/// <summary>
/// This method distills the output from netstat -a -n -o into a list of ProcessPorts that provide a mapping between
/// the process (name and id) and the ports that the process is using.
/// </summary>
/// <returns></returns>
private static List <ProcessPort> GetNetStatPorts(string ip)
{
List <ProcessPort> ProcessPorts = new List <ProcessPort>();
try
{
using (Process Proc = new Process())
{
//create a process that runs psexec. After running psexex, give it the netstat command as an argument.
ProcessStartInfo StartInfo = new ProcessStartInfo();
StartInfo.FileName = @"psexec.exe";
StartInfo.Arguments = @"\\" + ip + " netstat -ano";
StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
StartInfo.UseShellExecute = false;
StartInfo.RedirectStandardInput = true;
StartInfo.RedirectStandardOutput = true;
StartInfo.RedirectStandardError = true;
//use psexec to run netstat on remote ip
Proc.StartInfo = StartInfo;
Proc.Start();
StreamReader StandardOutput = Proc.StandardOutput; //the output of netstat (as stream)
StreamReader StandardError = Proc.StandardError;
string NetStatContent = StandardOutput.ReadToEnd() + StandardError.ReadToEnd(); //the output of netstat (as string)
string NetStatExitStatus = Proc.ExitCode.ToString();
if (NetStatExitStatus != "0")
{
Console.WriteLine("NetStat command failed. This may require elevated permissions.");
}
string[] NetStatRows = Regex.Split(NetStatContent, "\r\n"); //split netstat output to rows
foreach (string NetStatRow in NetStatRows)
{
string[] Tokens = Regex.Split(NetStatRow, "\\s+"); //split netstat output rows to columns
if (Tokens.Length > 4 && (Tokens[1].Equals("UDP") || Tokens[1].Equals("TCP")))
{
string IpAddress = Regex.Replace(Tokens[2], @"\[(.*?)\]", "1.1.1.1");
//Here we are creating a new process port. It's constructor needs 4 arguments:
// 1 - Process Name
// 2 - Process ID
// 3 - Protocol
// 4 - Port Number
try
{
ProcessPorts.Add(new ProcessPort(
Tokens[1] == "UDP" ? GetProcessName(Convert.ToInt16(Tokens[4]), ip) : GetProcessName(Convert.ToInt16(Tokens[5]), ip),
Tokens[1] == "UDP" ? Convert.ToInt16(Tokens[4]) : Convert.ToInt16(Tokens[5]),
IpAddress.Contains("1.1.1.1") ? String.Format("{0}v6", Tokens[1]) : String.Format("{0}v4", Tokens[1]),
Convert.ToInt32(IpAddress.Split(':')[1])
));
}
catch
{
Console.WriteLine("Could not convert the following NetStat row to a Process to Port mapping.");
Console.WriteLine(NetStatRow);
}
}
else
{
if (!NetStatRow.Trim().StartsWith("Proto") && !NetStatRow.Trim().StartsWith("Active") && !String.IsNullOrWhiteSpace(NetStatRow))
{
Console.WriteLine("Unrecognized NetStat row to a Process to Port mapping.");
Console.WriteLine(NetStatRow);
}
}
}
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
return(ProcessPorts);
}
/// <summary>
/// This method distills the output from netstat -a -n -o into a list of ProcessPorts that provide a mapping between
/// the process (name and id) and the ports that the process is using.
/// </summary>
/// <returns></returns>
private static List <ProcessPort> GetNetStatPorts()
{
List <ProcessPort> ProcessPorts = new List <ProcessPort>();
try
{
using (Process Proc = new Process())
{
ProcessStartInfo StartInfo = new ProcessStartInfo();
StartInfo.FileName = "netstat.exe";
StartInfo.Arguments = "-a -n -o";
StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
StartInfo.UseShellExecute = false;
StartInfo.RedirectStandardInput = true;
StartInfo.RedirectStandardOutput = true;
StartInfo.RedirectStandardError = true;
Proc.StartInfo = StartInfo;
Proc.Start();
StreamReader StandardOutput = Proc.StandardOutput;
StreamReader StandardError = Proc.StandardError;
string NetStatContent = StandardOutput.ReadToEnd() + StandardError.ReadToEnd();
string NetStatExitStatus = Proc.ExitCode.ToString();
if (NetStatExitStatus != "0")
{
Console.WriteLine("NetStat command failed. This may require elevated permissions.");
}
string[] NetStatRows = Regex.Split(NetStatContent, "\r\n");
foreach (string NetStatRow in NetStatRows)
{
string[] Tokens = Regex.Split(NetStatRow, "\\s+");
if (Tokens.Length > 4 && (Tokens[1].Equals("UDP") || Tokens[1].Equals("TCP")))
{
string IpAddress = Regex.Replace(Tokens[2], @"\[(.*?)\]", "1.1.1.1");
try
{
ProcessPorts.Add(new ProcessPort(
Tokens[1] == "UDP" ? GetProcessName(Convert.ToInt16(Tokens[4])) : GetProcessName(Convert.ToInt16(Tokens[5])),
Tokens[1] == "UDP" ? Convert.ToInt16(Tokens[4]) : Convert.ToInt16(Tokens[5]),
IpAddress.Contains("1.1.1.1") ? String.Format("{0}v6", Tokens[1]) : String.Format("{0}v4", Tokens[1]),
Convert.ToInt32(IpAddress.Split(':')[1])
));
}
catch
{
Console.WriteLine("Could not convert the following NetStat row to a Process to Port mapping.");
Console.WriteLine(NetStatRow);
}
}
else
{
if (!NetStatRow.Trim().StartsWith("Proto") && !NetStatRow.Trim().StartsWith("Active") && !String.IsNullOrWhiteSpace(NetStatRow))
{
Console.WriteLine("Unrecognized NetStat row to a Process to Port mapping.");
Console.WriteLine(NetStatRow);
}
}
}
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
return(ProcessPorts);
}
/// <summary>
/// This method distills the output from netstat -a -n -o into a list of ProcessPorts that provide a mapping between
/// the process (name and id) and the ports that the process is using.
/// </summary>
/// <returns></returns>
private static List <ProcessPort> GetNetStatPorts(int pid)
{
var processPorts = new List <ProcessPort>();
try
{
using (Process Proc = new Process())
{
ProcessStartInfo startInfo = new ProcessStartInfo
{
FileName = "cmd.exe",
Arguments = $"/c netstat.exe -a -n -o | find \"{pid}\"",
WindowStyle = ProcessWindowStyle.Hidden,
UseShellExecute = false,
RedirectStandardInput = true,
RedirectStandardOutput = true,
RedirectStandardError = true,
CreateNoWindow = true,
};
Proc.StartInfo = startInfo;
Proc.Start();
var standardOutput = Proc.StandardOutput;
var standardError = Proc.StandardError;
string netStatContent = standardOutput.ReadToEnd() + standardError.ReadToEnd();
string netStatExitStatus = Proc.ExitCode.ToString();
if (netStatExitStatus != "0")
{
Console.WriteLine("NetStat command failed. This may require elevated permissions.");
}
string[] netStatRows = Regex.Split(netStatContent, "\r\n");
foreach (string NetStatRow in netStatRows)
{
string[] Tokens = Regex.Split(NetStatRow, "\\s+");
if (Tokens.Length > 4 && (Tokens[1].Equals("UDP") || Tokens[1].Equals("TCP")))
{
string ipAddress = Regex.Replace(Tokens[2], @"\[(.*?)\]", "1.1.1.1");
try
{
processPorts.Add(new ProcessPort(
Tokens[1] == "UDP" ? GetProcessName(Convert.ToInt32(Tokens[4])) : GetProcessName(Convert.ToInt32(Tokens[5])),
Tokens[1] == "UDP" ? Convert.ToInt32(Tokens[4]) : Convert.ToInt32(Tokens[5]),
ipAddress.Contains("1.1.1.1") ? $"{Tokens[1]}v6" : $"{Tokens[1]}v4",
Convert.ToInt32(ipAddress.Split(':')[1])
));
}
catch (Exception ex)
{
Console.WriteLine("Could not convert the following NetStat row to a Process to Port mapping.");
Console.WriteLine(NetStatRow);
Console.WriteLine("Reason: " + ex);
}
}
else
{
if (!NetStatRow.Trim().StartsWith("Proto") && !NetStatRow.Trim().StartsWith("Active") && !String.IsNullOrWhiteSpace(NetStatRow))
{
Console.WriteLine("Unrecognized NetStat row to a Process to Port mapping.");
Console.WriteLine(NetStatRow);
}
}
}
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
return(processPorts);
}
