/// <summary> /// This method distills the output from netstat -a -n -o into a list of ProcessPorts that provide a mapping between /// the process (name and id) and the ports that the process is using. /// </summary> /// <returns></returns> private static List <ProcessPort> GetNetStatPorts(string ip) { List <ProcessPort> ProcessPorts = new List <ProcessPort>(); try { using (Process Proc = new Process()) { //create a process that runs psexec. After running psexex, give it the netstat command as an argument. ProcessStartInfo StartInfo = new ProcessStartInfo(); StartInfo.FileName = @"psexec.exe"; StartInfo.Arguments = @"\\" + ip + " netstat -ano"; StartInfo.WindowStyle = ProcessWindowStyle.Hidden; StartInfo.UseShellExecute = false; StartInfo.RedirectStandardInput = true; StartInfo.RedirectStandardOutput = true; StartInfo.RedirectStandardError = true; //use psexec to run netstat on remote ip Proc.StartInfo = StartInfo; Proc.Start(); StreamReader StandardOutput = Proc.StandardOutput; //the output of netstat (as stream) StreamReader StandardError = Proc.StandardError; string NetStatContent = StandardOutput.ReadToEnd() + StandardError.ReadToEnd(); //the output of netstat (as string) string NetStatExitStatus = Proc.ExitCode.ToString(); if (NetStatExitStatus != "0") { Console.WriteLine("NetStat command failed. This may require elevated permissions."); } string[] NetStatRows = Regex.Split(NetStatContent, "\r\n"); //split netstat output to rows foreach (string NetStatRow in NetStatRows) { string[] Tokens = Regex.Split(NetStatRow, "\\s+"); //split netstat output rows to columns if (Tokens.Length > 4 && (Tokens[1].Equals("UDP") || Tokens[1].Equals("TCP"))) { string IpAddress = Regex.Replace(Tokens[2], @"\[(.*?)\]", "1.1.1.1"); //Here we are creating a new process port. It's constructor needs 4 arguments: // 1 - Process Name // 2 - Process ID // 3 - Protocol // 4 - Port Number try { ProcessPorts.Add(new ProcessPort( Tokens[1] == "UDP" ? GetProcessName(Convert.ToInt16(Tokens[4]), ip) : GetProcessName(Convert.ToInt16(Tokens[5]), ip), Tokens[1] == "UDP" ? Convert.ToInt16(Tokens[4]) : Convert.ToInt16(Tokens[5]), IpAddress.Contains("1.1.1.1") ? String.Format("{0}v6", Tokens[1]) : String.Format("{0}v4", Tokens[1]), Convert.ToInt32(IpAddress.Split(':')[1]) )); } catch { Console.WriteLine("Could not convert the following NetStat row to a Process to Port mapping."); Console.WriteLine(NetStatRow); } } else { if (!NetStatRow.Trim().StartsWith("Proto") && !NetStatRow.Trim().StartsWith("Active") && !String.IsNullOrWhiteSpace(NetStatRow)) { Console.WriteLine("Unrecognized NetStat row to a Process to Port mapping."); Console.WriteLine(NetStatRow); } } } } } catch (Exception ex) { Console.WriteLine(ex.Message); } return(ProcessPorts); }
/// <summary> /// This method distills the output from netstat -a -n -o into a list of ProcessPorts that provide a mapping between /// the process (name and id) and the ports that the process is using. /// </summary> /// <returns></returns> private static List <ProcessPort> GetNetStatPorts() { List <ProcessPort> ProcessPorts = new List <ProcessPort>(); try { using (Process Proc = new Process()) { ProcessStartInfo StartInfo = new ProcessStartInfo(); StartInfo.FileName = "netstat.exe"; StartInfo.Arguments = "-a -n -o"; StartInfo.WindowStyle = ProcessWindowStyle.Hidden; StartInfo.UseShellExecute = false; StartInfo.RedirectStandardInput = true; StartInfo.RedirectStandardOutput = true; StartInfo.RedirectStandardError = true; Proc.StartInfo = StartInfo; Proc.Start(); StreamReader StandardOutput = Proc.StandardOutput; StreamReader StandardError = Proc.StandardError; string NetStatContent = StandardOutput.ReadToEnd() + StandardError.ReadToEnd(); string NetStatExitStatus = Proc.ExitCode.ToString(); if (NetStatExitStatus != "0") { Console.WriteLine("NetStat command failed. This may require elevated permissions."); } string[] NetStatRows = Regex.Split(NetStatContent, "\r\n"); foreach (string NetStatRow in NetStatRows) { string[] Tokens = Regex.Split(NetStatRow, "\\s+"); if (Tokens.Length > 4 && (Tokens[1].Equals("UDP") || Tokens[1].Equals("TCP"))) { string IpAddress = Regex.Replace(Tokens[2], @"\[(.*?)\]", "1.1.1.1"); try { ProcessPorts.Add(new ProcessPort( Tokens[1] == "UDP" ? GetProcessName(Convert.ToInt16(Tokens[4])) : GetProcessName(Convert.ToInt16(Tokens[5])), Tokens[1] == "UDP" ? Convert.ToInt16(Tokens[4]) : Convert.ToInt16(Tokens[5]), IpAddress.Contains("1.1.1.1") ? String.Format("{0}v6", Tokens[1]) : String.Format("{0}v4", Tokens[1]), Convert.ToInt32(IpAddress.Split(':')[1]) )); } catch { Console.WriteLine("Could not convert the following NetStat row to a Process to Port mapping."); Console.WriteLine(NetStatRow); } } else { if (!NetStatRow.Trim().StartsWith("Proto") && !NetStatRow.Trim().StartsWith("Active") && !String.IsNullOrWhiteSpace(NetStatRow)) { Console.WriteLine("Unrecognized NetStat row to a Process to Port mapping."); Console.WriteLine(NetStatRow); } } } } } catch (Exception ex) { Console.WriteLine(ex.Message); } return(ProcessPorts); }
/// <summary> /// This method distills the output from netstat -a -n -o into a list of ProcessPorts that provide a mapping between /// the process (name and id) and the ports that the process is using. /// </summary> /// <returns></returns> private static List <ProcessPort> GetNetStatPorts(int pid) { var processPorts = new List <ProcessPort>(); try { using (Process Proc = new Process()) { ProcessStartInfo startInfo = new ProcessStartInfo { FileName = "cmd.exe", Arguments = $"/c netstat.exe -a -n -o | find \"{pid}\"", WindowStyle = ProcessWindowStyle.Hidden, UseShellExecute = false, RedirectStandardInput = true, RedirectStandardOutput = true, RedirectStandardError = true, CreateNoWindow = true, }; Proc.StartInfo = startInfo; Proc.Start(); var standardOutput = Proc.StandardOutput; var standardError = Proc.StandardError; string netStatContent = standardOutput.ReadToEnd() + standardError.ReadToEnd(); string netStatExitStatus = Proc.ExitCode.ToString(); if (netStatExitStatus != "0") { Console.WriteLine("NetStat command failed. This may require elevated permissions."); } string[] netStatRows = Regex.Split(netStatContent, "\r\n"); foreach (string NetStatRow in netStatRows) { string[] Tokens = Regex.Split(NetStatRow, "\\s+"); if (Tokens.Length > 4 && (Tokens[1].Equals("UDP") || Tokens[1].Equals("TCP"))) { string ipAddress = Regex.Replace(Tokens[2], @"\[(.*?)\]", "1.1.1.1"); try { processPorts.Add(new ProcessPort( Tokens[1] == "UDP" ? GetProcessName(Convert.ToInt32(Tokens[4])) : GetProcessName(Convert.ToInt32(Tokens[5])), Tokens[1] == "UDP" ? Convert.ToInt32(Tokens[4]) : Convert.ToInt32(Tokens[5]), ipAddress.Contains("1.1.1.1") ? $"{Tokens[1]}v6" : $"{Tokens[1]}v4", Convert.ToInt32(ipAddress.Split(':')[1]) )); } catch (Exception ex) { Console.WriteLine("Could not convert the following NetStat row to a Process to Port mapping."); Console.WriteLine(NetStatRow); Console.WriteLine("Reason: " + ex); } } else { if (!NetStatRow.Trim().StartsWith("Proto") && !NetStatRow.Trim().StartsWith("Active") && !String.IsNullOrWhiteSpace(NetStatRow)) { Console.WriteLine("Unrecognized NetStat row to a Process to Port mapping."); Console.WriteLine(NetStatRow); } } } } } catch (Exception ex) { Console.WriteLine(ex.Message); } return(processPorts); }