netico
519e2dfa7f
tcp-investigation.sh doc
|
2 years ago | |
|---|---|---|
| .. | ||
| README.md | 2 years ago | |
| claws.png | 2 years ago | |
| tcp-investigation.sh | 2 years ago | |
README.md
TCP investigation script
A bash script to get information about active TCP connections.
Some relevant key features:
- The script lists the TCP connections established at the time it runs.
- For each connection, it shows some statistics about the process involved, for example the bytes read and written by the process.
- Regarding the process involved, it lists the files and folders opened by the process itself.
- The information obtained is then processed into an HTML report, which is sent via email.
- The script is portable and can run on any GNU/Linux system running curl.
Screenshots
Example of report displayed in Claws Mail.
Install
Requirements
- net-tools: NET-3 networking toolkit
- lsof: Utility to list open files
- sysstat: system performance tools for Linux
- dos2unix: convert text file line endings between CRLF and LF
- curl: command line tool for transferring data with URL syntax
Get the code
You can use git.
git clone https://git.lattuga.net/netico/code-library.git
and then look for the script tcp-investigation.sh.
Post installation
Fill in these configuration variables, which you can find in the very first part of the script:
# Sender
SENDER="someone@domain.tld"
# Recipient
RECIPIENT="someone.else@domain.tld"
# Mail relay URL
RELAY="smtp://powerful.mail.server:587"
If the mail server you have chosen to use requires SMTP authentication, you must enter the credentials in /root/.netrc. Read this page carefully to learn how to do this.
Usage
The script requires root privileges. Run
sudo ./tcp-investigation.sh
...and wait for the email report.
Hacking
Sending e-mail messages
Sending e-mail in a shell environment is not as easy as it sounds. It is even more complicated to send HTML instead of plain text. mutt and some versions of mailx support sending HTML, but require a working mail server.
To work around these problems, the script attempts to build a standards-compliant message so that it can be passed to a Sendmail wrapper (there are wrappers for Exim, Postfix, qmail) or sent by curl (also read Using curl to send email).
Some recommended reading on email message format: RFC822, RFC2822.
If you want to use the local email system, find the line that invokes curl
curl -s -n --ssl-reqd ...
comment it out, and add something similar
cat $MSG | /usr/lib/sendmail -t
Otherwise, use curl, which however must be configured (as explained) and requires a valid email account and an external mail server (the same one you would use in Thunderbird or other MUAs).