netstat

package
v1.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 24, 2022 License: GPL-3.0, MIT Imports: 12 Imported by: 2

README

go-netstat / Sliver

A modified version of https://github.com/cakturk/go-netstat, modifications have been made for interoperability with the rest of Sliver:

  • Added Darwin support
  • Data structures have been ported to protobuf

Using as a library

Godoc
Getting the package
$ go get github.com/cakturk/go-netstat/netstat
import (
	"fmt"

	"github.com/cakturk/go-netstat/netstat"
)

func displaySocks() error {
	// UDP sockets
	socks, err := netstat.UDPSocks(netstat.NoopFilter)
	if err != nil {
		return err
	}
	for _, e := range socks {
		fmt.Printf("%v\n", e)
	}

	// TCP sockets
	socks, err = netstat.TCPSocks(netstat.NoopFilter)
	if err != nil {
		return err
	}
	for _, e := range socks {
		fmt.Printf("%v\n", e)
	}

	// get only listening TCP sockets
	tabs, err = netstat.TCPSocks(func(s *netstat.SockTabEntry) bool {
		return s.State == netstat.Listen
	})
	if err != nil {
		return err
	}
	for _, e := range socks {
		fmt.Printf("%v\n", e)
	}

	// list all the TCP sockets in state FIN_WAIT_1 for your HTTP server
	tabs, err = netstat.TCPSocks(func(s *netstat.SockTabEntry) bool {
		return s.State == netstat.FinWait1 && s.LocalAddr.Port == 80
	})
	// error handling, etc.

	return nil
}

Documentation

Index

Constants

View Source
const (
	Established SkState = 0x01
	SynSent             = 0x02
	SynRecv             = 0x03
	FinWait1            = 0x04
	FinWait2            = 0x05
	TimeWait            = 0x06
	Close               = 0x07
	CloseWait           = 0x08
	LastAck             = 0x09
	Listen              = 0x0a
	Closing             = 0x0b
)

Socket states

Variables

View Source
var (
	ErrNotEnoughFields = errors.New("gonetstat: not enough fields in the line")
)

Errors returned by gonetstat

Functions

func NoopFilter

func NoopFilter(*SockTabEntry) bool

NoopFilter - a test function returning true for all elements

Types

type AcceptFn

type AcceptFn func(*SockTabEntry) bool

AcceptFn is used to filter socket entries. The value returned indicates whether the element is to be appended to the socket list.

type Process

type Process struct {
	Pid  int
	Name string
}

Process holds the PID and process name to which each socket belongs

func (*Process) String

func (p *Process) String() string

type SkState

type SkState uint8

SkState type represents socket connection state

func (SkState) String

func (s SkState) String() string

type SockAddr

type SockAddr struct {
	IP   net.IP
	Port uint16
}

SockAddr represents an ip:port pair

func (*SockAddr) String

func (s *SockAddr) String() string

type SockTabEntry

type SockTabEntry struct {
	LocalAddr  *SockAddr
	RemoteAddr *SockAddr
	State      SkState
	UID        uint32
	Process    *Process
	// contains filtered or unexported fields
}

SockTabEntry type represents each line of the /proc/net/[tcp|udp]

func TCP6Socks

func TCP6Socks(accept AcceptFn) ([]SockTabEntry, error)

TCP6Socks returns a slice of active TCP IPv4 sockets containing only those elements that satisfy the accept function

func TCPSocks

func TCPSocks(accept AcceptFn) ([]SockTabEntry, error)

TCPSocks returns a slice of active TCP sockets containing only those elements that satisfy the accept function

func UDP6Socks

func UDP6Socks(accept AcceptFn) ([]SockTabEntry, error)

UDP6Socks returns a slice of active UDP IPv6 sockets containing only those elements that satisfy the accept function

func UDPSocks

func UDPSocks(accept AcceptFn) ([]SockTabEntry, error)

UDPSocks returns a slice of active UDP sockets containing only those elements that satisfy the accept function

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL