diff --git a/Network/Investigation/README.md b/Network/Investigation/README.md new file mode 100644 index 0000000..ef2690e --- /dev/null +++ b/Network/Investigation/README.md @@ -0,0 +1,77 @@ + +# TCP investigation script + +**A bash script to get information about active TCP connections.** + +Some relevant key features: + +* The script lists the **TCP connections established** at the time it runs. +* For each connection, it shows some statistics about the process involved, for example the **bytes read and written** by the process. +* Regarding the process involved, it lists the **files and folders opened** by the process itself. +* The information obtained is then processed into an **HTML report**, which is sent via **email**. +* The script is **portable** and can run on any **GNU/Linux** system running [curl](https://curl.se/). + +## Screenshots + +![Example of report displayed in Claws Mail](claws.png) + +Example of report displayed in Claws Mail. + +## Install + +### Requirements + +* **net-tools**: NET-3 networking toolkit +* **lsof**: Utility to list open files +* **sysstat**: system performance tools for Linux +* **dos2unix**: convert text file line endings between CRLF and LF +* **curl**: command line tool for transferring data with URL syntax + +### Get the code + +You can use **git**. + + git clone https://git.lattuga.net/netico/code-library.git + +And then look for the script **tcp-investigation.sh**. + +### Post installation + +Fill in these **configuration variables**, which you can find in the very first part of the script: + + # Sender + SENDER="someone@domain.tld" + # Recipient + RECIPIENT="someone.else@domain.tld" + # Mail relay URL + RELAY="smtp://powerful.mail.server:587" + +If the mail server you have chosen to use requires **SMTP authentication**, you must enter the credentials in **/root/.netrc**. Read [this page](https://everything.curl.dev/usingcurl/netrc) carefully to learn how to do this. + +## Usage + +The script requires **root privileges**. Run + + sudo ./tcp-investigation.sh + +...and wait for the email report. + +## Hacking + +### Sending e-mail messages + +Sending e-mail in a shell environment is not as easy as it sounds. It is even more complicated to send HTML instead of plain text. **mutt** and some versions of **mailx** support sending HTML, but require a working mail server. + +To work around these problems, the script attempts to build a standards-compliant message so that it can be passed to a **Sendmail** wrapper (there are wrappers for **Exim**, **Postfix**, **qmail**) or [sent by **curl](https://everything.curl.dev/usingcurl/smtp) (also read [Using curl to send email](https://stackoverflow.com/questions/14722556/using-curl-to-send-email)). + +Some recommended reading on email message format: [RFC822](https://datatracker.ietf.org/doc/html/rfc822), [RFC2822](https://www.rfc-editor.org/rfc/rfc2822). + +If you want to use the local email system, find the line that invokes **curl** + + curl -s -n --ssl-reqd ... + +comment it out, and add something similar + + cat $MSG | /usr/lib/sendmail -t + +Otherwise, use **curl**, which however must be configured (as explained) and requires a valid email account and an external mail server (the same one you would use in **Thunderbird** or other MUAs). diff --git a/Network/Investigation/claws.png b/Network/Investigation/claws.png new file mode 100644 index 0000000..7e50756 Binary files /dev/null and b/Network/Investigation/claws.png differ diff --git a/Network/README.md b/Network/README.md new file mode 100644 index 0000000..818d064 --- /dev/null +++ b/Network/README.md @@ -0,0 +1,7 @@ +# Network + +**Things related to the Internet and networks in general.** + +## [TCP investigation](https://git.lattuga.net/netico/code-library/src/master/Network/Investigation) + +In the [Investigation](https://git.lattuga.net/netico/code-library/src/master/Network/Investigation) folder you can find a **bash** script to analyze **active TCP connections** on a **GNU/Linux** system. diff --git a/README.md b/README.md index 25047a2..40da419 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,12 @@ ## netico's Code Library -This is a collection of code snippets, documentation, scattered notes, how-to's, proofs of concept and experiments, designed to be a learning tool for you who want to learn the art of programming. +This is a collection of code snippets, documentation, scattered notes, how-to's, proofs of concept, and experiments, designed to be a useful tool for entering the world of computer programming. ### [OSM](https://git.lattuga.net/netico/code-library/src/master/OSM) Crazy fun with **OpenStreetMaps**. + +### [Network](https://git.lattuga.net/netico/code-library/src/master/Network) + +Things related to the Internet and **networks** in general.