Real-time monitoring of active TCP ports used by a specific process (PID)

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for cenab from gravatar.com cenab

Unverified details

These details have not been verified by PyPI
Meta
Classifiers
Report project as malware

Project description

ProcessPortMonitor

ProcessPortMonitor is a Python package that allows you to monitor active TCP ports used by a specific process (PID) in real-time. It provides both a command-line interface (CLI) and an importable module for integration into your Python scripts. The package can asynchronously track port changes, trigger callbacks when changes occur, and maintain a history of port activity with timestamps.

Table of Contents

Features

  • Real-Time Monitoring: Continuously monitors active TCP ports used by a specific PID.
  • Asynchronous Operation: Runs in a separate thread to avoid blocking your main program.
  • Callback Mechanism: Triggers a user-defined callback function when port changes are detected.
  • Port History Tracking: Maintains a history of port additions and removals with timestamps.
  • Command-Line Interface: Provides a convenient CLI for quick monitoring from the terminal.
  • Python Module: Can be imported and used within your Python applications without terminal output.

Installation

Prerequisites

  • Python 3.6 or higher
  • lsof command: Available on most Unix-like systems (macOS, Linux).
  • jc library: JSON Convert library for parsing command output.

Install Using pip

pip3 install ProcessPortMonitor

Alternatively, you can install from source:

  1. Clone the Repository

    git clone https://github.com/yourusername/ProcessPortMonitor.git

  2. Navigate to the Package Directory

    cd ProcessPortMonitor

  3. Install the Package

    pip3 install .

Usage

Command-Line Interface

Basic Usage

Run ProcessPortMonitor followed by the PID of the process you wish to monitor. You may need to run the command with sudo to have the necessary permissions.

sudo ProcessPortMonitor <PID>

Options

  • --interval INTERVAL: Set the monitoring interval in seconds (default is 1.0 second).
sudo ProcessPortMonitor <PID> --interval 0.5

Example

sudo ProcessPortMonitor 16609 --interval 1

Output:

Monitoring active ports for PID 16609 every 1.0 second(s). Press Ctrl+C to stop.
New ports opened: {50260}
Active ports: {50260}
New ports opened: {50390}
Active ports: {50260, 50390}
Ports closed: {50260}
Active ports: {50390}

As a Python Module

Basic Usage (Module)

Import the ProcessPortMonitor class into your Python script and create an instance to monitor a specific PID.

from ProcessPortMonitor import ProcessPortMonitor
import time

def my_callback(new_ports, closed_ports, active_ports, port_history):
    # Handle port changes here
    if new_ports:
        print(f"Ports added: {new_ports}")
    if closed_ports:
        print(f"Ports removed: {closed_ports}")
    # You can also process active_ports and port_history as needed

pid_to_monitor = 16609  # Replace with the actual PID
monitor = ProcessPortMonitor(pid_to_monitor, interval=1.0, callback=my_callback)
monitor.start()

try:
    while True:
        # Your main program logic here
        time.sleep(1)
except KeyboardInterrupt:
    monitor.stop()
    print("Stopped monitoring.")

Customizing the Callback Function

The callback function should accept four parameters:

  • new_ports: A set of ports that have been added since the last check.
  • closed_ports: A set of ports that have been closed since the last check.
  • active_ports: The current set of active ports.
  • port_history: A list of dictionaries containing the history of port changes with timestamps.

Example of a callback function:

def my_callback(new_ports, closed_ports, active_ports, port_history):
    if new_ports:
        print(f"New ports opened: {new_ports}")
    if closed_ports:
        print(f"Ports closed: {closed_ports}")
    print(f"Current active ports: {active_ports}")
    # Optionally, process port_history

Accessing Port History

The port_history attribute of the ProcessPortMonitor instance stores the history of port changes.

# Access the port history
print(monitor.port_history)

Each entry in port_history is a dictionary:

{
    'timestamp': '2023-10-03T12:00:00.000000',
    'port': 50260,
    'action': 'added'  # or 'removed'
}

Examples

Example CLI Session

sudo ProcessPortMonitor 12345 --interval 0.5

Output:

Monitoring active ports for PID 12345 every 0.5 second(s). Press Ctrl+C to stop.
New ports opened: {8080}
Active ports: {8080}
Ports closed: {8080}
Active ports: set()

Example Python Script

from ProcessPortMonitor import ProcessPortMonitor
import time

def log_port_changes(new_ports, closed_ports, active_ports, port_history):
    if new_ports:
        print(f"[+] Ports opened: {new_ports}")
    if closed_ports:
        print(f"[-] Ports closed: {closed_ports}")
    print(f"[=] Current ports: {active_ports}")

pid = 12345
monitor = ProcessPortMonitor(pid, interval=0.5, callback=log_port_changes)
monitor.start()

try:
    while True:
        # Main application logic
        time.sleep(1)
except KeyboardInterrupt:
    monitor.stop()
    print("Monitoring stopped.")

Requirements

  • Python 3.6 or higher
  • lsof command: The script uses lsof to retrieve active TCP connections.
  • jc library: Install via pip3 install jc.

Limitations

  • Permissions: Monitoring processes other than your own may require root privileges.
  • Platform Compatibility: Designed for Unix-like systems (macOS, Linux) with lsof available.
  • System Resources: Frequent monitoring intervals may impact system performance due to repeated lsof calls.
  • TCP Connections Only: Currently monitors TCP connections in the ESTABLISHED state.

License

ProcessPortMonitor is released under the MIT License.

Contributing

Contributions are welcome! Please submit a pull request or open an issue to discuss improvements or report bugs.

Contact

For questions or support, please open an issue on the GitHub repository or contact the maintainer at batu.bora.tech@gmail.com.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for cenab from gravatar.com cenab

Unverified details

These details have not been verified by PyPI
Meta
Classifiers

Release history Release notifications | RSS feed

0.1.7

0.1.6

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

processportmonitor-0.1.0.tar.gz (6.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

processportmonitor-0.1.0-py3-none-any.whl (7.5 kB view details)

Uploaded Python 3

File details

Details for the file processportmonitor-0.1.0.tar.gz.

File metadata

  • Download URL: processportmonitor-0.1.0.tar.gz
  • Upload date:
  • Size: 6.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/5.1.1 CPython/3.12.7

File hashes

Hashes for processportmonitor-0.1.0.tar.gz
Algorithm Hash digest
SHA256 63e274d8ddd11102b58e122aacc77cf63d7157645f1c1ebdb34cb84cc7ec7e0a
MD5 587cc02eecb34aaa2c05fc40adaa7abc
BLAKE2b-256 fa3e338e517e5fccf6831a606534d299e17900e5dad5b67a906bd2828db47f7b

See more details on using hashes here.

Provenance

The following attestation bundles were made for processportmonitor-0.1.0.tar.gz:

Publisher: publish.yml on cenab/ProcessPortMonitor

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file processportmonitor-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for processportmonitor-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 5a40b9f96f701e4dcd0745a9801827de385b6714d8085d64dbba0fb41d7b922b
MD5 01b00b34382cc342eb0762987aec4abf
BLAKE2b-256 1a2494364d23e66dba4594a29fac47cd689ed0af777daddd2f1b162b9d5e19e5

See more details on using hashes here.

Provenance

The following attestation bundles were made for processportmonitor-0.1.0-py3-none-any.whl:

Publisher: publish.yml on cenab/ProcessPortMonitor

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page