Histstat is a cross-platform command line tool for obtaining live, rudimentary network connection data on a computer system. This tool was designed for network and security engineers to easily view connections on a system as they occur. In a world filled with noisy computers, Histstat can help someone quickly understand network connections that are happening on a system without having to dig into heaps of packet capture data. It can used to troubleshoot network issues, profile traffic on a system, and potentially find malicious activity.
Note: On Windows, verbose output will not work unless you're running as NT AUTHORITY\SYSTEM. An easy way to drop into a system-level command prompt is to use PsExec from SysInternals, psexec -i -s cmd.exe.
Python 2.7psutil
pip install psutil
git clone https://github.com/vesche/histstat && cd histstat
$ python histstat.py -h
Usage: histstat - history for netstat
https://github.com/vesche/histstat
Options:
--version show program's version number and exit
-h, --help show this help message and exit
-i INTERVAL, --interval=INTERVAL
specify update interval in seconds (default: 1 sec)
-l LOG, --log=LOG log output to a text file
-v, --verbose verbose output
$ sudo python histstat.py -v -l log.txt
proto laddr lport raddr rport status pid pname time date user command
tcp 192.168.1.137 58822 172.217.1.206 443 ESTABLISHED 14896 firefox 10:41:45 16-07-28 vesche firefox
tcp 192.168.1.137 60176 192.30.253.124 443 ESTABLISHED 14896 firefox 10:41:45 16-07-28 vesche firefox
tcp 192.168.1.137 59798 45.58.74.36 443 TIME_WAIT - - 10:41:45 16-07-28 - -
tcp 192.168.1.137 40994 108.160.173.132 443 TIME_WAIT - - 10:41:45 16-07-28 - -
tcp 192.168.1.137 40986 108.160.173.132 443 TIME_WAIT - - 10:41:45 16-07-28 - -
tcp 192.168.1.137 41752 173.194.206.155 443 ESTABLISHED 14896 firefox 10:41:45 16-07-28 vesche firefox
tcp 192.168.1.137 48396 198.41.209.142 443 TIME_WAIT - - 10:41:45 16-07-28 - -
tcp 192.168.1.137 40978 108.160.173.132 443 TIME_WAIT - - 10:41:45 16-07-28 - -
tcp 192.168.1.137 60130 192.30.253.124 443 ESTABLISHED 14896 firefox 10:41:45 16-07-28 vesche firefox
tcp 192.168.1.137 40194 45.58.70.36 443 TIME_WAIT - - 10:41:45 16-07-28 - -
tcp 192.168.1.137 32894 198.41.209.151 443 TIME_WAIT - - 10:41:45 16-07-28 - -
tcp 192.168.1.137 60154 192.30.253.124 443 ESTABLISHED 14896 firefox 10:41:45 16-07-28 vesche firefox
tcp 192.168.1.137 57808 45.58.70.4 443 TIME_WAIT - - 10:41:45 16-07-28 - -
tcp 0.0.0.0 22 * * LISTEN 198 sshd 10:41:45 16-07-28 root /usr/bin/sshd -D
tcp 192.168.1.137 39732 199.16.156.6 443 ESTABLISHED 14896 firefox 10:41:45 16-07-28 vesche firefox
tcp 192.168.1.137 57816 45.58.70.4 443 TIME_WAIT - - 10:41:45 16-07-28 - -
tcp 192.168.1.137 35508 104.16.107.25 443 TIME_WAIT - - 10:41:45 16-07-28 - -
tcp 192.168.1.137 49674 198.41.208.122 443 TIME_WAIT - - 10:41:45 16-07-28 - -
tcp 192.168.1.137 34076 162.125.4.1 443 TIME_WAIT - - 10:41:45 16-07-28 - -
udp 0.0.0.0 68 * * - 362 dhcpcd 10:41:45 16-07-28 root dhcpcd -4 -q -t 30 -L wlp1s0
tcp 192.168.1.137 49752 104.16.2.9 443 TIME_WAIT - - 10:41:45 16-07-28 - -
tcp 192.168.1.137 40182 45.58.70.36 443 TIME_WAIT - - 10:41:45 16-07-28 - -
tcp 0.0.0.0 2002 * * LISTEN 31327 nc 10:42:03 16-07-28 vesche nc -l -p 2002
tcp 192.168.1.137 39600 10.4.0.11 22 ESTABLISHED 31975 ssh 10:42:59 16-07-28 vesche ssh root@10.4.0.11
tcp 192.168.1.137 39600 10.4.0.11 22 TIME_WAIT - - 10:43:05 16-07-28 - -
tcp 0.0.0.0 8080 * * LISTEN 32490 python2 10:43:49 16-07-28 root python2 -m SimpleHTTPServer 8080
tcp 192.168.1.137 8080 192.168.1.137 45162 TIME_WAIT - - 10:44:12 16-07-28 - -
- output to csv
- verbosity options
Huge thanks to Giampaolo Rodola' (giampaolo) and all the contributers of psutil for the amazing open source library that this project relies upon completely.