HPE Community
Operating System - HP-UX
1753971 Members
8713 Online
108811 Solutions
New Discussion юеВ

Port statistics

 
SOLVED
Go to solution
Anoopkumar
Frequent Advisor

тАО04-18-2010 04:29 AM

тАО04-18-2010 04:29 AM

Port statistics

Hi ,

Can I check port statistics on hpux? Like rejected connection on that port and from which ip address. Is there any tool or command available for that?
For eg: I need to know port number 30000 how many connections rejected and from which IP address , is there any command to gather such details..

Thanks
Anoop
0 Kudos
3 REPLIES 3
Matti_Kurkela
Honored Contributor

тАО04-18-2010 03:17 PM

тАО04-18-2010 03:17 PM

Re: Port statistics

By "port statistics", you mean TCP/UDP ports, right?

If a process has not bound itself to a port and explicitly started to listen for incoming connections, the port will be closed. All connections to a closed port will be rejected by the HP-UX kernel. The actual rejection procedure does as little as possible and should be one of the lowest-priority tasks of the kernel's TCP/IP driver stack: this is to make the system less vulnerable to denial-of-service attacks.

When a process takes control of a port, it will also take the responsibility to do any required logging for connection attempts. The OS itself cannot do that, because it does not know the logging requirements of that particular application. So if your port 30000 is used by some application program, read the documentation of that program to see what kind of logging possibilities it has.

If you really want to log all rejected connections, you can do it if you install IPFilter. You should then create a set of IPFilter rules that will accept all the traffic you know about and judge as legitimate, then logs (and optionally blocks) everything else. Such logging can take a noticeable chunk out of your system performance: for example, a simple port scan of your system will create about 65535 log entries (minus the ports you have classified as "legitimate traffic").

If you set up such logging, I'd strongly recommend you to set up an automatic log rotation script too: if you don't, your log disk *will* eventually fill up to capacity.

If your system is connected to the Internet without a firewall, you will see a lot of people and automated malware programs scanning any publicly-accessible systems. It will be very tedious to analyze IPFilter logs from such systems manually: you'll need a tool like "wflogs" or "fwlogwatch" to summarize them.

http://wallfire.sourceforge.net/wflogs/
http://fwlogwatch.inside-security.de/

MK
MK
0 Kudos
B. Hulst
Trusted Contributor

тАО04-24-2010 11:39 AM

тАО04-24-2010 11:39 AM

Solution

Re: Port statistics

If you have a service behind port 30000 you could place inetd in debug or logging mode for a while and see what is going on.

Or run tcpdump to capture incoming data on port 30000 on a particular lan interface.

Or check firewall logs inside or outside of the server...
0 Kudos
Anoopkumar
Frequent Advisor

тАО06-29-2010 10:32 PM

тАО06-29-2010 10:32 PM

Re: Port statistics

Thanks for the help
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.