Real-time monitoring of active TCP ports used by a specific process (PID)

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for cenab from gravatar.com cenab

Unverified details

These details have not been verified by PyPI
Meta
Classifiers
Report project as malware

Project description

ProcessPortMonitor

ProcessPortMonitor is a Python package that allows you to monitor active TCP ports used by a specific process (PID) in real-time. It provides both a command-line interface (CLI) and an importable module for integration into your Python scripts. The package can asynchronously track port changes, trigger callbacks when changes occur, and maintain a history of port activity with timestamps.

Table of Contents

Features

  • Real-Time Monitoring: Continuously monitors active TCP ports used by a specific PID.
  • Asynchronous Operation: Runs in a separate thread to avoid blocking your main program.
  • Callback Mechanism: Triggers a user-defined callback function when port changes are detected.
  • Port History Tracking: Maintains a history of port additions and removals with timestamps.
  • Command-Line Interface: Provides a convenient CLI for quick monitoring from the terminal.
  • Python Module: Can be imported and used within your Python applications without terminal output.

Installation

Prerequisites

  • Python 3.6 or higher
  • lsof command: Available on most Unix-like systems (macOS, Linux).
  • jc library: JSON Convert library for parsing command output.

Install Using pip

pip3 install ProcessPortMonitor

Alternatively, you can install from source:

  1. Clone the Repository

    git clone https://github.com/yourusername/ProcessPortMonitor.git

  2. Navigate to the Package Directory

    cd ProcessPortMonitor

  3. Install the Package

    pip3 install .

Usage

Command-Line Interface

Basic Usage

Run ProcessPortMonitor followed by the PID of the process you wish to monitor. You may need to run the command with sudo to have the necessary permissions.

sudo ProcessPortMonitor <PID>

Options

  • --interval INTERVAL: Set the monitoring interval in seconds (default is 1.0 second).
sudo ProcessPortMonitor <PID> --interval 0.5

Example

sudo ProcessPortMonitor 16609 --interval 1

Output:

Monitoring active ports for PID 16609 every 1.0 second(s). Press Ctrl+C to stop.
New ports opened: {50260}
Active ports: {50260}
New ports opened: {50390}
Active ports: {50260, 50390}
Ports closed: {50260}
Active ports: {50390}

As a Python Module

Basic Usage (Module)

Import the ProcessPortMonitor class into your Python script and create an instance to monitor a specific PID.

from ProcessPortMonitor import ProcessPortMonitor
import time

def my_callback(new_ports, closed_ports, active_ports, port_history):
    # Handle port changes here
    if new_ports:
        print(f"Ports added: {new_ports}")
    if closed_ports:
        print(f"Ports removed: {closed_ports}")
    # You can also process active_ports and port_history as needed

pid_to_monitor = 16609  # Replace with the actual PID
monitor = ProcessPortMonitor(pid_to_monitor, interval=1.0, callback=my_callback)
monitor.start()

try:
    while True:
        # Your main program logic here
        time.sleep(1)
except KeyboardInterrupt:
    monitor.stop()
    print("Stopped monitoring.")

Customizing the Callback Function

The callback function should accept four parameters:

  • new_ports: A set of ports that have been added since the last check.
  • closed_ports: A set of ports that have been closed since the last check.
  • active_ports: The current set of active ports.
  • port_history: A list of dictionaries containing the history of port changes with timestamps.

Example of a callback function:

def my_callback(new_ports, closed_ports, active_ports, port_history):
    if new_ports:
        print(f"New ports opened: {new_ports}")
    if closed_ports:
        print(f"Ports closed: {closed_ports}")
    print(f"Current active ports: {active_ports}")
    # Optionally, process port_history

Accessing Port History

The port_history attribute of the ProcessPortMonitor instance stores the history of port changes.

# Access the port history
print(monitor.port_history)

Each entry in port_history is a dictionary:

{
    'timestamp': '2023-10-03T12:00:00.000000',
    'port': 50260,
    'action': 'added'  # or 'removed'
}

Examples

Example CLI Session

sudo ProcessPortMonitor 12345 --interval 0.5

Output:

Monitoring active ports for PID 12345 every 0.5 second(s). Press Ctrl+C to stop.
New ports opened: {8080}
Active ports: {8080}
Ports closed: {8080}
Active ports: set()

Example Python Script

from ProcessPortMonitor import ProcessPortMonitor
import time

def log_port_changes(new_ports, closed_ports, active_ports, port_history):
    if new_ports:
        print(f"[+] Ports opened: {new_ports}")
    if closed_ports:
        print(f"[-] Ports closed: {closed_ports}")
    print(f"[=] Current ports: {active_ports}")

pid = 12345
monitor = ProcessPortMonitor(pid, interval=0.5, callback=log_port_changes)
monitor.start()

try:
    while True:
        # Main application logic
        time.sleep(1)
except KeyboardInterrupt:
    monitor.stop()
    print("Monitoring stopped.")

Requirements

  • Python 3.6 or higher
  • lsof command: The script uses lsof to retrieve active TCP connections.
  • jc library: Install via pip3 install jc.

Limitations

  • Permissions: Monitoring processes other than your own may require root privileges.
  • Platform Compatibility: Designed for Unix-like systems (macOS, Linux) with lsof available.
  • System Resources: Frequent monitoring intervals may impact system performance due to repeated lsof calls.
  • TCP Connections Only: Currently monitors TCP connections in the ESTABLISHED state.

License

ProcessPortMonitor is released under the MIT License.

Contributing

Contributions are welcome! Please submit a pull request or open an issue to discuss improvements or report bugs.

Contact

For questions or support, please open an issue on the GitHub repository or contact the maintainer at batu.bora.tech@gmail.com.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for cenab from gravatar.com cenab

Unverified details

These details have not been verified by PyPI
Meta
Classifiers

Release history Release notifications | RSS feed

This version

0.1.7

0.1.6

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

processportmonitor-0.1.7.tar.gz (6.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

processportmonitor-0.1.7-py3-none-any.whl (7.5 kB view details)

Uploaded Python 3

File details

Details for the file processportmonitor-0.1.7.tar.gz.

File metadata

  • Download URL: processportmonitor-0.1.7.tar.gz
  • Upload date:
  • Size: 6.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/5.1.1 CPython/3.12.7

File hashes

Hashes for processportmonitor-0.1.7.tar.gz
Algorithm Hash digest
SHA256 bb442cb9e06e0dafb35f8402828e9aca9fcb55a441a747431651ecaee5b2a280
MD5 c54dad0c0dd7e7073a43a1c47214b5fd
BLAKE2b-256 43ff3aa0dd9acdcf9bf5f297326f125134f07283611b4f10493061fbe1784d4c

See more details on using hashes here.

Provenance

The following attestation bundles were made for processportmonitor-0.1.7.tar.gz:

Publisher: publish.yml on cenab/processportmonitor

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file processportmonitor-0.1.7-py3-none-any.whl.

File metadata

File hashes

Hashes for processportmonitor-0.1.7-py3-none-any.whl
Algorithm Hash digest
SHA256 83adb8b8bc8972d13bc5e4883f9b65c6cb1455a603df44505d42a9f98fdb7421
MD5 7f4d67c457127047b365b3fd6c82e2bc
BLAKE2b-256 be959b8f3cf209bed785a9a3538b25185a13dd68264705e65cf69389de589e81

See more details on using hashes here.

Provenance

The following attestation bundles were made for processportmonitor-0.1.7-py3-none-any.whl:

Publisher: publish.yml on cenab/processportmonitor

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page