Histstat is a cross-platform command line tool for obtaining live, rudimentary network connection data on a computer system. This tool was designed for network and security engineers to easily view connections on a system as they occur. In a world filled with noisy computers, Histstat can help someone quickly understand network connections that are happening on a system without having to dig into heaps of packet capture data. It can used to troubleshoot network issues, profile traffic on a system, and potentially find malicious activity.
Note: On Windows, verbose output will not work unless you're running as NT AUTHORITY\SYSTEM. An easy way to drop into a system-level command prompt is to use PsExec from SysInternals, psexec -i -s cmd.exe.
Python 2.7psutil
pip install psutil
git clone https://github.com/vesche/histstat && cd histstat
$ python histstat.py -h
Usage: histstat - history for netstat
https://github.com/vesche/histstat
Options:
--version show program's version number and exit
-h, --help show this help message and exit
-i INTERVAL, --interval=INTERVAL
specify update interval in seconds (default: 1 sec)
-l LOG, --log=LOG log output to a text file
-v, --verbose verbose output
$ sudo python histstat.py -v -l log.txt
proto laddr lport raddr rport status pid pname time date user command
tcp 192.168.1.137 58822 172.217.1.206 443 ESTABLISHED 14896 firefox 10:41:45 16-07-28 vesche firefox
tcp 192.168.1.137 60176 192.30.253.124 443 ESTABLISHED 14896 firefox 10:41:45 16-07-28 vesche firefox
tcp 192.168.1.137 59798 45.58.74.36 443 TIME_WAIT - - 10:41:45 16-07-28 - -
tcp 192.168.1.137 40994 108.160.173.132 443 TIME_WAIT - - 10:41:45 16-07-28 - -
tcp 192.168.1.137 40986 108.160.173.132 443 TIME_WAIT - - 10:41:45 16-07-28 - -
tcp 192.168.1.137 41752 173.194.206.155 443 ESTABLISHED 14896 firefox 10:41:45 16-07-28 vesche firefox
tcp 192.168.1.137 48396 198.41.209.142 443 TIME_WAIT - - 10:41:45 16-07-28 - -
tcp 192.168.1.137 40978 108.160.173.132 443 TIME_WAIT - - 10:41:45 16-07-28 - -
tcp 192.168.1.137 60130 192.30.253.124 443 ESTABLISHED 14896 firefox 10:41:45 16-07-28 vesche firefox
tcp 192.168.1.137 40194 45.58.70.36 443 TIME_WAIT - - 10:41:45 16-07-28 - -
tcp 192.168.1.137 32894 198.41.209.151 443 TIME_WAIT - - 10:41:45 16-07-28 - -
tcp 192.168.1.137 60154 192.30.253.124 443 ESTABLISHED 14896 firefox 10:41:45 16-07-28 vesche firefox
tcp 192.168.1.137 57808 45.58.70.4 443 TIME_WAIT - - 10:41:45 16-07-28 - -
tcp 0.0.0.0 22 * * LISTEN 198 sshd 10:41:45 16-07-28 root /usr/bin/sshd -D
tcp 192.168.1.137 39732 199.16.156.6 443 ESTABLISHED 14896 firefox 10:41:45 16-07-28 vesche firefox
tcp 192.168.1.137 57816 45.58.70.4 443 TIME_WAIT - - 10:41:45 16-07-28 - -
tcp 192.168.1.137 35508 104.16.107.25 443 TIME_WAIT - - 10:41:45 16-07-28 - -
tcp 192.168.1.137 49674 198.41.208.122 443 TIME_WAIT - - 10:41:45 16-07-28 - -
tcp 192.168.1.137 34076 162.125.4.1 443 TIME_WAIT - - 10:41:45 16-07-28 - -
udp 0.0.0.0 68 * * - 362 dhcpcd 10:41:45 16-07-28 root dhcpcd -4 -q -t 30 -L wlp1s0
tcp 192.168.1.137 49752 104.16.2.9 443 TIME_WAIT - - 10:41:45 16-07-28 - -
tcp 192.168.1.137 40182 45.58.70.36 443 TIME_WAIT - - 10:41:45 16-07-28 - -
tcp 0.0.0.0 2002 * * LISTEN 31327 nc 10:42:03 16-07-28 vesche nc -l -p 2002
tcp 192.168.1.137 39600 10.4.0.11 22 ESTABLISHED 31975 ssh 10:42:59 16-07-28 vesche ssh [email protected]
tcp 192.168.1.137 39600 10.4.0.11 22 TIME_WAIT - - 10:43:05 16-07-28 - -
tcp 0.0.0.0 8080 * * LISTEN 32490 python2 10:43:49 16-07-28 root python2 -m SimpleHTTPServer 8080
tcp 192.168.1.137 8080 192.168.1.137 45162 TIME_WAIT - - 10:44:12 16-07-28 - -
- output to csv
- verbosity options
Huge thanks to Giampaolo Rodola' (giampaolo) and all the contributers of psutil for the amazing open source library that this project relies upon completely.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent