I'm searching for a way to listen to a specific port on a specific ip and just dump all incoming data.
It has to work on linux, perferrably something that comes as debian package but if i have to compile it thats fine to.
Would be nice if the data gets stored in a mysql database, but just a file would be ok to.
Thanks!
use command
nc -l hostname 10000 > op.txt
netcat, often packaged as nc, is a great tool for such tasks.
You can always use Nmap (more advanced).
It is an utility for network exploration or security auditing...
Link: http://nmap.org/
Another tool you can use is ngrep / very similar to tcpdump but you can tell it to only listen for packets containing a certain string.
You can specify a port and source and destination IP as well
Yet another tool is tcpdump and its descendants:
sudo tshark -w /tmp/out.pcap -s 2000 -i eth0 ip host 198.51.100.99 and tcp port 80
Thanks for all your suggestions but i had to go another way...
There is a Debian Package called 'ucspi-tcp' which contains 'tcpserver'
tcpserver just listens on a port and pipes everything into a process you specify.
In my case i wrote a little script that stores the data in a mysql Database.
Related
I have a closed application running on a different, but network accessible, Linux OS that is using SerialIO to open /dev/ttyS0.
How can I write to ttyS0 from a different device so that the existing application will see what I'm writing as actual serial data?
Ive tried quite a few different socat commands and havent had luck.
socat -d -d /dev/ttyS0,raw,echo=0,b9600 tcp-l:6174,reuseaddr
socat -d -d pty,link=/dev/ttyS0,raw,echo=0 tcp-l:6174,reuseaddr
Any ideas on what is the best way to do this so that the existing (untouchable) application will think nothing has happened?
Take a look at the ser2net daemon. It is able to act as a TCP serial server for either raw or RFC2217 connections.
Specifically RHEL 6.5
It's a Dev box and we have certain port ranges we are permitted for development use.
...unfortunately, getting a tech's attention to find out what ports are available is like pulling teeth. Would prefer a script or alias that does this so that we don't have to ask all the time. Clues? Is this an iptables command or is it a netstat command or some weird combo? nmap is not available on this machine.
Please don't say this is a Server Fault question. They say it's a programming question. :-|
Definitely a SF question but here we go. From the dev box itself (command line) you should be able to see what ports are in use with the netstat tool.
To see the list of listening ports both UDP and TCP, complete with the program names:
# preferably as root
netstat --listening --program --numeric-ports --protocol=ip -6 -4
From another machine, you can use nmap or a similar tool to see what ports are open/listening by scanning the IP address assigned to the dev box. Before trying this, maybe you should ask for permission. Also, you should consider that the box in question might have firewall rules in place that can thwart your scanning attempts.
To see what firewall rules are in place in the dev box try:
# as root
iptables -nvxL -t filter
# maybe there are NAT rules, redirects to other addresses, etc.
iptables -nvxL -t nat
To see what these iptables options do, try man iptables.
As an example, assuming 172.16.0.1 is the IP address assigned to the dev box, to run nmap in the simplest way possible:
# preferably as root
nmap -v 172.16.0.1
In a few minutes you should see a list of ports/services listening in that relevant box.
Try man nmap and read the documentation for more details.
If you really think this is a programming issue, you can use the netcat tool and program a simple script to do something roughly equivalent to what nmap does.
#!/bin/bash
#
# DISCLAIMER: NOT TESTED -- just an example
# NOTE: This will take many DAYS to complete
HOST=172.16.0.1
for port in `seq 1 65535`
do
echo "Trying ${port}..."
netcat -vvv ${HOST} $port -w 1 -z
done
For every open TCP port you should see a line similar to this:
Connection to 172.16.0.1 23 port [tcp/telnet] succeeded!
How can you find out which process is listening upon which port on Windows and Linux?
Are there some Applications explicitly monitoring?
Some great tools for this are made by Sysinternals, now owned by Microsoft.
The one you want is Tcpview and it will show you the ports and which application has them opened, as well as the PID and other nice things. Tcpview is windows based but they have a command line version as well. All these tools are free.
This is the link Microsoft's sysinternals downloads
Both Windows and Linux has the netstat-command built-in, although they are used differently.
On Windows: netstat -a -b (lists both listening and connected ports)
On Linux: netstat -l -p (lists only listening ports)
On windows 7, you can use
netstat -b -a
netstat /?
-b Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient
permissions.
-o Displays the owning process ID associated with each connection.
On Linux use, -p needs root privileges.
#netstat -p
#netstat -h
-p, --programs display PID/Program name for sockets
Not sure that stackoverflow is the right place for this question, maybe http://www.superuser.com would be a better choice.
Although from the top of my head:
Linux has lsof and netstat commands that will provide this information.
Windows has ProcessExplorer that should give this information.
In Linux you can use the ss command to dump the socket information. It gives information about active port numbers in the client side also. More details can be found here
http://linux.die.net/man/8/ss
:)
I'm wanting to be able to run a system command when an IPTable rule is hit, passing the IP address of the remote device to it.
I've had a look around but found nothing. I thought of grepping logs, but I'm expecting a lot of traffic..
Any help would be fantastic!
Thanks
(If it helps, Ubuntu Linux is my platform of choice)
Here is how you do it:
iptables -I FORWARD -p tcp --dport 80 -d a.b.c.d -j LOG --log-prefix="TRIGGER ME NOW !!!"
tail -f some-logfile | awk '/some-pattern/ {system("run-some-command")}'
Should be straight forward enough and should be able to deal with lots of traffic, the tail command should be quick enough... Just make sure the file doesn't grow too much.
Do it with knockd instead. You configure a port knocking sequence of just one port, then tell knockd the command you want to run. Normally it's used to add/remove iptables rules -- to open a service (e.g. ssh access) after a certain knock sequence, but I don't see why you couldn't just use it to run a command after a very simple, one packet on one expected port rule.
'apt-get install knockd' on your Ubuntu system and the man page has examples you can easily adapt to this.
it is actually easy.
we have 2 way to do this. If you use tail log then iptables will not depend on log result.
you can use NFQUEUE. Please read my article if you have time.
https://medium.com/#farizmuradov/useful-notes-about-nfqueue-80a2c271db1a
Same article I have added my linkedin page.
you can write simple router in application level and send data from iptables to listen port. In programming level you can execute scripts and send data again some port. Then you can continue by iptables.
I am running CentOS 5 with csf firewall. I'm running a program that can't connect to another server (using some port that is blocked by csf I presume). Where is the log file for 'ports'?
Netstat is the command to use to get ports and network activity. To diagonise server processes I usually use:
netstat -tln
This yields port numbers in tcp mode listening. To identify associated processes you can also use -p to grab the pid. Here is the IANA ports list.
I found my answer right after searching a few more threads.
# tail -f /var/log/messages
Shows the UDP message but not the port.... Hmm....