#!/bin/bash
function TEMPFILE() {
case $1 in
create)
mktemp -p /tmp --suffix tmpdoc
;;
delete)
rm -f $2
;;
*)
EXITNOW "could not create temporary file"
;;
esac
}
function ALLTOCSV() {
INPUT=$1
cat *.csv > $INPUT
}
function PARSE() {
export INPUT=$1
export LOCAL_PORT_LISTENING=$(TEMPFILE create)
#Get the ports for the listening services
cat $INPUT | grep -v ^\# | \
while IFS=',' read HOSTNAME PUBLIC_IP STATE LOCAL_ADDRESS LOCAL_PORT REMOTE_ADDRESS REMOTE_PORT PROCESS_ID PROCESS_NAME OS_VERSION PROCESSOR_COUNT RAM_MEMORY_KB
do
echo $HOSTNAME
done | sort -u | \
while IFS=',' read SERVERNAME
do
cat $1 | grep -v ^\# | \
while IFS=',' read HOSTNAME PUBLIC_IP STATE LOCAL_ADDRESS LOCAL_PORT REMOTE_ADDRESS REMOTE_PORT PROCESS_ID PROCESS_NAME OS_VERSION PROCESSOR_COUNT RAM_MEMORY_KB
do
if [[ ( "$SERVERNAME" == "$HOSTNAME" ) && ( "$STATE" == "LISTENING" ) && ( "$LOCAL_ADDRESS" != "127.0.0.1" ) ]]
then
echo $HOSTNAME $LOCAL_PORT
fi
done | sort -u -n -k2
done > $LOCAL_PORT_LISTENING
# Show only established sockets
cat $INPUT | grep -v ^\# | \
while IFS=',' read HOSTNAME PUBLIC_IP STATE LOCAL_ADDRESS LOCAL_PORT REMOTE_ADDRESS REMOTE_PORT PROCESS_ID PROCESS_NAME OS_VERSION PROCESSOR_COUNT RAM_MEMORY_KB
do
while read SERVERNAME PORT
do
#Show established sockets with listener process on the server, server side
if [[ ( "$SERVERNAME" == "$HOSTNAME" ) && ( $PORT -eq $LOCAL_PORT ) && ( "$STATE" == "ESTABLISHED" ) && ( "$LOCAL_ADDRESS" != "$REMOTE_ADDRESS" ) && ( "$PUBLIC_IP" != "$REMOTE_ADDRESS" ) ]]
then
echo $HOSTNAME LOCAL $LOCAL_PORT $REMOTE_ADDRESS $PROCESS_NAME
fi
#Sow eatablished sockets withot listener, client side
#PORT diferente local_port
RETORNO=$(grep -w $LOCAL_PORT $LOCAL_PORT_LISTENING | wc -l)
if [[ ( "$SERVERNAME" == "$HOSTNAME" ) && ( $RETORNO == 0 ) && ( "$STATE" == "ESTABLISHED" ) && ( "$LOCAL_ADDRESS" != "$REMOTE_ADDRESS" ) && ( "$PUBLIC_IP" == "$REMOTE_ADDRESS" ) ]]
then
echo $HOSTNAME REMOTE $REMOTE_PORT $REMOTE_ADDRESS $PROCESS_NAME
fi
done < $LOCAL_PORT_LISTENING
done | sort -u
# cat $LOCAL_PORT_LISTENING
TEMPFILE delete $LOCAL_PORT_LISTENING
}
function SQLITE_START() {
#HOSTNAME PUBLIC_IP STATE LOCAL_ADDRESS LOCAL_PORT REMOTE_ADDRESS REMOTE_PORT PROCESS_ID PROCESS_NAME OS_VERSION PROCESSOR_COUNT RAM_MEMORY_KB
sqlite3 $BASE "CREATE TABLE IF NOT EXISTS arquitetura(
HOSTNAME text,
PUBLIC_IP text,
STATE text,
LOCAL_ADDRESS text,
LOCAL_PORT integer,
REMOTE_ADDRESS text,
REMOTE_PORT integer,
PROCESS_ID integer,
PROCESS_NAME text,
OS_VERSION text,
PROCESSOR_COUNT integer,
RAM_MEMORY_KB real)"
# sqlite3 base.sb "create table IF NOT EXISTS hosts(endereco varchar(15) , nome varchar(60) primary key,TTL integer, tipo varchar(30))"
}
function SQLITE_INSERT() {
INPUT=$1
export COUNTER=0
wc -l $INPUT
cat $INPUT | grep -v ^\# | \
while IFS=',' read HOSTNAME PUBLIC_IP STATE LOCAL_ADDRESS LOCAL_PORT REMOTE_ADDRESS REMOTE_PORT PROCESS_ID PROCESS_NAME OS_VERSION PROCESSOR_COUNT RAM_MEMORY_KB
do
echo -ne "\rInserted $COUNTER Record(s)"
export COUNTER=$(expr $COUNTER + 1)
sqlite3 $BASE "INSERT INTO arquitetura(HOSTNAME,PUBLIC_IP,STATE,LOCAL_ADDRESS,LOCAL_PORT,REMOTE_ADDRESS,REMOTE_PORT,PROCESS_ID,PROCESS_NAME,OS_VERSION,PROCESSOR_COUNT,RAM_MEMORY_KB) VALUES('$HOSTNAME', '$PUBLIC_IP', '$STATE', '$LOCAL_ADDRESS', $LOCAL_PORT, '$REMOTE_ADDRESS', $REMOTE_PORT, $PROCESS_ID, '$PROCESS_NAME', '$OS_VERSION', $PROCESSOR_COUNT, $RAM_MEMORY_KB)"
done
}
function SQLITE_SELECT() {
# WHERE STATE == 'ESTABLIHED' AND LOCAL_ADDRESS <> '127.0.0.1'
sqlite3 $BASE -csv "$1"
}
function SQLITE_PURGE() {
rm -fr $BASE
}
function SERVER() {
SQLITE_SELECT "
SELECT DISTINCT
HOSTNAME,
REMOTE_ADDRESS,
LOCAL_ADDRESS
FROM
arquitetura
WHERE
STATE == 'ESTABLISHED'
AND
LOCAL_PORT NOT IN (
SELECT DISTINCT
LOCAL_PORT
FROM
arquitetura
WHERE
STATE == 'LISTENING'
AND
LOCAL_ADDRESS <> '127.0.0.1'
)
AND
LOCAL_ADDRESS <> '127.0.0.1'
ORDER BY
'REMOTE_ADDRESS'"
}
function CLIENT() {
SQLITE_SELECT "
SELECT DISTINCT
HOSTNAME,
LOCAL_ADDRESS,
REMOTE_ADDRESS
FROM
arquitetura
WHERE
STATE == 'ESTABLISHED'
AND
LOCAL_PORT IN (
SELECT DISTINCT
LOCAL_PORT
FROM
arquitetura
WHERE
STATE == 'LISTENING'
AND
LOCAL_ADDRESS <> '127.0.0.1'
)
AND
LOCAL_ADDRESS <> '127.0.0.1'
ORDER BY
'REMOTE_ADDRESS'"
}
function ESTABLISHED() {
SQLITE_SELECT "
SELECT DISTINCT
HOSTNAME,
'SERVER',
PROCESS_NAME,
PUBLIC_IP,
LOCAL_ADDRESS,
LOCAL_PORT,
REMOTE_ADDRESS,
REMOTE_PORT
FROM
arquitetura
WHERE
STATE == 'ESTABLISHED'
AND
LOCAL_PORT IN (
SELECT DISTINCT
LOCAL_PORT
FROM
arquitetura
WHERE
STATE == 'LISTENING'
AND
LOCAL_ADDRESS <> '127.0.0.1'
)
AND
LOCAL_ADDRESS <> '127.0.0.1'
ORDER BY
'REMOTE_PORT'"
SQLITE_SELECT "
SELECT DISTINCT
HOSTNAME,
'CLIENT',
PROCESS_NAME,
PUBLIC_IP,
LOCAL_ADDRESS,
LOCAL_PORT,
REMOTE_ADDRESS,
REMOTE_PORT
FROM
arquitetura
WHERE
STATE == 'ESTABLISHED'
AND
LOCAL_PORT NOT IN (
SELECT DISTINCT
LOCAL_PORT
FROM
arquitetura
WHERE
STATE == 'LISTENING'
AND
LOCAL_ADDRESS <> '127.0.0.1'
)
AND
LOCAL_ADDRESS <> '127.0.0.1'
ORDER BY
'LOCAL_PORT'"
}
function SERVER_PORT() {
SQLITE_SELECT "
SELECT DISTINCT
HOSTNAME,
REMOTE_ADDRESS,
REMOTE_PORT,
PROCESS_NAME
FROM
arquitetura
WHERE
STATE == 'ESTABLISHED'
AND
LOCAL_PORT NOT IN (
SELECT DISTINCT
LOCAL_PORT
FROM
arquitetura
WHERE
STATE == 'LISTENING'
AND
LOCAL_ADDRESS <> '127.0.0.1'
)
AND
LOCAL_ADDRESS <> '127.0.0.1'
ORDER BY
'REMOTE_PORT'"
}
function CLIENT_PORT() {
SQLITE_SELECT "
SELECT DISTINCT
HOSTNAME,
REMOTE_ADDRESS,
LOCAL_PORT,
PROCESS_NAME
FROM
arquitetura
WHERE
STATE == 'ESTABLISHED'
AND
LOCAL_PORT IN (
SELECT DISTINCT
LOCAL_PORT
FROM
arquitetura
WHERE
STATE == 'LISTENING'
AND
LOCAL_ADDRESS <> '127.0.0.1'
)
AND
LOCAL_ADDRESS <> '127.0.0.1'
ORDER BY
'REMOTE_ADDRESS'"
}
function INVENTORY() {
SQLITE_SELECT "
SELECT DISTINCT
HOSTNAME,
PUBLIC_IP,
PROCESSOR_COUNT,
CAST((RAM_MEMORY_KB/1024/1024) AS INT),
OS_VERSION
FROM
arquitetura
ORDER BY
HOSTNAME"
}
function UNMAPPED_HOSTS() {
SQLITE_SELECT "
SELECT DISTINCT
REMOTE_ADDRESS
FROM
arquitetura
WHERE
STATE == 'ESTABLISHED'
AND
LOCAL_ADDRESS <> '127.0.0.1'
AND
REMOTE_ADDRESS <> '0.0.0.0'
AND
REMOTE_ADDRESS NOT IN (
SELECT DISTINCT
PUBLIC_IP
FROM
arquitetura
)"
}
function PREGRAPH() {
SQLITE_SELECT "
SELECT DISTINCT
c.HOSTNAME,
c.PUBLIC_IP,
c.PROCESS_NAME,
(select HOSTNAME from arquitetura as d where c.REMOTE_ADDRESS == d.PUBLIC_IP),
c.REMOTE_ADDRESS
FROM
arquitetura as c
WHERE
STATE == 'ESTABLISHED'
AND
LOCAL_PORT NOT IN (
SELECT DISTINCT
LOCAL_PORT
FROM
arquitetura
WHERE
STATE == 'LISTENING'
AND
LOCAL_ADDRESS <> '127.0.0.1'
)
AND
LOCAL_ADDRESS <> '127.0.0.1'
ORDER BY
'LOCAL_PORT'"
}
if [ $# -ne 1 ]
then
exit 1
else
export INPUT=$(TEMPFILE create)
export BASE=base.db
ALLTOCSV $INPUT
dos2unix $INPUT >&2
case $1 in
zerado)
SQLITE_PURGE
SQLITE_START
SQLITE_INSERT $INPUT
;;
coletar)
SQLITE_START
SQLITE_INSERT $INPUT
;;
established)
ESTABLISHED
;;
server_port)
SERVER_PORT
;;
server)
SERVER
;;
client)
CLIENT
;;
client_port)
CLIENT_PORT
;;
server_client)
SERVER
CLIENT
;;
inventario)
INVENTORY
;;
unmapped_hosts)
UNMAPPED_HOSTS
;;
pregraph)
PREGRAPH
;;
*)
exit 1
;;
esac
# PARSE $INPUT
# SQLITE_START
# SQLITE_INSERT $INPUT
TEMPFILE delete $INPUT
fi
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Diagnostics;
using System.Linq;
using System.Net;
using System.Net.NetworkInformation;
using System.Net.Sockets;
using System.Runtime.InteropServices;
using System.Threading;
namespace ConsoleApplication1
{
internal class Program
{
public static void Main(string[] args)
{
System.Console.WriteLine("SocketProcessToFile, por Alexandre D´Amato");
System.Console.WriteLine("Se tudo der certo um arquivo será gerado no diretório de execução.");
System.Console.WriteLine("Nome do arquivo a ser gerado:");
System.Console.WriteLine(Environment.MachineName + ".csv");
List<String> adresses = new List<string>();
foreach (var nic in NetworkInterface.GetAllNetworkInterfaces())
{
foreach (var addr in nic.GetIPProperties().UnicastAddresses)
{
if (addr.Address.IsIPv6LinkLocal == false && AddressFamily.InterNetwork == addr.Address.AddressFamily)
{
if (addr.IPv4Mask != null)
{
// System.Console.Out.WriteLine(addr.Address.ToString());
adresses.Add(addr.Address.ToString());
}
}
}
}
String inlineAddresses = "";
if (adresses.Count >= 2)
{
int control = 0;
foreach (var addr in adresses)
{
if (control == 0)
{
inlineAddresses = addr.ToString();
}
else
{
inlineAddresses = inlineAddresses + ";" + addr.ToString();
}
}
}
else
{
inlineAddresses = adresses[0].ToString();
}
// System.Console.Out.WriteLine(adresses.Count);
// System.Console.Out.WriteLine(inlineAddresses);
long memKb;
GetPhysicallyInstalledSystemMemory(out memKb);
String separator = ",";
List<TcpProcessRecord> valores = GetAllTcpConnections();
List<String> lines = new List<string>();
lines.Add("#" + "HOSTNAME" +
separator + "PUBLIC_IP" +
separator + "STATE" +
separator + "LOCAL_ADDRESS" +
separator + "LOCAL_PORT" +
separator + "REMOTE_ADDRESS" +
separator + "REMOTE_PORT" +
separator + "PROCESS_ID" +
separator + "PROCESS_NAME" +
separator + "OS_VERSION" +
separator + "PROCESSOR_COUNT" +
separator + "RAM_MEMORY_KB");
foreach (var valor in valores)
{
lines.Add(Environment.MachineName +
separator + inlineAddresses +
separator + valor.State +
separator + valor.LocalAddress +
separator + valor.LocalPort +
separator + valor.RemoteAddress +
separator + valor.RemotePort +
separator + valor.ProcessId +
separator + valor.ProcessName +
separator + Environment.OSVersion +
separator + Environment.ProcessorCount +
separator + memKb);
}
System.IO.StreamWriter file = new System.IO.StreamWriter(Environment.MachineName + ".csv", false);
foreach (var line in lines)
{
file.WriteLine(line);
}
System.Console.WriteLine("Sucesso. \\o/");
System.Console.WriteLine("Finalizando em 5 segundos.");
// Console.WriteLine((memKb ));
Thread.Sleep(5000);
}
//
[DllImport("kernel32.dll")]
[return: MarshalAs(UnmanagedType.Bool)]
static extern bool GetPhysicallyInstalledSystemMemory(out long TotalMemoryInKilobytes);
public class TcpProcessRecord
{
[DisplayName("Local Address")]
public IPAddress LocalAddress { get; set; }
[DisplayName("Local Port")]
public ushort LocalPort { get; set; }
[DisplayName("Remote Address")]
public IPAddress RemoteAddress { get; set; }
[DisplayName("Remote Port")]
public ushort RemotePort { get; set; }
[DisplayName("State")]
public MibTcpState State { get; set; }
[DisplayName("Process ID")]
public int ProcessId { get; set; }
[DisplayName("Process Name")]
public string ProcessName { get; set; }
public TcpProcessRecord(IPAddress localIp, IPAddress remoteIp, ushort localPort,
ushort remotePort, int pId, MibTcpState state)
{
LocalAddress = localIp;
RemoteAddress = remoteIp;
LocalPort = localPort;
RemotePort = remotePort;
State = state;
ProcessId = pId;
// Getting the process name associated with a process id.
if (Process.GetProcesses().Any(process => process.Id == pId))
{
ProcessName = Process.GetProcessById(ProcessId).ProcessName;
}
}
}
public enum TcpTableClass
{
TCP_TABLE_BASIC_LISTENER,
TCP_TABLE_BASIC_CONNECTIONS,
TCP_TABLE_BASIC_ALL,
TCP_TABLE_OWNER_PID_LISTENER,
TCP_TABLE_OWNER_PID_CONNECTIONS,
TCP_TABLE_OWNER_PID_ALL,
TCP_TABLE_OWNER_MODULE_LISTENER,
TCP_TABLE_OWNER_MODULE_CONNECTIONS,
TCP_TABLE_OWNER_MODULE_ALL
}
public enum MibTcpState
{
CLOSED = 1,
LISTENING = 2,
SYN_SENT = 3,
SYN_RCVD = 4,
ESTABLISHED = 5,
FIN_WAIT1 = 6,
FIN_WAIT2 = 7,
CLOSE_WAIT = 8,
CLOSING = 9,
LAST_ACK = 10,
TIME_WAIT = 11,
DELETE_TCB = 12,
NONE = 0
}
public struct MIB_TCPROW_OWNER_PID
{
public MibTcpState state;
public uint localAddr;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public byte[] localPort;
public uint remoteAddr;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public byte[] remotePort;
public int owningPid;
}
public struct MIB_TCPTABLE_OWNER_PID
{
public uint dwNumEntries;
[MarshalAs(UnmanagedType.ByValArray, ArraySubType = UnmanagedType.Struct,
SizeConst = 1)]
public MIB_TCPROW_OWNER_PID[] table;
}
[DllImport("iphlpapi.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern uint GetExtendedTcpTable(IntPtr pTcpTable, ref int pdwSize,
bool bOrder, int ulAf, TcpTableClass tableClass, uint reserved = 0);
private const int AF_INET = 2;
// List of Active TCP Connections.
private static List<TcpProcessRecord> TcpActiveConnections = null;
// List of Active UDP Connections.
// private static List<UdpProcessRecord> UdpActiveConnections = null;
private static List<TcpProcessRecord> GetAllTcpConnections()
{
int bufferSize = 0;
List<TcpProcessRecord> tcpTableRecords = new List<TcpProcessRecord>();
// Getting the size of TCP table, that is returned in 'bufferSize' variable.
uint result = GetExtendedTcpTable(IntPtr.Zero, ref bufferSize, true, AF_INET,
TcpTableClass.TCP_TABLE_OWNER_PID_ALL);
// Allocating memory from the unmanaged memory of the process by using the
// specified number of bytes in 'bufferSize' variable.
IntPtr tcpTableRecordsPtr = Marshal.AllocHGlobal(bufferSize);
try
{
// The size of the table returned in 'bufferSize' variable in previous
// call must be used in this subsequent call to 'GetExtendedTcpTable'
// function in order to successfully retrieve the table.
result = GetExtendedTcpTable(tcpTableRecordsPtr, ref bufferSize, true,
AF_INET, TcpTableClass.TCP_TABLE_OWNER_PID_ALL);
// Non-zero value represent the function 'GetExtendedTcpTable' failed,
// hence empty list is returned to the caller function.
if (result != 0)
return new List<TcpProcessRecord>();
// Marshals data from an unmanaged block of memory to a newly allocated
// managed object 'tcpRecordsTable' of type 'MIB_TCPTABLE_OWNER_PID'
// to get number of entries of the specified TCP table structure.
MIB_TCPTABLE_OWNER_PID tcpRecordsTable = (MIB_TCPTABLE_OWNER_PID)
Marshal.PtrToStructure(tcpTableRecordsPtr,
typeof(MIB_TCPTABLE_OWNER_PID));
IntPtr tableRowPtr = (IntPtr)((long)tcpTableRecordsPtr +
Marshal.SizeOf(tcpRecordsTable.dwNumEntries));
// Reading and parsing the TCP records one by one from the table and
// storing them in a list of 'TcpProcessRecord' structure type objects.
for (int row = 0; row < tcpRecordsTable.dwNumEntries; row++)
{
MIB_TCPROW_OWNER_PID tcpRow = (MIB_TCPROW_OWNER_PID)Marshal.
PtrToStructure(tableRowPtr, typeof(MIB_TCPROW_OWNER_PID));
tcpTableRecords.Add(new TcpProcessRecord(
new IPAddress(tcpRow.localAddr),
new IPAddress(tcpRow.remoteAddr),
BitConverter.ToUInt16(new byte[2] {
tcpRow.localPort[1],
tcpRow.localPort[0] }, 0),
BitConverter.ToUInt16(new byte[2] {
tcpRow.remotePort[1],
tcpRow.remotePort[0] }, 0),
tcpRow.owningPid, tcpRow.state));
tableRowPtr = (IntPtr)((long)tableRowPtr + Marshal.SizeOf(tcpRow));
}
}
catch (OutOfMemoryException outOfMemoryException)
{
System.Console.Out.WriteLine(outOfMemoryException.Message);
// MessageBox.Show(outOfMemoryException.Message, "Out Of Memory",
// MessageBoxButtons.OK, MessageBoxIcon.Stop);
}
catch (Exception exception)
{
System.Console.Out.WriteLine(exception.Message);
// MessageBox.Show(exception.Message, "Exception",
// MessageBoxButtons.OK, MessageBoxIcon.Stop);
}
finally
{
Marshal.FreeHGlobal(tcpTableRecordsPtr);
}
return tcpTableRecords != null ? tcpTableRecords.Distinct()
.ToList<TcpProcessRecord>() : new List<TcpProcessRecord>();
}
}
}