TCP investigations
This commit is contained in:
netico
parent
581364a2e9
commit
a973eb831d
4 changed files with 89 additions and 1 deletions
77
Network/Investigation/README.md
Normal file
77
Network/Investigation/README.md
Normal file
|
|
@ -0,0 +1,77 @@
|
|||
|
||||
# TCP investigation script
|
||||
|
||||
**A bash script to get information about active TCP connections.**
|
||||
|
||||
Some relevant key features:
|
||||
|
||||
* The script lists the **TCP connections established** at the time it runs.
|
||||
* For each connection, it shows some statistics about the process involved, for example the **bytes read and written** by the process.
|
||||
* Regarding the process involved, it lists the **files and folders opened** by the process itself.
|
||||
* The information obtained is then processed into an **HTML report**, which is sent via **email**.
|
||||
* The script is **portable** and can run on any **GNU/Linux** system running [curl](https://curl.se/).
|
||||
|
||||
## Screenshots
|
||||
|
||||
|
||||
|
||||
Example of report displayed in Claws Mail.
|
||||
|
||||
## Install
|
||||
|
||||
### Requirements
|
||||
|
||||
* **net-tools**: NET-3 networking toolkit
|
||||
* **lsof**: Utility to list open files
|
||||
* **sysstat**: system performance tools for Linux
|
||||
* **dos2unix**: convert text file line endings between CRLF and LF
|
||||
* **curl**: command line tool for transferring data with URL syntax
|
||||
|
||||
### Get the code
|
||||
|
||||
You can use **git**.
|
||||
|
||||
git clone https://git.lattuga.net/netico/code-library.git
|
||||
|
||||
And then look for the script **tcp-investigation.sh**.
|
||||
|
||||
### Post installation
|
||||
|
||||
Fill in these **configuration variables**, which you can find in the very first part of the script:
|
||||
|
||||
# Sender
|
||||
SENDER="someone@domain.tld"
|
||||
# Recipient
|
||||
RECIPIENT="someone.else@domain.tld"
|
||||
# Mail relay URL
|
||||
RELAY="smtp://powerful.mail.server:587"
|
||||
|
||||
If the mail server you have chosen to use requires **SMTP authentication**, you must enter the credentials in **/root/.netrc**. Read [this page](https://everything.curl.dev/usingcurl/netrc) carefully to learn how to do this.
|
||||
|
||||
## Usage
|
||||
|
||||
The script requires **root privileges**. Run
|
||||
|
||||
sudo ./tcp-investigation.sh
|
||||
|
||||
...and wait for the email report.
|
||||
|
||||
## Hacking
|
||||
|
||||
### Sending e-mail messages
|
||||
|
||||
Sending e-mail in a shell environment is not as easy as it sounds. It is even more complicated to send HTML instead of plain text. **mutt** and some versions of **mailx** support sending HTML, but require a working mail server.
|
||||
|
||||
To work around these problems, the script attempts to build a standards-compliant message so that it can be passed to a **Sendmail** wrapper (there are wrappers for **Exim**, **Postfix**, **qmail**) or [sent by **curl](https://everything.curl.dev/usingcurl/smtp) (also read [Using curl to send email](https://stackoverflow.com/questions/14722556/using-curl-to-send-email)).
|
||||
|
||||
Some recommended reading on email message format: [RFC822](https://datatracker.ietf.org/doc/html/rfc822), [RFC2822](https://www.rfc-editor.org/rfc/rfc2822).
|
||||
|
||||
If you want to use the local email system, find the line that invokes **curl**
|
||||
|
||||
curl -s -n --ssl-reqd ...
|
||||
|
||||
comment it out, and add something similar
|
||||
|
||||
cat $MSG | /usr/lib/sendmail -t
|
||||
|
||||
Otherwise, use **curl**, which however must be configured (as explained) and requires a valid email account and an external mail server (the same one you would use in **Thunderbird** or other MUAs).
|
||||
BIN
Network/Investigation/claws.png
Normal file
BIN
Network/Investigation/claws.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 3.2 MiB |
7
Network/README.md
Normal file
7
Network/README.md
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
# Network
|
||||
|
||||
**Things related to the Internet and networks in general.**
|
||||
|
||||
## [TCP investigation](https://git.lattuga.net/netico/code-library/src/master/Network/Investigation)
|
||||
|
||||
In the [Investigation](https://git.lattuga.net/netico/code-library/src/master/Network/Investigation) folder you can find a **bash** script to analyze **active TCP connections** on a **GNU/Linux** system.
|
||||
|
|
@ -2,8 +2,12 @@
|
|||
|
||||
## netico's Code Library
|
||||
|
||||
This is a collection of code snippets, documentation, scattered notes, how-to's, proofs of concept and experiments, designed to be a learning tool for you who want to learn the art of programming.
|
||||
This is a collection of code snippets, documentation, scattered notes, how-to's, proofs of concept, and experiments, designed to be a useful tool for entering the world of computer programming.
|
||||
|
||||
### [OSM](https://git.lattuga.net/netico/code-library/src/master/OSM)
|
||||
|
||||
Crazy fun with **OpenStreetMaps**.
|
||||
|
||||
### [Network](https://git.lattuga.net/netico/code-library/src/master/Network)
|
||||
|
||||
Things related to the Internet and **networks** in general.
|
||||
|
|
|
|||
Loading…
Reference in a new issue