All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Hard__warE" <hard__ware@hotmail.com>
To: netfilter@lists.samba.org
Subject: Displaying Active NAT Connections with iptables
Date: Sun, 16 Jun 2002 09:20:01 +1000	[thread overview]
Message-ID: <000a01c214c3$2c683400$7b0010ac@dynamicaccess.lan> (raw)

oops ,

here it is,

is it possible just to show the current Active NaT connections with IPTables
??

i have found a Perl Script which will show you the state of Past & Current
connections

but i only need current, although im happy with this for now .. :D

here is the script i found

/etc/tracker.pl
---------------Start Copy Below the Line----------------

#!/usr/bin/perl -w
#
# Purpose:
#
#  Quick jobber to do some parsing of the iptables connection
#  tracking from /proc and print it out a little nicer.
#  (and to make Godot quit bugging me, of course )
#
# Options:
#   -P    This enables port lookups (translating ports -> services [Should
be fast])
#   -p    This disables port lookups
#
#  You can set the defaults for both of these below, 1 == lookup,
#  0 == don't. The commandline switches override defaults.
#
# Author:
#
#  Brian Poole, http://www.cerias.purdue.edu/homes/rajak/
#
# LICENSE:
#
#  This is licensed under the BSD license, in other words
#  do what you will, I don't care, just don't blame me.
#  I assume no liability for any incompetent usage of this
#  script, nor of any poor coding (though of course there
#  none of THAT!).

$PORT_LOOKUPS = 1;

if (defined @ARGV and $#ARGV != 0){
  &usage;
} elsif (defined @ARGV){
  if ($ARGV[0] eq "-p"){
    $PORT_LOOKUPS = 0;
  } elsif ($ARGV[0] eq "-P"){
    $PORT_LOOKUPS = 1;
  } else {
    &usage;
  }
}


# Hey! Who told you that you could read my code! GET OUTTA HERE!#%^!@#

# First lets grab the data from the proc entry..

open INPUT, "</proc/net/ip_conntrack" or die "Unable to read input: $!\n";

while (<INPUT>){
  push @{ $records{(split " ")[0]} }, $_;
}

close INPUT;

if (defined %records){

  print "               Current connections being tracked by
netfilter\n\nProt       Src IP      Src Port      State          Dst IP
Dst Port\n\n";

  foreach $key (keys %records) {

    $proto = uc $key;

    for $i (0 .. $#{ $records{$key} } ){

      # Assigning that bad boy into a variable because I don't like having
to type all that every time ;)

      my $log = $records{$key}[$i];

      # Zero out the port vars (we can't guarantee we have replaces to match
them since some protocols (ICMP))
      # don't have ports. Then do a match and shove the vars into place as
appropriate.

      ($dport, $sport ) = ("","");

      if( $log =~ /^.*?src=(.*?) dst=(.*?) (?:sport=(\d{1,5})
dport=(\d{1,5}) )?/) {
 ($srcip, $dstip) = ($1,$2);
        ($sport, $dport) = ($3,$4) if (defined $3 and defined $4);
      } else {
        report($log);
      }

      # This is detection of what ip_conntrack state the particular item is
in, base is <--NORM--> (just regular)
      # the others are done as detected. I have a special check that if more
than one []'s found to die and
      # report just because I'm not completely sure if this is impossible
and I need to know if not.

      $state = "<--NORM-->";
      if ( $log =~ /\[ASSURED\]/ ){
         $state = "<==ASRD==>";
      }
      if ( $log =~ /\[UNREPLIED\]/ ){
         report($log) if $state ne "<--NORM-->";
         $state = " --UNRE-->";
      }
      if ( $log =~ /\[UNCONFIRMED\]/ ){
         report($log) if $state ne "<--NORM-->";
         $state = "<--UNCO-- ";
      }

      if ($PORT_LOOKUPS and $sport ne "" and $dport ne ""){
        my $name = (getservbyport $sport, $key)[0];
        $sport = $name if defined $name;
        undef $name;

        $name = (getservbyport $dport, $key)[0];
        $dport = $name if defined $name;
      }

      write;

    }

    print "\n";
  }
} else {
  # No tracked connections.. weird.
  print "\nNo connections currently being tracked.\n";
}

exit;

# All of those -- err, that one subroutine
#  -- Make that TWO! I'm all about efficiency baby.

sub usage {
   die "IP connection tracker\n",
         "Written by Brian Poole <raj\@cerias.purdue.edu>\n",
         "\nUsage: $0 [-Pp]\n",
         "\n-P enables port -> service mappings\n",
         "-p disables port -> service mappings\n\n";
}

sub report {
   die "Please mail the following log entry to raj\@cerias.purdue.edu for
debugging purposes.\n\n$_[0]\n";
}

# The format.. duh.

format STDOUT =
@<<< @>>>>>>>>>>>>>> @|||||||||||| @<<<<<<<<< @>>>>>>>>>>>>>> @||||||||||||
$proto, $srcip,         $sport,     $state, $dstip,         $dport
.

---------End Copy Before This Line------------------------



             reply	other threads:[~2002-06-15 23:20 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-06-15 23:20 Hard__warE [this message]
2002-06-16  0:43 ` Displaying Active NAT Connections with iptables Jack Bowling
  -- strict thread matches above, loose matches on Subject: below --
2002-06-15 23:15 Hard__warE

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='000a01c214c3$2c683400$7b0010ac@dynamicaccess.lan' \
    --to=hard__ware@hotmail.com \
    --cc=netfilter@lists.samba.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.