:

 Active Connections
 
   Proto  Local Address          Foreign Address        State           PID
   TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       988
   c:\windows\system32\WS2_32.dll
   C:\WINDOWS\system32\RPCRT4.dll
   c:\windows\system32\rpcss.dll
   C:\WINDOWS\system32\svchost.exe
   -- unknown component(s) --
   [svchost.exe]
 
   TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
   [System]
 
   TCP    127.0.0.1:1027         0.0.0.0:0              LISTENING       1244
   [alg.exe]
 
   TCP    192.168.0.104:139      0.0.0.0:0              LISTENING       4
   [System]
 
   UDP    0.0.0.0:1025           *:*                                    1120
   C:\WINDOWS\system32\mswsock.dll
   c:\windows\system32\WS2_32.dll
   c:\windows\system32\DNSAPI.dll
   c:\windows\system32\dnsrslvr.dll
   C:\WINDOWS\system32\RPCRT4.dll
   [svchost.exe]
 
   UDP    0.0.0.0:500            *:*                                    696
   [lsass.exe]

Sample result:

 [
   200,
   "OK",
   {
     active_conns => [
       {
         execs => [
           "c:\\windows\\system32\\WS2_32.dll",
           "C:\\WINDOWS\\system32\\RPCRT4.dll",
           "c:\\windows\\system32\\rpcss.dll",
           "C:\\WINDOWS\\system32\\svchost.exe",
           "[svchost.exe]",
         ],
         foreign_host => "0.0.0.0",
         foreign_port => 0,
         local_host => "0.0.0.0",
         local_port => 135,
         pid => 988,
         proto => "tcp",
         state => "LISTENING",
       },
       {
         execs => ["[System]"],
         foreign_host => "0.0.0.0",
         foreign_port => 0,
         local_host => "0.0.0.0",
         local_port => 445,
         pid => 4,
         proto => "tcp",
         state => "LISTENING",
       },
       {
         execs => ["[alg.exe]"],
         foreign_host => "0.0.0.0",
         foreign_port => 0,
         local_host => "127.0.0.1",
         local_port => 1027,
         pid => 1244,
         proto => "tcp",
         state => "LISTENING",
       },
       {
         execs => ["[System]"],
         foreign_host => "0.0.0.0",
         foreign_port => 0,
         local_host => "192.168.0.104",
         local_port => 139,
         pid => 4,
         proto => "tcp",
         state => "LISTENING",
       },
       {
         execs => [
           "C:\\WINDOWS\\system32\\mswsock.dll",
           "c:\\windows\\system32\\WS2_32.dll",
           "c:\\windows\\system32\\DNSAPI.dll",
           "c:\\windows\\system32\\dnsrslvr.dll",
           "C:\\WINDOWS\\system32\\RPCRT4.dll",
           "[svchost.exe]",
         ],
         foreign_host => "*",
         foreign_port => "*",
         local_host => "0.0.0.0",
         local_port => 1025,
         pid => 1120,
         proto => "udp",
       },
       {
         execs => ["[lsass.exe]"],
         foreign_host => "*",
         foreign_port => "*",
         local_host => "0.0.0.0",
         local_port => 500,
         pid => 696,
         proto => "udp",
       },
     ],
   },
 ]

Usage:

 parse_netstat(%args) -> [status, msg, result, meta]

Parse the output of Windows "netstat" command.

Netstat can be called with "-n" (show raw IP addresses and port numbers instead of hostnames or port names) or without. It can be called with "-a" (show all listening and non-listening socket) option or without. And can be called with "-p" (show PID/program names) or without.

This function is not exported by default, but exportable.

Arguments ('*' denotes required arguments):

  • output* => str

    Output of netstat command.

  • tcp => bool (default: 1)

    Whether to parse TCP (and TCP6) connections.

  • udp => bool (default: 1)

    Whether to parse UDP (and UDP6) connections.

Returns an enveloped result (an array).

First element (status) is an integer containing HTTP status code (200 means OK, 4xx caller error, 5xx function error). Second element (msg) is a string containing error message, or 'OK' if status is 200. Third element (result) is optional, the actual result. Fourth element (meta) is called result metadata and is optional, a hash that contains extra information.

Return value: (any)

Please visit the project's homepage at <https://metacpan.org/release/Parse-Netstat>.

Source repository is at <https://github.com/perlancar/perl-Parse-Netstat>.

Please report any bugs or feature requests on the bugtracker website <https://rt.cpan.org/Public/Dist/Display.html?Name=Parse-Netstat>

When submitting a bug or request, please include a test-file or a patch to an existing test-file that illustrates the bug or desired feature.

perlancar <perlancar@cpan.org>

This software is copyright (c) 2017, 2015, 2014, 2012, 2011 by perlancar@cpan.org.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

2021-01-05 perl v5.32.0