Welcome to this educational blog post where we'll explore a Python script designed to monitor network connections on Windows systems. This tool can be valuable for budding cyber security researchers and enthusiasts to gain insights into ongoing network activities. Let's dive in!
Network Connections Monitor is a Python script that leverages the psutil library and tkinter GUI framework to provide an intuitive interface for monitoring network connections on Windows systems. This tool aids in analyzing established connections, their status, and the associated processes.
Features
- View real-time network connections with local and remote addresses, status, and process names.
- Sort connections based on columns like local address, remote address, status, and process name.
- Refresh button to update the connections list in real-time.
- Save connections to a log file for future reference.
Requirements
To use the Network Connections Monitor, you'll need:
- Python 3.x installed on your Windows system.
psutillibrary for retrieving network connections information. Install it using:
pip install psutilCode Implementation
Below is the Python code for the Network Connections Monitor:
import psutil
import tkinter as tk
from tkinter import ttk
from tkinter import messagebox
from tkinter import filedialog
class NetworkConnectionsApp:
def __init__(self, root):
self.root = root
self.root.title("Network Connections Monitor")
self.connections_list = ttk.Treeview(root, columns=("Local", "Remote", "Status", "Process"))
for column in ("Local", "Remote", "Status", "Process"):
self.connections_list.heading(column, text=column, command=lambda col=column: self.sort_column(col))
self.scrollbar = tk.Scrollbar(root, orient="vertical", command=self.connections_list.yview)
self.connections_list.configure(yscrollcommand=self.scrollbar.set)
self.connections_list.pack(fill="both", expand=True)
self.scrollbar.pack(side="right", fill="y")
self.system_processes = []
self.user_processes = []
self.refresh_button = tk.Button(root, text="Refresh", command=self.update_connections)
self.refresh_button.pack()
self.save_button = tk.Button(root, text="Save to Log", command=self.save_to_log)
self.save_button.pack()
self.update_connections()
def update_connections(self):
self.system_processes.clear()
self.user_processes.clear()
for conn in psutil.net_connections(kind="inet"):
local_address = format_address(conn.laddr)
remote_address = "N/A" if conn.raddr is None else format_address(conn.raddr)
status = conn.status
process_name = self.get_process_name(conn.pid)
if self.is_system_process(process_name):
self.system_processes.append((local_address, remote_address, status, process_name))
else:
self.user_processes.append((local_address, remote_address, status, process_name))
self.sort_connections()
def sort_connections(self):
self.connections_list.delete(*self.connections_list.get_children())
for conn in self.system_processes + self.user_processes:
self.connections_list.insert("", "end", values=conn)
def sort_column(self, column):
if column == "Process":
self.system_processes.sort(key=lambda x: x[3])
self.user_processes.sort(key=lambda x: x[3])
else:
col_index = self.column_index(column)
self.system_processes.sort(key=lambda x: x[col_index])
self.user_processes.sort(key=lambda x: x[col_index])
self.sort_connections()
def column_index(self, column):
return {"Local": 0, "Remote": 1, "Status": 2}.get(column, 0)
def get_process_name(self, pid):
try:
process = psutil.Process(pid)
return process.name()
except (psutil.NoSuchProcess, psutil.AccessDenied, psutil.ZombieProcess):
return "N/A"
def is_system_process(self, process_name):
return process_name.lower() in ["system", "system idle process"]
def save_to_log(self):
file_path = filedialog.asksaveasfilename(defaultextension=".txt", filetypes=[("Text Files", "*.txt")])
if file_path:
try:
with open(file_path, "w") as f:
for conn in self.system_processes + self.user_processes:
f.write(" | ".join(conn) + "\n")
messagebox.showinfo("Saved", "Connections saved to log successfully!")
except Exception as e:
messagebox.showerror("Error", f"An error occurred: {str(e)}")
def format_address(address):
if address:
ip, port = address
return f"{ip}:{port}"
else:
return "N/A"
if __name__ == "__main__":
root = tk.Tk()
app = NetworkConnectionsApp(root)
root.mainloop()
Download and Run Python Script
You can download and run the Python script by clicking the link below:
Download Python ScriptUsage
Follow these steps to use the Network Connections Monitor:
- Copy and paste the Python code into a file named
network_connections_monitor.py. - Install the
psutillibrary using the provided command. - Run the script using the command
python network_connections_monitor.py. - The GUI interface will open, displaying real-time network connections.
- Click the "Refresh" button to update the list of connections.
- Use the "Save to Log" button to save connections to a log file.
Final Thoughts
The Network Connections Monitor script serves as a valuable educational tool for understanding network connections on Windows systems. It provides an intuitive interface to monitor ongoing connections, sort them, and save them for analysis. By exploring the code and using the tool, budding cyber security researchers can enhance their skills in analyzing network activities.
Stay tuned for more educational articles and tools that empower cyber security enthusiasts to delve deeper into the world of network monitoring and threat analysis!
0 Comments