- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Port statistics
Operating System - HP-UX
1753971
Members
8713
Online
108811
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-18-2010 04:29 AM
тАО04-18-2010 04:29 AM
Hi ,
Can I check port statistics on hpux? Like rejected connection on that port and from which ip address. Is there any tool or command available for that?
For eg: I need to know port number 30000 how many connections rejected and from which IP address , is there any command to gather such details..
Thanks
Anoop
Can I check port statistics on hpux? Like rejected connection on that port and from which ip address. Is there any tool or command available for that?
For eg: I need to know port number 30000 how many connections rejected and from which IP address , is there any command to gather such details..
Thanks
Anoop
Solved! Go to Solution.
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-18-2010 03:17 PM
тАО04-18-2010 03:17 PM
Re: Port statistics
By "port statistics", you mean TCP/UDP ports, right?
If a process has not bound itself to a port and explicitly started to listen for incoming connections, the port will be closed. All connections to a closed port will be rejected by the HP-UX kernel. The actual rejection procedure does as little as possible and should be one of the lowest-priority tasks of the kernel's TCP/IP driver stack: this is to make the system less vulnerable to denial-of-service attacks.
When a process takes control of a port, it will also take the responsibility to do any required logging for connection attempts. The OS itself cannot do that, because it does not know the logging requirements of that particular application. So if your port 30000 is used by some application program, read the documentation of that program to see what kind of logging possibilities it has.
If you really want to log all rejected connections, you can do it if you install IPFilter. You should then create a set of IPFilter rules that will accept all the traffic you know about and judge as legitimate, then logs (and optionally blocks) everything else. Such logging can take a noticeable chunk out of your system performance: for example, a simple port scan of your system will create about 65535 log entries (minus the ports you have classified as "legitimate traffic").
If you set up such logging, I'd strongly recommend you to set up an automatic log rotation script too: if you don't, your log disk *will* eventually fill up to capacity.
If your system is connected to the Internet without a firewall, you will see a lot of people and automated malware programs scanning any publicly-accessible systems. It will be very tedious to analyze IPFilter logs from such systems manually: you'll need a tool like "wflogs" or "fwlogwatch" to summarize them.
http://wallfire.sourceforge.net/wflogs/
http://fwlogwatch.inside-security.de/
MK
If a process has not bound itself to a port and explicitly started to listen for incoming connections, the port will be closed. All connections to a closed port will be rejected by the HP-UX kernel. The actual rejection procedure does as little as possible and should be one of the lowest-priority tasks of the kernel's TCP/IP driver stack: this is to make the system less vulnerable to denial-of-service attacks.
When a process takes control of a port, it will also take the responsibility to do any required logging for connection attempts. The OS itself cannot do that, because it does not know the logging requirements of that particular application. So if your port 30000 is used by some application program, read the documentation of that program to see what kind of logging possibilities it has.
If you really want to log all rejected connections, you can do it if you install IPFilter. You should then create a set of IPFilter rules that will accept all the traffic you know about and judge as legitimate, then logs (and optionally blocks) everything else. Such logging can take a noticeable chunk out of your system performance: for example, a simple port scan of your system will create about 65535 log entries (minus the ports you have classified as "legitimate traffic").
If you set up such logging, I'd strongly recommend you to set up an automatic log rotation script too: if you don't, your log disk *will* eventually fill up to capacity.
If your system is connected to the Internet without a firewall, you will see a lot of people and automated malware programs scanning any publicly-accessible systems. It will be very tedious to analyze IPFilter logs from such systems manually: you'll need a tool like "wflogs" or "fwlogwatch" to summarize them.
http://wallfire.sourceforge.net/wflogs/
http://fwlogwatch.inside-security.de/
MK
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-24-2010 11:39 AM
тАО04-24-2010 11:39 AM
Solution
If you have a service behind port 30000 you could place inetd in debug or logging mode for a while and see what is going on.
Or run tcpdump to capture incoming data on port 30000 on a particular lan interface.
Or check firewall logs inside or outside of the server...
Or run tcpdump to capture incoming data on port 30000 on a particular lan interface.
Or check firewall logs inside or outside of the server...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-29-2010 10:32 PM
тАО06-29-2010 10:32 PM
Re: Port statistics
Thanks for the help
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP