memory based searches work

This commit is contained in:
Zane C. B-H 2019-08-11 22:51:34 -05:00
parent 520c0c7127
commit da5e7f901b
3 changed files with 143 additions and 20 deletions

View File

@ -2,21 +2,19 @@ Net-Connection-ncnetstat
Provides a enhances colorized netstat like tool that is capable of doing searches.
> ncnetstat -p ldap -n -a -C
Proto User PID Local Host Port Foreach Host Port State Command
tcp6 ldap 1377 * ldap * * LISTEN slapd
tcp4 ldap 1377 * ldap * * LISTEN slapd
tcp4 ldap 1377 127.0.0.1 ldap 127.0.0.1 41453 ESTABLISHED slapd
tcp4 ldap 1377 127.0.0.1 ldap 127.0.0.1 62370 ESTABLISHED slapd
tcp4 ldap 1377 127.0.0.1 ldap 127.0.0.1 35181 ESTABLISHED slapd
tcp4 ldap 1377 127.0.0.1 ldap 127.0.0.1 23619 ESTABLISHED slapd
tcp4 ldap 1377 127.0.0.1 ldap 127.0.0.1 23620 ESTABLISHED slapd
tcp4 nslcd 1386 127.0.0.1 41453 127.0.0.1 ldap ESTABLISHED nslcd
tcp4 nslcd 1386 127.0.0.1 62370 127.0.0.1 ldap ESTABLISHED nslcd
tcp4 nslcd 1386 127.0.0.1 35181 127.0.0.1 ldap ESTABLISHED nslcd
tcp4 nslcd 1386 127.0.0.1 23619 127.0.0.1 ldap ESTABLISHED nslcd
tcp4 nslcd 1386 127.0.0.1 23620 127.0.0.1 ldap ESTABLISHED nslcd
tcp4 ldap 1377 192.168.15.2 ldap 192.168.14.2 39821 ESTABLISHED slapd
> ncnetstat -W --Cl --pct -p ldap -n
Proto User PID Local Host Port Remote Host Port State WChan CPU% Mem% Command
tcp4 ldap 1377 127.0.0.1 ldap 127.0.0.1 41453 ESTABLISHED uwait 0.00 0.03 /usr/local/libexec/slapd -u ldap -g ldap
tcp4 ldap 1377 127.0.0.1 ldap 127.0.0.1 62370 ESTABLISHED uwait 0.00 0.03 /usr/local/libexec/slapd -u ldap -g ldap
tcp4 ldap 1377 127.0.0.1 ldap 127.0.0.1 35181 ESTABLISHED uwait 0.00 0.03 /usr/local/libexec/slapd -u ldap -g ldap
tcp4 ldap 1377 127.0.0.1 ldap 127.0.0.1 23619 ESTABLISHED uwait 0.00 0.03 /usr/local/libexec/slapd -u ldap -g ldap
tcp4 ldap 1377 127.0.0.1 ldap 127.0.0.1 23620 ESTABLISHED uwait 0.00 0.03 /usr/local/libexec/slapd -u ldap -g ldap
tcp4 nslcd 1386 127.0.0.1 41453 127.0.0.1 ldap ESTABLISHED nanslp 0.00 0.02 /usr/local/sbin/nslcd
tcp4 nslcd 1386 127.0.0.1 62370 127.0.0.1 ldap ESTABLISHED nanslp 0.00 0.02 /usr/local/sbin/nslcd
tcp4 nslcd 1386 127.0.0.1 35181 127.0.0.1 ldap ESTABLISHED nanslp 0.00 0.02 /usr/local/sbin/nslcd
tcp4 nslcd 1386 127.0.0.1 23619 127.0.0.1 ldap ESTABLISHED nanslp 0.00 0.02 /usr/local/sbin/nslcd
tcp4 nslcd 1386 127.0.0.1 23620 127.0.0.1 ldap ESTABLISHED nanslp 0.00 0.02 /usr/local/sbin/nslcd
tcp4 ldap 1377 192.168.15.2 ldap 192.168.14.2 39821 ESTABLISHED uwait 0.00 0.03 /usr/local/libexec/slapd -u ldap -g ldap
The search criteria can be any of the following.
@ -24,7 +22,13 @@ CIDR
port
host
PTR
pctcpu
pctmem
Regex PTR
state
UID
username
wait channel
TODO

View File

@ -17,9 +17,11 @@ sub help{
-l Show the listening ports.
-n Do not resolve the PTRs.
--nc Do not use colors.
--pct Show memory and CPU usage percent.
-S <sort> The Net::Connection::Sort to use.
-t Show only TCP connections.
-u Show only UDP connections.
-W Show the wchan.
-c <CIDRs> A comma seperated list of CIDRs to search for.
--ci Invert the CIDR search.
@ -30,6 +32,13 @@ sub help{
--cmd <cmds> A comma seperated list of commands to search for.
--cmdi Invert the command search.
--cpu <pct> Show connections belonging to procs matching this CPU usage percent.
--cpui Invert the CPU search.
--mem <pct> Show connections belonging to procs matching this memory usage percent.
--memi Invert the memory usage search.
-p <ports> A comma seperated list of ports to search for.
--pi Invert the port search.
@ -39,7 +48,6 @@ sub help{
--pid <pids> A comma separated list of PIDs to search for.
--pidi Invert the pid search.
--ptrr <rgx> A comma seperated list of regex to use for a PTR search.
--ptrri Invert the RegexPTR search.
--lptrr <rgx> A comma seperated list of regex to use for a local PTR search.
@ -63,6 +71,9 @@ sub help{
--uid <uids> A comma separated list of UIDs to search for.
--uidi Invert the UID search.
-w <rgx> A comma separated list of regexp to use for matching wchan valies.
--wi Invert the wchan search.
The default available sort methods are as below.
host_f foreign host
host_fl foreign host, local host
@ -80,8 +91,8 @@ state state
uid user ID
user username
For PID and UID searches, the equalities below can be used, by
directly prepending them to the number.
For CPU, memory, PID, and UID searches, the equalities below can be
used, by directly prepending them to the number.
<
<=
>
@ -136,6 +147,14 @@ my $pids_string;
my $pids_invert=0;
my $commands_string;
my $commands_invert;
my $wchan_string;
my $wchan_invert=0;
my $wchan_show=0;
my $pct_show=0;
my $cpu_string;
my $cpu_invert=0;
my $mem_string;
my $mem_invert=0;
# get the commandline options
Getopt::Long::Configure ('no_ignore_case');
@ -188,6 +207,14 @@ GetOptions(
'Ui' => \$users_invert,
'cmd=s' => \$commands_string,
'cmdi' => \$commands_invert,
'w=s' => \$wchan_string,
'wi' => \$wchan_invert,
'W' => \$wchan_show,
'pct' => \$pct_show,
'cpu=s' => \$cpu_string,
'cpui' => \$cpu_invert,
'mem=s' => \$mem_string,
'memi' => \$mem_invert,
);
my @filters;
@ -483,6 +510,51 @@ if ( defined( $commands_string ) ){
);
}
#
# Handle the wait channel searches
#
if ( defined( $wchan_string ) ){
my @wchans=split(/\,/, $wchan_string);
push( @filters, {
type=>'WChan',
invert=>$wchan_invert,
args=>{
wchans=>\@wchans,
},
}
);
}
#
# Handle the pctcpu searches
#
if ( defined( $cpu_string ) ){
my @cpus=split(/\,/, $cpu_string);
push( @filters, {
type=>'PctCPU',
invert=>$cpu_invert,
args=>{
pctcpus=>\@cpus,
},
}
);
}
#
# Handle the pctmem searches
#
if ( defined( $mem_string ) ){
my @mems=split(/\,/, $mem_string);
push( @filters, {
type=>'PctMem',
invert=>$mem_invert,
args=>{
pctmems=>\@mems,
},
}
);
}
# handle the -t -u options
# only add a filter if one is specified...
# adding both is just pointless
@ -542,6 +614,8 @@ my $ncnetstat=Net::Connection::ncnetstat->new(
ptr=>$ptr,
command=>$command,
command_long=>$command_long,
wchan=>$wchan_show,
pct=>$pct_show,
sorter=>{
invert=>$invert,
type=>$sort,

View File

@ -44,6 +44,8 @@ our $VERSION = '0.2.0';
ptr=>1,
command=>1,
command_long=>0,
wchan=>0,
pct_show=>1,
sorter=>{
invert=>0,
type=>'host_lf',
@ -114,6 +116,8 @@ sub new{
ptr=>1,
command=>0,
command_long=>0,
wchan=>0,
pct=>0,
};
bless $self;
@ -129,10 +133,18 @@ sub new{
$self->{command}=$args{command};
}
if ( defined( $args{pct} ) ){
$self->{pct}=$args{pct};
}
if ( defined( $args{wchan} ) ){
$self->{wchan}=$args{wchan};
}
if ( defined( $args{command_long} ) ){
$self->{command_long}=$args{command_long};
}
return $self;
}
@ -173,8 +185,17 @@ sub run{
color('underline white').'State'.color('reset'),
);
if ( $self->{wchan} ){
push( @headers, color('underline white').'WChan'.color('reset') );
}
if ( $self->{pct} ){
push( @headers, color('underline white').'CPU%'.color('reset') );
push( @headers, color('underline white').'Mem%'.color('reset') );
}
if ( $self->{command} ){
push( @headers, color('underline white').'Command'.color('reset') )
push( @headers, color('underline white').'Command'.color('reset') );
}
my $tb = Text::Table->new( @headers );
@ -254,6 +275,30 @@ sub run{
color('bright_blue').$conn->state.color('reset'),
);
# handle the wchan bit if needed
if (
$self->{wchan} &&
defined( $conn->wchan )
){
push( @new_line, color('bright_yellow').$conn->wchan.color('reset') );
}
# handle the percent stuff if needed
if (
$self->{pct} &&
defined( $conn->pctcpu )
){
push( @new_line, color('bright_cyan').sprintf('%.2f',$conn->pctcpu).color('reset') );
}
# handle the percent stuff if needed
if (
$self->{pct} &&
defined( $conn->pctmem )
){
push( @new_line, color('bright_green').sprintf('%.2f', $conn->pctmem).color('reset') );
}
# handle the command portion if needed
if (
defined( $conn->pid ) &&