tags:

views:

304

answers:

1
+2  Q: 

Write program like netstat

I would like to write an application like a netstat - to show all the active connections and the open ports respectively. The problem is that I don't know how to do it - I've done some network programming but in general it was some simple server-client packet and simple TCP and UDP packets sending/receiving.

I looked at the netstat code but it looks really complex. I am also reading the Unix Network Programming book and waiting for my copies of TCP/IP Illustrated (the 1 and 2 vol).

Any advice guys ? Anyone's got experience with stuff like this ? If does, can someone help me a bit in here ? The important things to do etc. etc. ? I'll appreciate every helpful answer.

Thank you in advance.

+4  A: 

You can do this, but realize that implementation will be operating system specific. This is because every OS exposes its counters and statistics differently.

For example, on Linux, you can get most of the statistics by parsing the files in /proc/net. Dumping the contents of /proc/net/dev gives you the list of interfaces (along with some stats).

# cat /proc/net/dev
Inter-|   Receive                                                |  Transmit
 face |bytes    packets errs drop fifo frame compressed multicast|bytes    packets errs drop fifo colls carrier compressed
    lo:1417676206 2810305    0    0    0     0          0         0 1417676206 2810305    0    0    0     0       0          0
  eth0:3780840146 96049486    0    0    0     0          0         0 2202685287 17436558    0    0    0     0       0          0

Or, parsing /proc/net/netstat will give you protocol (TCP/IP) statistics:

# cat /proc/net/netstat 
TcpExt: SyncookiesSent SyncookiesRecv SyncookiesFailed EmbryonicRsts PruneCalled RcvPruned OfoPruned OutOfWindowIcmps LockDroppedIcmps ArpFilter TW TWRecycled TWKilled PAWSPassive PAWSActive PAWSEstab DelayedACKs DelayedACKLocked DelayedACKLost ListenOverflows ListenDrops TCPPrequeued TCPDirectCopyFromBacklog TCPDirectCopyFromPrequeue TCPPrequeueDropped TCPHPHits TCPHPHitsToUser TCPPureAcks TCPHPAcks TCPRenoRecovery TCPSackRecovery TCPSACKReneging TCPFACKReorder TCPSACKReorder TCPRenoReorder TCPTSReorder TCPFullUndo TCPPartialUndo TCPDSACKUndo TCPLossUndo TCPLoss TCPLostRetransmit TCPRenoFailures TCPSackFailures TCPLossFailures TCPFastRetrans TCPForwardRetrans TCPSlowStartRetrans TCPTimeouts TCPRenoRecoveryFail TCPSackRecoveryFail TCPSchedulerFailed TCPRcvCollapsed TCPDSACKOldSent TCPDSACKOfoSent TCPDSACKRecv TCPDSACKOfoRecv TCPAbortOnSyn TCPAbortOnData TCPAbortOnClose TCPAbortOnMemory TCPAbortOnTimeout TCPAbortOnLinger TCPAbortFailed TCPMemoryPressures TCPSACKDiscard TCPDSACKIgnoredOld TCPDSACKIgnoredNoUndo TCPSpuriousRTOs TCPMD5NotFound TCPMD5Unexpected
TcpExt: 0 0 7053 2480 0 0 0 0 0 0 136514 0 0 0 0 4732 1291978 48 10938 0 0 726917 0 14734 0 3505285 23 3285967 4288783 963 56625 82 294 218 85 153 80 817 739 4861 176075 7864 246 3859 1647 285964 13690 54668 25710 599 4775 0 0 10792 21 12994 1492 0 305 27 0 946 0 0 0 1178 5175 3188 353 0 0
IpExt: InNoRoutes InTruncatedPkts InMcastPkts OutMcastPkts InBcastPkts OutBcastPkts
IpExt: 0 0 372 14 269538 0

Or /proc/net/udp gives you UDP connection information:

# cat /proc/net/udp
  sl  local_address rem_address   st tx_queue rx_queue tr tm->when retrnsmt   uid  timeout inode ref pointer drops             
  20: 0100007F:1194 00000000:0000 07 00000000:00000000 00:00000000 00000000     0        0 6788392 2 f6701b80 0                
  20: 4CE85CD0:1194 00000000:0000 07 00000000:00000000 00:00000000 00000000     0        0 6788384 2 f6703200 0                
  20: 4DE85CD0:1194 00000000:0000 07 00000000:00000000 00:00000000 00000000     0        0 6788379 2 f6701e00 0                
  39: 00000000:0AA7 00000000:0000 07 00000000:00000000 00:00000000 00000000   108        0 6790562 2 d2890f00 0                
  40: 00000000:11A8 00000000:0000 07 00000000:00000000 00:00000000 00000000   108        0 6790539 2 d2892580 0                
  68: 00000000:13C4 00000000:0000 07 00000000:00000000 00:00000000 00000000   108        0 6790505 2 d2892d00 0                
  87: 00000000:87D7 00000000:0000 07 00000000:00000000 00:00000000 00000000   106        0 6957 2 f67b0f00 0                   
  89: 00000000:11D9 00000000:0000 07 00000000:00000000 00:00000000 00000000   108        0 6790508 2 d2890500 0                
 105: 00000000:14E9 00000000:0000 07 00000000:00000000 00:00000000 00000000   106        0 6956 2 f67b2580 0                   
 116: 0100007F:01F4 00000000:0000 07 00000000:00000000 00:00000000 00000000     0        0 6788388 2 f6701900 0                
 116: 4CE85CD0:01F4 00000000:0000 07 00000000:00000000 00:00000000 00000000     0        0 6788382 2 f6701180 0                
 116: 4DE85CD0:01F4 00000000:0000 07 00000000:00000000 00:00000000 00000000     0        0 6788378 2 f6702f80 0                
 120: 0100007F:88F8 0100007F:88F8 01 00000000:00000000 00:00000000 00000000   107        0 6790576 2 f67b0a00 0

Hope this helps.

0xfe  2010-02-13 13:29:13

related questions

Obscuring network proxy password in plain text files on Linux/UNIX-likes
Why doesn't **find** find anything?
Getting stack traces on Unix systems, automatically
Differences between unix and windows files
How do you do a case insensitive search using a pattern modifier using less ?
Using Visual Studio to develop for C++ for Unix
How do I generate ASCII codes 2 and 3 in a Bash command line?
What's in your .procmailrc
Allow user to set up an SSH tunnel, but nothing else
What is PHP Safe Mode GID?
How to avoid redefining VERSION, PACKAGE, etc.
How can I encode xml files to xfdl (base64-gzip)?
Faster way to find duplicates conditioned by time
Date arithmetic in Unix shell scripts
Using Xming X Window Server over a VPN
Windows Equivalent of 'nice'
How do I configure and communicate with a serial port?
Choosing a static code analysis tool
What should a longtime Windows user know when starting to use Linux?
How do I use (n)curses in Ruby?
Process size on UNIX
Getting root permissions on a file inside of vi?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
Fastest way to get value of pi