Netstat in python. Does it's possible?

Discussion in 'Python' started by billie, Feb 11, 2006.

  1. billie

    billie Guest

    Hi all. I don't know if Python is good for this kind of jobs but I'm
    wondering if it's possible emulate the "netstat" command in Python.
    I'd need to know if a certain executable opened a socket and, in that case,
    I'd like to know what kind of socket it uses (TCP or UDP), its src/dst PORT,
    and the current STATE of the connection (listening, established, SYN
    sent...).

    Thanks in advance.
    billie, Feb 11, 2006
    #1
    1. Advertising

  2. billie enlightened us with:
    > Hi all. I don't know if Python is good for this kind of jobs but I'm
    > wondering if it's possible emulate the "netstat" command in Python.


    On Linux, you can read /proc for that info, iirc.

    Sybren
    --
    The problem with the world is stupidity. Not saying there should be a
    capital punishment for stupidity, but why don't we just take the
    safety labels off of everything and let the problem solve itself?
    Frank Zappa
    Sybren Stuvel, Feb 11, 2006
    #2
    1. Advertising

  3. billie wrote:
    > Hi all. I don't know if Python is good for this kind of jobs but I'm
    > wondering if it's possible emulate the "netstat" command in Python.


    As a general recommendation, use strace(1) to answer this kind of
    question. Run "strace -o tmp netstat", then inspect tmp to find out
    how netstat obtained the information it reported.

    As Sybren suggests, this can all be answered from /proc. For a
    process you are interested in, list /proc/<pid>/fd (using os.listdir),
    then read the contents of all links (using os.readlink). If the link
    value starts with "[socket:", it's a socket. Then search
    /proc/net/tcp for the ID. The line containing the ID will have
    the information you want.

    Regards,
    Martin
    =?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=, Feb 11, 2006
    #3
  4. billie

    Jorgen Grahn Guest

    On Sat, 11 Feb 2006 16:28:06 +0100, Martin v. Löwis <> wrote:
    > billie wrote:
    >> Hi all. I don't know if Python is good for this kind of jobs but I'm
    >> wondering if it's possible emulate the "netstat" command in Python.

    >
    > As a general recommendation, use strace(1) to answer this kind of
    > question. Run "strace -o tmp netstat", then inspect tmp to find out
    > how netstat obtained the information it reported.


    Good idea.

    There might still be a problem for people doing things like this: netstat
    might use unstable or non-public APIs to find the things it lists. This is
    fine because it's typically your OS vendor who have to handle that (ship
    another netstat when the /proc or /sys file system layout changes, etc).

    If it works like that, you can access the APIs fine from Python -- but you
    cannot write a portable 'pynetstat' without a lot of effort and maintenance.

    /Jorgen

    --
    // Jorgen Grahn <grahn@ Ph'nglui mglw'nafh Cthulhu
    \X/ snipabacken.dyndns.org> R'lyeh wgah'nagl fhtagn!
    Jorgen Grahn, Feb 11, 2006
    #4
  5. Jorgen Grahn wrote:
    > There might still be a problem for people doing things like this: netstat
    > might use unstable or non-public APIs to find the things it lists. This is
    > fine because it's typically your OS vendor who have to handle that (ship
    > another netstat when the /proc or /sys file system layout changes, etc).


    Right. However, on Unix, there aren't really that much "non-public"
    APIs. If you can figure out what the system call number is, and you
    have /usr/include/sys, you can typically come up with a way to call
    this API.

    It becomes tricky if netstat turns out to read /dev/kmem or some such.

    > If it works like that, you can access the APIs fine from Python -- but you
    > cannot write a portable 'pynetstat' without a lot of effort and maintenance.


    Well, to make that accessible from Python, you need to have Python
    wrappers for all system calls involved (or for library routines that
    use the system calls the right way). In case of /proc, this is easy;
    if it is a ioctl(2), it might still be doable. If it is something
    else, you may have to write a Python wrapper for that other system
    call first.

    Regards,
    Martin
    =?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=, Feb 12, 2006
    #5
  6. In article <>,
    Martin v. Löwis <> wrote:
    >Jorgen Grahn wrote:
    >> There might still be a problem for people doing things like this: netstat
    >> might use unstable or non-public APIs to find the things it lists. This is
    >> fine because it's typically your OS vendor who have to handle that (ship
    >> another netstat when the /proc or /sys file system layout changes, etc).

    >
    >Right. However, on Unix, there aren't really that much "non-public"
    >APIs. If you can figure out what the system call number is, and you
    >have /usr/include/sys, you can typically come up with a way to call
    >this API.
    >
    >It becomes tricky if netstat turns out to read /dev/kmem or some such.
    >
    >> If it works like that, you can access the APIs fine from Python -- but you
    >> cannot write a portable 'pynetstat' without a lot of effort and maintenance.

    >
    >Well, to make that accessible from Python, you need to have Python
    >wrappers for all system calls involved (or for library routines that
    >use the system calls the right way). In case of /proc, this is easy;
    >if it is a ioctl(2), it might still be doable. If it is something
    >else, you may have to write a Python wrapper for that other system
    >call first.

    .
    .
    .
    ALSO, as you know, but billie might not, Python certainly makes
    it easy enough to wrap netstat itself as an external executable.
    In many situations, *that*'s the right solution.
    Cameron Laird, Feb 12, 2006
    #6
  7. billie

    Jorgen Grahn Guest

    On Sun, 12 Feb 2006 01:04:14 +0100, Martin v. Löwis <> wrote:
    > Jorgen Grahn wrote:
    >> There might still be a problem for people doing things like this: netstat
    >> might use unstable or non-public APIs to find the things it lists. This is
    >> fine because it's typically your OS vendor who have to handle that (ship
    >> another netstat when the /proc or /sys file system layout changes, etc).

    >
    > Right. However, on Unix, there aren't really that much "non-public"
    > APIs. If you can figure out what the system call number is, and you
    > have /usr/include/sys, you can typically come up with a way to call
    > this API.


    I was thinking mostly about /proc, /sys and related file systems. I have a
    feeling parts of them they change quite frequently under Linux, and of
    course under other Unices they may look completely different, or be absent.

    Like Mr Laird said elsewhere, the best thing might be to popen() netstat
    and parse its output.

    /Jorgen

    --
    // Jorgen Grahn <grahn@ Ph'nglui mglw'nafh Cthulhu
    \X/ snipabacken.dyndns.org> R'lyeh wgah'nagl fhtagn!
    Jorgen Grahn, Feb 12, 2006
    #7
  8. Jorgen Grahn wrote:
    > I was thinking mostly about /proc, /sys and related file systems. I have a
    > feeling parts of them they change quite frequently under Linux, and of
    > course under other Unices they may look completely different, or be absent.
    >
    > Like Mr Laird said elsewhere, the best thing might be to popen() netstat
    > and parse its output.


    Hmm. And the netstat output cannot change, and is identical across all
    systems?

    I agree that the format of the proc file system is different across
    systems (or other systems don't use netstat at all), however, on all
    systems I'm aware of, there is a certain committment to keeping the
    proc file system stable for applications (on Solaris more so than
    on Linux).

    Regards,
    Martin
    =?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=, Feb 12, 2006
    #8
  9. billie

    billie Guest

    Thank you all for your helping.
    billie, Feb 13, 2006
    #9
  10. billie

    Jorgen Grahn Guest

    On Sun, 12 Feb 2006 22:56:06 +0100, Martin v. Löwis <> wrote:
    > Jorgen Grahn wrote:
    >> I was thinking mostly about /proc, /sys and related file systems. I have a
    >> feeling parts of them they change quite frequently under Linux, and of
    >> course under other Unices they may look completely different, or be absent.
    >>
    >> Like Mr Laird said elsewhere, the best thing might be to popen() netstat
    >> and parse its output.

    >
    > Hmm. And the netstat output cannot change, and is identical across all
    > systems?


    I was going to mention that complication, but I didn't want to depress the
    original poster any more ...

    /Jorgen

    --
    // Jorgen Grahn <grahn@ Ph'nglui mglw'nafh Cthulhu
    \X/ snipabacken.dyndns.org> R'lyeh wgah'nagl fhtagn!
    Jorgen Grahn, Feb 13, 2006
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Markus
    Replies:
    1
    Views:
    453
    Markus
    Nov 22, 2005
  2. Jan Faerber

    netstat

    Jan Faerber, Jan 20, 2006, in forum: HTML
    Replies:
    1
    Views:
    743
    Jan Faerber
    Jan 20, 2006
  3. DarkBlue

    Netstat Speed

    DarkBlue, Sep 2, 2006, in forum: Python
    Replies:
    9
    Views:
    536
    Jorgen Grahn
    Sep 6, 2006
  4. Replies:
    4
    Views:
    275
    Kenny McCormack
    Feb 21, 2006
  5. Replies:
    10
    Views:
    463
    Chris Gonnerman
    Dec 14, 2007
Loading...

Share This Page