Sockets vs Process: mudanças entre as edições
Ir para navegação
Ir para pesquisar
Sem resumo de edição |
Sem resumo de edição |
||
| Linha 1: | Linha 1: | ||
=Data aggregate= | |||
<syntaxhighlight lang=bash> | <syntaxhighlight lang=bash> | ||
#!/bin/bash | #!/bin/bash | ||
| Linha 384: | Linha 385: | ||
fi | fi | ||
</syntaxhighlight> | |||
=Data Collector= | |||
==Windows== | |||
<syntaxhighlight lang=c#> | |||
using System; | |||
using System.Collections.Generic; | |||
using System.ComponentModel; | |||
using System.Diagnostics; | |||
using System.Linq; | |||
using System.Net; | |||
using System.Net.NetworkInformation; | |||
using System.Net.Sockets; | |||
using System.Runtime.InteropServices; | |||
using System.Threading; | |||
namespace ConsoleApplication1 | |||
{ | |||
internal class Program | |||
{ | |||
public static void Main(string[] args) | |||
{ | |||
System.Console.WriteLine("SocketProcessToFile, por Alexandre D´Amato"); | |||
System.Console.WriteLine("Se tudo der certo um arquivo será gerado no diretório de execução."); | |||
System.Console.WriteLine("Nome do arquivo a ser gerado:"); | |||
System.Console.WriteLine(Environment.MachineName + ".csv"); | |||
List<String> adresses = new List<string>(); | |||
foreach (var nic in NetworkInterface.GetAllNetworkInterfaces()) | |||
{ | |||
foreach (var addr in nic.GetIPProperties().UnicastAddresses) | |||
{ | |||
if (addr.Address.IsIPv6LinkLocal == false && AddressFamily.InterNetwork == addr.Address.AddressFamily) | |||
{ | |||
if (addr.IPv4Mask != null) | |||
{ | |||
// System.Console.Out.WriteLine(addr.Address.ToString()); | |||
adresses.Add(addr.Address.ToString()); | |||
} | |||
} | |||
} | |||
} | |||
String inlineAddresses = ""; | |||
if (adresses.Count >= 2) | |||
{ | |||
int control = 0; | |||
foreach (var addr in adresses) | |||
{ | |||
if (control == 0) | |||
{ | |||
inlineAddresses = addr.ToString(); | |||
} | |||
else | |||
{ | |||
inlineAddresses = inlineAddresses + ";" + addr.ToString(); | |||
} | |||
} | |||
} | |||
else | |||
{ | |||
inlineAddresses = adresses[0].ToString(); | |||
} | |||
// System.Console.Out.WriteLine(adresses.Count); | |||
// System.Console.Out.WriteLine(inlineAddresses); | |||
long memKb; | |||
GetPhysicallyInstalledSystemMemory(out memKb); | |||
String separator = ","; | |||
List<TcpProcessRecord> valores = GetAllTcpConnections(); | |||
List<String> lines = new List<string>(); | |||
lines.Add("#" + "HOSTNAME" + | |||
separator + "PUBLIC_IP" + | |||
separator + "STATE" + | |||
separator + "LOCAL_ADDRESS" + | |||
separator + "LOCAL_PORT" + | |||
separator + "REMOTE_ADDRESS" + | |||
separator + "REMOTE_PORT" + | |||
separator + "PROCESS_ID" + | |||
separator + "PROCESS_NAME" + | |||
separator + "OS_VERSION" + | |||
separator + "PROCESSOR_COUNT" + | |||
separator + "RAM_MEMORY_KB"); | |||
foreach (var valor in valores) | |||
{ | |||
lines.Add(Environment.MachineName + | |||
separator + inlineAddresses + | |||
separator + valor.State + | |||
separator + valor.LocalAddress + | |||
separator + valor.LocalPort + | |||
separator + valor.RemoteAddress + | |||
separator + valor.RemotePort + | |||
separator + valor.ProcessId + | |||
separator + valor.ProcessName + | |||
separator + Environment.OSVersion + | |||
separator + Environment.ProcessorCount + | |||
separator + memKb); | |||
} | |||
System.IO.StreamWriter file = new System.IO.StreamWriter(Environment.MachineName + ".csv", false); | |||
foreach (var line in lines) | |||
{ | |||
file.WriteLine(line); | |||
} | |||
System.Console.WriteLine("Sucesso. \\o/"); | |||
System.Console.WriteLine("Finalizando em 5 segundos."); | |||
// Console.WriteLine((memKb )); | |||
Thread.Sleep(5000); | |||
} | |||
// | |||
[DllImport("kernel32.dll")] | |||
[return: MarshalAs(UnmanagedType.Bool)] | |||
static extern bool GetPhysicallyInstalledSystemMemory(out long TotalMemoryInKilobytes); | |||
public class TcpProcessRecord | |||
{ | |||
[DisplayName("Local Address")] | |||
public IPAddress LocalAddress { get; set; } | |||
[DisplayName("Local Port")] | |||
public ushort LocalPort { get; set; } | |||
[DisplayName("Remote Address")] | |||
public IPAddress RemoteAddress { get; set; } | |||
[DisplayName("Remote Port")] | |||
public ushort RemotePort { get; set; } | |||
[DisplayName("State")] | |||
public MibTcpState State { get; set; } | |||
[DisplayName("Process ID")] | |||
public int ProcessId { get; set; } | |||
[DisplayName("Process Name")] | |||
public string ProcessName { get; set; } | |||
public TcpProcessRecord(IPAddress localIp, IPAddress remoteIp, ushort localPort, | |||
ushort remotePort, int pId, MibTcpState state) | |||
{ | |||
LocalAddress = localIp; | |||
RemoteAddress = remoteIp; | |||
LocalPort = localPort; | |||
RemotePort = remotePort; | |||
State = state; | |||
ProcessId = pId; | |||
// Getting the process name associated with a process id. | |||
if (Process.GetProcesses().Any(process => process.Id == pId)) | |||
{ | |||
ProcessName = Process.GetProcessById(ProcessId).ProcessName; | |||
} | |||
} | |||
} | |||
public enum TcpTableClass | |||
{ | |||
TCP_TABLE_BASIC_LISTENER, | |||
TCP_TABLE_BASIC_CONNECTIONS, | |||
TCP_TABLE_BASIC_ALL, | |||
TCP_TABLE_OWNER_PID_LISTENER, | |||
TCP_TABLE_OWNER_PID_CONNECTIONS, | |||
TCP_TABLE_OWNER_PID_ALL, | |||
TCP_TABLE_OWNER_MODULE_LISTENER, | |||
TCP_TABLE_OWNER_MODULE_CONNECTIONS, | |||
TCP_TABLE_OWNER_MODULE_ALL | |||
} | |||
public enum MibTcpState | |||
{ | |||
CLOSED = 1, | |||
LISTENING = 2, | |||
SYN_SENT = 3, | |||
SYN_RCVD = 4, | |||
ESTABLISHED = 5, | |||
FIN_WAIT1 = 6, | |||
FIN_WAIT2 = 7, | |||
CLOSE_WAIT = 8, | |||
CLOSING = 9, | |||
LAST_ACK = 10, | |||
TIME_WAIT = 11, | |||
DELETE_TCB = 12, | |||
NONE = 0 | |||
} | |||
public struct MIB_TCPROW_OWNER_PID | |||
{ | |||
public MibTcpState state; | |||
public uint localAddr; | |||
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)] | |||
public byte[] localPort; | |||
public uint remoteAddr; | |||
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)] | |||
public byte[] remotePort; | |||
public int owningPid; | |||
} | |||
public struct MIB_TCPTABLE_OWNER_PID | |||
{ | |||
public uint dwNumEntries; | |||
[MarshalAs(UnmanagedType.ByValArray, ArraySubType = UnmanagedType.Struct, | |||
SizeConst = 1)] | |||
public MIB_TCPROW_OWNER_PID[] table; | |||
} | |||
[DllImport("iphlpapi.dll", CharSet = CharSet.Auto, SetLastError = true)] | |||
private static extern uint GetExtendedTcpTable(IntPtr pTcpTable, ref int pdwSize, | |||
bool bOrder, int ulAf, TcpTableClass tableClass, uint reserved = 0); | |||
private const int AF_INET = 2; | |||
// List of Active TCP Connections. | |||
private static List<TcpProcessRecord> TcpActiveConnections = null; | |||
// List of Active UDP Connections. | |||
// private static List<UdpProcessRecord> UdpActiveConnections = null; | |||
private static List<TcpProcessRecord> GetAllTcpConnections() | |||
{ | |||
int bufferSize = 0; | |||
List<TcpProcessRecord> tcpTableRecords = new List<TcpProcessRecord>(); | |||
// Getting the size of TCP table, that is returned in 'bufferSize' variable. | |||
uint result = GetExtendedTcpTable(IntPtr.Zero, ref bufferSize, true, AF_INET, | |||
TcpTableClass.TCP_TABLE_OWNER_PID_ALL); | |||
// Allocating memory from the unmanaged memory of the process by using the | |||
// specified number of bytes in 'bufferSize' variable. | |||
IntPtr tcpTableRecordsPtr = Marshal.AllocHGlobal(bufferSize); | |||
try | |||
{ | |||
// The size of the table returned in 'bufferSize' variable in previous | |||
// call must be used in this subsequent call to 'GetExtendedTcpTable' | |||
// function in order to successfully retrieve the table. | |||
result = GetExtendedTcpTable(tcpTableRecordsPtr, ref bufferSize, true, | |||
AF_INET, TcpTableClass.TCP_TABLE_OWNER_PID_ALL); | |||
// Non-zero value represent the function 'GetExtendedTcpTable' failed, | |||
// hence empty list is returned to the caller function. | |||
if (result != 0) | |||
return new List<TcpProcessRecord>(); | |||
// Marshals data from an unmanaged block of memory to a newly allocated | |||
// managed object 'tcpRecordsTable' of type 'MIB_TCPTABLE_OWNER_PID' | |||
// to get number of entries of the specified TCP table structure. | |||
MIB_TCPTABLE_OWNER_PID tcpRecordsTable = (MIB_TCPTABLE_OWNER_PID) | |||
Marshal.PtrToStructure(tcpTableRecordsPtr, | |||
typeof(MIB_TCPTABLE_OWNER_PID)); | |||
IntPtr tableRowPtr = (IntPtr)((long)tcpTableRecordsPtr + | |||
Marshal.SizeOf(tcpRecordsTable.dwNumEntries)); | |||
// Reading and parsing the TCP records one by one from the table and | |||
// storing them in a list of 'TcpProcessRecord' structure type objects. | |||
for (int row = 0; row < tcpRecordsTable.dwNumEntries; row++) | |||
{ | |||
MIB_TCPROW_OWNER_PID tcpRow = (MIB_TCPROW_OWNER_PID)Marshal. | |||
PtrToStructure(tableRowPtr, typeof(MIB_TCPROW_OWNER_PID)); | |||
tcpTableRecords.Add(new TcpProcessRecord( | |||
new IPAddress(tcpRow.localAddr), | |||
new IPAddress(tcpRow.remoteAddr), | |||
BitConverter.ToUInt16(new byte[2] { | |||
tcpRow.localPort[1], | |||
tcpRow.localPort[0] }, 0), | |||
BitConverter.ToUInt16(new byte[2] { | |||
tcpRow.remotePort[1], | |||
tcpRow.remotePort[0] }, 0), | |||
tcpRow.owningPid, tcpRow.state)); | |||
tableRowPtr = (IntPtr)((long)tableRowPtr + Marshal.SizeOf(tcpRow)); | |||
} | |||
} | |||
catch (OutOfMemoryException outOfMemoryException) | |||
{ | |||
System.Console.Out.WriteLine(outOfMemoryException.Message); | |||
// MessageBox.Show(outOfMemoryException.Message, "Out Of Memory", | |||
// MessageBoxButtons.OK, MessageBoxIcon.Stop); | |||
} | |||
catch (Exception exception) | |||
{ | |||
System.Console.Out.WriteLine(exception.Message); | |||
// MessageBox.Show(exception.Message, "Exception", | |||
// MessageBoxButtons.OK, MessageBoxIcon.Stop); | |||
} | |||
finally | |||
{ | |||
Marshal.FreeHGlobal(tcpTableRecordsPtr); | |||
} | |||
return tcpTableRecords != null ? tcpTableRecords.Distinct() | |||
.ToList<TcpProcessRecord>() : new List<TcpProcessRecord>(); | |||
} | |||
} | |||
} | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Edição das 19h58min de 13 de setembro de 2019
Data aggregate
#!/bin/bash
function TEMPFILE() {
case $1 in
create)
mktemp -p /tmp --suffix tmpdoc
;;
delete)
rm -f $2
;;
*)
EXITNOW "could not create temporary file"
;;
esac
}
function ALLTOCSV() {
INPUT=$1
cat *.csv > $INPUT
}
function PARSE() {
export INPUT=$1
export LOCAL_PORT_LISTENING=$(TEMPFILE create)
#Get the ports for the listening services
cat $INPUT | grep -v ^\# | \
while IFS=',' read HOSTNAME PUBLIC_IP STATE LOCAL_ADDRESS LOCAL_PORT REMOTE_ADDRESS REMOTE_PORT PROCESS_ID PROCESS_NAME OS_VERSION PROCESSOR_COUNT RAM_MEMORY_KB
do
echo $HOSTNAME
done | sort -u | \
while IFS=',' read SERVERNAME
do
cat $1 | grep -v ^\# | \
while IFS=',' read HOSTNAME PUBLIC_IP STATE LOCAL_ADDRESS LOCAL_PORT REMOTE_ADDRESS REMOTE_PORT PROCESS_ID PROCESS_NAME OS_VERSION PROCESSOR_COUNT RAM_MEMORY_KB
do
if [[ ( "$SERVERNAME" == "$HOSTNAME" ) && ( "$STATE" == "LISTENING" ) && ( "$LOCAL_ADDRESS" != "127.0.0.1" ) ]]
then
echo $HOSTNAME $LOCAL_PORT
fi
done | sort -u -n -k2
done > $LOCAL_PORT_LISTENING
# Show only established sockets
cat $INPUT | grep -v ^\# | \
while IFS=',' read HOSTNAME PUBLIC_IP STATE LOCAL_ADDRESS LOCAL_PORT REMOTE_ADDRESS REMOTE_PORT PROCESS_ID PROCESS_NAME OS_VERSION PROCESSOR_COUNT RAM_MEMORY_KB
do
while read SERVERNAME PORT
do
#Show established sockets with listener process on the server, server side
if [[ ( "$SERVERNAME" == "$HOSTNAME" ) && ( $PORT -eq $LOCAL_PORT ) && ( "$STATE" == "ESTABLISHED" ) && ( "$LOCAL_ADDRESS" != "$REMOTE_ADDRESS" ) && ( "$PUBLIC_IP" != "$REMOTE_ADDRESS" ) ]]
then
echo $HOSTNAME LOCAL $LOCAL_PORT $REMOTE_ADDRESS $PROCESS_NAME
fi
#Sow eatablished sockets withot listener, client side
#PORT diferente local_port
RETORNO=$(grep -w $LOCAL_PORT $LOCAL_PORT_LISTENING | wc -l)
if [[ ( "$SERVERNAME" == "$HOSTNAME" ) && ( $RETORNO == 0 ) && ( "$STATE" == "ESTABLISHED" ) && ( "$LOCAL_ADDRESS" != "$REMOTE_ADDRESS" ) && ( "$PUBLIC_IP" == "$REMOTE_ADDRESS" ) ]]
then
echo $HOSTNAME REMOTE $REMOTE_PORT $REMOTE_ADDRESS $PROCESS_NAME
fi
done < $LOCAL_PORT_LISTENING
done | sort -u
# cat $LOCAL_PORT_LISTENING
TEMPFILE delete $LOCAL_PORT_LISTENING
}
function SQLITE_START() {
#HOSTNAME PUBLIC_IP STATE LOCAL_ADDRESS LOCAL_PORT REMOTE_ADDRESS REMOTE_PORT PROCESS_ID PROCESS_NAME OS_VERSION PROCESSOR_COUNT RAM_MEMORY_KB
sqlite3 $BASE "CREATE TABLE IF NOT EXISTS arquitetura(
HOSTNAME text,
PUBLIC_IP text,
STATE text,
LOCAL_ADDRESS text,
LOCAL_PORT integer,
REMOTE_ADDRESS text,
REMOTE_PORT integer,
PROCESS_ID integer,
PROCESS_NAME text,
OS_VERSION text,
PROCESSOR_COUNT integer,
RAM_MEMORY_KB real)"
# sqlite3 base.sb "create table IF NOT EXISTS hosts(endereco varchar(15) , nome varchar(60) primary key,TTL integer, tipo varchar(30))"
}
function SQLITE_INSERT() {
INPUT=$1
export COUNTER=0
wc -l $INPUT
cat $INPUT | grep -v ^\# | \
while IFS=',' read HOSTNAME PUBLIC_IP STATE LOCAL_ADDRESS LOCAL_PORT REMOTE_ADDRESS REMOTE_PORT PROCESS_ID PROCESS_NAME OS_VERSION PROCESSOR_COUNT RAM_MEMORY_KB
do
echo -ne "\rInserted $COUNTER Record(s)"
export COUNTER=$(expr $COUNTER + 1)
sqlite3 $BASE "INSERT INTO arquitetura(HOSTNAME,PUBLIC_IP,STATE,LOCAL_ADDRESS,LOCAL_PORT,REMOTE_ADDRESS,REMOTE_PORT,PROCESS_ID,PROCESS_NAME,OS_VERSION,PROCESSOR_COUNT,RAM_MEMORY_KB) VALUES('$HOSTNAME', '$PUBLIC_IP', '$STATE', '$LOCAL_ADDRESS', $LOCAL_PORT, '$REMOTE_ADDRESS', $REMOTE_PORT, $PROCESS_ID, '$PROCESS_NAME', '$OS_VERSION', $PROCESSOR_COUNT, $RAM_MEMORY_KB)"
done
}
function SQLITE_SELECT() {
# WHERE STATE == 'ESTABLIHED' AND LOCAL_ADDRESS <> '127.0.0.1'
sqlite3 $BASE -csv "$1"
}
function SQLITE_PURGE() {
rm -fr $BASE
}
function SERVER() {
SQLITE_SELECT "
SELECT DISTINCT
HOSTNAME,
REMOTE_ADDRESS,
LOCAL_ADDRESS
FROM
arquitetura
WHERE
STATE == 'ESTABLISHED'
AND
LOCAL_PORT NOT IN (
SELECT DISTINCT
LOCAL_PORT
FROM
arquitetura
WHERE
STATE == 'LISTENING'
AND
LOCAL_ADDRESS <> '127.0.0.1'
)
AND
LOCAL_ADDRESS <> '127.0.0.1'
ORDER BY
'REMOTE_ADDRESS'"
}
function CLIENT() {
SQLITE_SELECT "
SELECT DISTINCT
HOSTNAME,
LOCAL_ADDRESS,
REMOTE_ADDRESS
FROM
arquitetura
WHERE
STATE == 'ESTABLISHED'
AND
LOCAL_PORT IN (
SELECT DISTINCT
LOCAL_PORT
FROM
arquitetura
WHERE
STATE == 'LISTENING'
AND
LOCAL_ADDRESS <> '127.0.0.1'
)
AND
LOCAL_ADDRESS <> '127.0.0.1'
ORDER BY
'REMOTE_ADDRESS'"
}
function ESTABLISHED() {
SQLITE_SELECT "
SELECT DISTINCT
HOSTNAME,
'SERVER',
PROCESS_NAME,
PUBLIC_IP,
LOCAL_ADDRESS,
LOCAL_PORT,
REMOTE_ADDRESS,
REMOTE_PORT
FROM
arquitetura
WHERE
STATE == 'ESTABLISHED'
AND
LOCAL_PORT IN (
SELECT DISTINCT
LOCAL_PORT
FROM
arquitetura
WHERE
STATE == 'LISTENING'
AND
LOCAL_ADDRESS <> '127.0.0.1'
)
AND
LOCAL_ADDRESS <> '127.0.0.1'
ORDER BY
'REMOTE_PORT'"
SQLITE_SELECT "
SELECT DISTINCT
HOSTNAME,
'CLIENT',
PROCESS_NAME,
PUBLIC_IP,
LOCAL_ADDRESS,
LOCAL_PORT,
REMOTE_ADDRESS,
REMOTE_PORT
FROM
arquitetura
WHERE
STATE == 'ESTABLISHED'
AND
LOCAL_PORT NOT IN (
SELECT DISTINCT
LOCAL_PORT
FROM
arquitetura
WHERE
STATE == 'LISTENING'
AND
LOCAL_ADDRESS <> '127.0.0.1'
)
AND
LOCAL_ADDRESS <> '127.0.0.1'
ORDER BY
'LOCAL_PORT'"
}
function SERVER_PORT() {
SQLITE_SELECT "
SELECT DISTINCT
HOSTNAME,
REMOTE_ADDRESS,
REMOTE_PORT,
PROCESS_NAME
FROM
arquitetura
WHERE
STATE == 'ESTABLISHED'
AND
LOCAL_PORT NOT IN (
SELECT DISTINCT
LOCAL_PORT
FROM
arquitetura
WHERE
STATE == 'LISTENING'
AND
LOCAL_ADDRESS <> '127.0.0.1'
)
AND
LOCAL_ADDRESS <> '127.0.0.1'
ORDER BY
'REMOTE_PORT'"
}
function CLIENT_PORT() {
SQLITE_SELECT "
SELECT DISTINCT
HOSTNAME,
REMOTE_ADDRESS,
LOCAL_PORT,
PROCESS_NAME
FROM
arquitetura
WHERE
STATE == 'ESTABLISHED'
AND
LOCAL_PORT IN (
SELECT DISTINCT
LOCAL_PORT
FROM
arquitetura
WHERE
STATE == 'LISTENING'
AND
LOCAL_ADDRESS <> '127.0.0.1'
)
AND
LOCAL_ADDRESS <> '127.0.0.1'
ORDER BY
'REMOTE_ADDRESS'"
}
function INVENTORY() {
SQLITE_SELECT "
SELECT DISTINCT
HOSTNAME,
PUBLIC_IP,
PROCESSOR_COUNT,
CAST((RAM_MEMORY_KB/1024/1024) AS INT),
OS_VERSION
FROM
arquitetura
ORDER BY
HOSTNAME"
}
function UNMAPPED_HOSTS() {
SQLITE_SELECT "
SELECT DISTINCT
REMOTE_ADDRESS
FROM
arquitetura
WHERE
STATE == 'ESTABLISHED'
AND
LOCAL_ADDRESS <> '127.0.0.1'
AND
REMOTE_ADDRESS <> '0.0.0.0'
AND
REMOTE_ADDRESS NOT IN (
SELECT DISTINCT
PUBLIC_IP
FROM
arquitetura
)"
}
function PREGRAPH() {
SQLITE_SELECT "
SELECT DISTINCT
c.HOSTNAME,
c.PUBLIC_IP,
c.PROCESS_NAME,
(select HOSTNAME from arquitetura as d where c.REMOTE_ADDRESS == d.PUBLIC_IP),
c.REMOTE_ADDRESS
FROM
arquitetura as c
WHERE
STATE == 'ESTABLISHED'
AND
LOCAL_PORT NOT IN (
SELECT DISTINCT
LOCAL_PORT
FROM
arquitetura
WHERE
STATE == 'LISTENING'
AND
LOCAL_ADDRESS <> '127.0.0.1'
)
AND
LOCAL_ADDRESS <> '127.0.0.1'
ORDER BY
'LOCAL_PORT'"
}
if [ $# -ne 1 ]
then
exit 1
else
export INPUT=$(TEMPFILE create)
export BASE=base.db
ALLTOCSV $INPUT
dos2unix $INPUT >&2
case $1 in
zerado)
SQLITE_PURGE
SQLITE_START
SQLITE_INSERT $INPUT
;;
coletar)
SQLITE_START
SQLITE_INSERT $INPUT
;;
established)
ESTABLISHED
;;
server_port)
SERVER_PORT
;;
server)
SERVER
;;
client)
CLIENT
;;
client_port)
CLIENT_PORT
;;
server_client)
SERVER
CLIENT
;;
inventario)
INVENTORY
;;
unmapped_hosts)
UNMAPPED_HOSTS
;;
pregraph)
PREGRAPH
;;
*)
exit 1
;;
esac
# PARSE $INPUT
# SQLITE_START
# SQLITE_INSERT $INPUT
TEMPFILE delete $INPUT
fi
Data Collector
Windows
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Diagnostics;
using System.Linq;
using System.Net;
using System.Net.NetworkInformation;
using System.Net.Sockets;
using System.Runtime.InteropServices;
using System.Threading;
namespace ConsoleApplication1
{
internal class Program
{
public static void Main(string[] args)
{
System.Console.WriteLine("SocketProcessToFile, por Alexandre D´Amato");
System.Console.WriteLine("Se tudo der certo um arquivo será gerado no diretório de execução.");
System.Console.WriteLine("Nome do arquivo a ser gerado:");
System.Console.WriteLine(Environment.MachineName + ".csv");
List<String> adresses = new List<string>();
foreach (var nic in NetworkInterface.GetAllNetworkInterfaces())
{
foreach (var addr in nic.GetIPProperties().UnicastAddresses)
{
if (addr.Address.IsIPv6LinkLocal == false && AddressFamily.InterNetwork == addr.Address.AddressFamily)
{
if (addr.IPv4Mask != null)
{
// System.Console.Out.WriteLine(addr.Address.ToString());
adresses.Add(addr.Address.ToString());
}
}
}
}
String inlineAddresses = "";
if (adresses.Count >= 2)
{
int control = 0;
foreach (var addr in adresses)
{
if (control == 0)
{
inlineAddresses = addr.ToString();
}
else
{
inlineAddresses = inlineAddresses + ";" + addr.ToString();
}
}
}
else
{
inlineAddresses = adresses[0].ToString();
}
// System.Console.Out.WriteLine(adresses.Count);
// System.Console.Out.WriteLine(inlineAddresses);
long memKb;
GetPhysicallyInstalledSystemMemory(out memKb);
String separator = ",";
List<TcpProcessRecord> valores = GetAllTcpConnections();
List<String> lines = new List<string>();
lines.Add("#" + "HOSTNAME" +
separator + "PUBLIC_IP" +
separator + "STATE" +
separator + "LOCAL_ADDRESS" +
separator + "LOCAL_PORT" +
separator + "REMOTE_ADDRESS" +
separator + "REMOTE_PORT" +
separator + "PROCESS_ID" +
separator + "PROCESS_NAME" +
separator + "OS_VERSION" +
separator + "PROCESSOR_COUNT" +
separator + "RAM_MEMORY_KB");
foreach (var valor in valores)
{
lines.Add(Environment.MachineName +
separator + inlineAddresses +
separator + valor.State +
separator + valor.LocalAddress +
separator + valor.LocalPort +
separator + valor.RemoteAddress +
separator + valor.RemotePort +
separator + valor.ProcessId +
separator + valor.ProcessName +
separator + Environment.OSVersion +
separator + Environment.ProcessorCount +
separator + memKb);
}
System.IO.StreamWriter file = new System.IO.StreamWriter(Environment.MachineName + ".csv", false);
foreach (var line in lines)
{
file.WriteLine(line);
}
System.Console.WriteLine("Sucesso. \\o/");
System.Console.WriteLine("Finalizando em 5 segundos.");
// Console.WriteLine((memKb ));
Thread.Sleep(5000);
}
//
[DllImport("kernel32.dll")]
[return: MarshalAs(UnmanagedType.Bool)]
static extern bool GetPhysicallyInstalledSystemMemory(out long TotalMemoryInKilobytes);
public class TcpProcessRecord
{
[DisplayName("Local Address")]
public IPAddress LocalAddress { get; set; }
[DisplayName("Local Port")]
public ushort LocalPort { get; set; }
[DisplayName("Remote Address")]
public IPAddress RemoteAddress { get; set; }
[DisplayName("Remote Port")]
public ushort RemotePort { get; set; }
[DisplayName("State")]
public MibTcpState State { get; set; }
[DisplayName("Process ID")]
public int ProcessId { get; set; }
[DisplayName("Process Name")]
public string ProcessName { get; set; }
public TcpProcessRecord(IPAddress localIp, IPAddress remoteIp, ushort localPort,
ushort remotePort, int pId, MibTcpState state)
{
LocalAddress = localIp;
RemoteAddress = remoteIp;
LocalPort = localPort;
RemotePort = remotePort;
State = state;
ProcessId = pId;
// Getting the process name associated with a process id.
if (Process.GetProcesses().Any(process => process.Id == pId))
{
ProcessName = Process.GetProcessById(ProcessId).ProcessName;
}
}
}
public enum TcpTableClass
{
TCP_TABLE_BASIC_LISTENER,
TCP_TABLE_BASIC_CONNECTIONS,
TCP_TABLE_BASIC_ALL,
TCP_TABLE_OWNER_PID_LISTENER,
TCP_TABLE_OWNER_PID_CONNECTIONS,
TCP_TABLE_OWNER_PID_ALL,
TCP_TABLE_OWNER_MODULE_LISTENER,
TCP_TABLE_OWNER_MODULE_CONNECTIONS,
TCP_TABLE_OWNER_MODULE_ALL
}
public enum MibTcpState
{
CLOSED = 1,
LISTENING = 2,
SYN_SENT = 3,
SYN_RCVD = 4,
ESTABLISHED = 5,
FIN_WAIT1 = 6,
FIN_WAIT2 = 7,
CLOSE_WAIT = 8,
CLOSING = 9,
LAST_ACK = 10,
TIME_WAIT = 11,
DELETE_TCB = 12,
NONE = 0
}
public struct MIB_TCPROW_OWNER_PID
{
public MibTcpState state;
public uint localAddr;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public byte[] localPort;
public uint remoteAddr;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public byte[] remotePort;
public int owningPid;
}
public struct MIB_TCPTABLE_OWNER_PID
{
public uint dwNumEntries;
[MarshalAs(UnmanagedType.ByValArray, ArraySubType = UnmanagedType.Struct,
SizeConst = 1)]
public MIB_TCPROW_OWNER_PID[] table;
}
[DllImport("iphlpapi.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern uint GetExtendedTcpTable(IntPtr pTcpTable, ref int pdwSize,
bool bOrder, int ulAf, TcpTableClass tableClass, uint reserved = 0);
private const int AF_INET = 2;
// List of Active TCP Connections.
private static List<TcpProcessRecord> TcpActiveConnections = null;
// List of Active UDP Connections.
// private static List<UdpProcessRecord> UdpActiveConnections = null;
private static List<TcpProcessRecord> GetAllTcpConnections()
{
int bufferSize = 0;
List<TcpProcessRecord> tcpTableRecords = new List<TcpProcessRecord>();
// Getting the size of TCP table, that is returned in 'bufferSize' variable.
uint result = GetExtendedTcpTable(IntPtr.Zero, ref bufferSize, true, AF_INET,
TcpTableClass.TCP_TABLE_OWNER_PID_ALL);
// Allocating memory from the unmanaged memory of the process by using the
// specified number of bytes in 'bufferSize' variable.
IntPtr tcpTableRecordsPtr = Marshal.AllocHGlobal(bufferSize);
try
{
// The size of the table returned in 'bufferSize' variable in previous
// call must be used in this subsequent call to 'GetExtendedTcpTable'
// function in order to successfully retrieve the table.
result = GetExtendedTcpTable(tcpTableRecordsPtr, ref bufferSize, true,
AF_INET, TcpTableClass.TCP_TABLE_OWNER_PID_ALL);
// Non-zero value represent the function 'GetExtendedTcpTable' failed,
// hence empty list is returned to the caller function.
if (result != 0)
return new List<TcpProcessRecord>();
// Marshals data from an unmanaged block of memory to a newly allocated
// managed object 'tcpRecordsTable' of type 'MIB_TCPTABLE_OWNER_PID'
// to get number of entries of the specified TCP table structure.
MIB_TCPTABLE_OWNER_PID tcpRecordsTable = (MIB_TCPTABLE_OWNER_PID)
Marshal.PtrToStructure(tcpTableRecordsPtr,
typeof(MIB_TCPTABLE_OWNER_PID));
IntPtr tableRowPtr = (IntPtr)((long)tcpTableRecordsPtr +
Marshal.SizeOf(tcpRecordsTable.dwNumEntries));
// Reading and parsing the TCP records one by one from the table and
// storing them in a list of 'TcpProcessRecord' structure type objects.
for (int row = 0; row < tcpRecordsTable.dwNumEntries; row++)
{
MIB_TCPROW_OWNER_PID tcpRow = (MIB_TCPROW_OWNER_PID)Marshal.
PtrToStructure(tableRowPtr, typeof(MIB_TCPROW_OWNER_PID));
tcpTableRecords.Add(new TcpProcessRecord(
new IPAddress(tcpRow.localAddr),
new IPAddress(tcpRow.remoteAddr),
BitConverter.ToUInt16(new byte[2] {
tcpRow.localPort[1],
tcpRow.localPort[0] }, 0),
BitConverter.ToUInt16(new byte[2] {
tcpRow.remotePort[1],
tcpRow.remotePort[0] }, 0),
tcpRow.owningPid, tcpRow.state));
tableRowPtr = (IntPtr)((long)tableRowPtr + Marshal.SizeOf(tcpRow));
}
}
catch (OutOfMemoryException outOfMemoryException)
{
System.Console.Out.WriteLine(outOfMemoryException.Message);
// MessageBox.Show(outOfMemoryException.Message, "Out Of Memory",
// MessageBoxButtons.OK, MessageBoxIcon.Stop);
}
catch (Exception exception)
{
System.Console.Out.WriteLine(exception.Message);
// MessageBox.Show(exception.Message, "Exception",
// MessageBoxButtons.OK, MessageBoxIcon.Stop);
}
finally
{
Marshal.FreeHGlobal(tcpTableRecordsPtr);
}
return tcpTableRecords != null ? tcpTableRecords.Distinct()
.ToList<TcpProcessRecord>() : new List<TcpProcessRecord>();
}
}
}