Operating System - HP-UX
1827800 Members
2382 Online
109969 Solutions
New Discussion

Traceroute script to filter behind firewall servers

 
SOLVED
Go to solution
RamkumarA
Respected Contributor

Traceroute script to filter behind firewall servers

Hi Experts,

I have a list of servers in a file and i need to run traceroute command against each node and if the output for any node comes like * * * (pasted below), then that node should be emailed as behind firewall server. The traceroute output for ordinary servers will not return * * * in the output and just want to filter out only the behind firewall servers using the * * * pattern.

(example)

Traceroute output for behind firewall server:-

shcscp18:/clocal $ traceroute cli002pait01.cldc.chrysler.com
traceroute: Warning: Multiple interfaces found; using 10.128.243.234 @ ce0:1
traceroute to cli002pait01.cldc.chrysler.com (53.229.96.121), 30 hops max, 40 byte packets
1 passdca1.v2818.tcom.chrysler.com (10.128.243.2) 1.071 ms 0.717 ms 0.720 ms
2 passdcc1.v2801.tcom.chrysler.com (10.128.254.129) 2.625 ms 0.551 ms 0.529 ms
3 pascldc1.v1124.tcom.chrysler.com (10.133.254.26) 0.945 ms 0.962 ms 0.811 ms
4 crscldlab-sdcu1.vl103.tcom.chrysler.com (53.231.214.22) 0.691 ms 0.679 ms 0.744 ms
5 crscldlab-oddu1.vl104.tcom.chrysler.com (53.231.212.65) 0.758 ms 0.727 ms 0.653 ms
6 fwclbgv1.is.chrysler.com (53.229.103.196) 1.130 ms 1.065 ms 1.050 ms
7 crscldlab-oddz1-vl476.tcom.chrysler.com (53.229.103.178) 1.527 ms 1.488 ms 1.628 ms
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 cli002pait01.cldc.chrysler.com (53.229.96.121) 1.795 ms * *

Please advise.


Currently i am using the below script which is extracting the traceroute output for all nodes and sending that file.

for node in `cat /tmp/test1.txt`
do
echo "Traceroute output for $node" >> /tmp/result1.txt
echo "***************************************************" >> /tmp/result1.txt
traceroute $node >> /tmp/result1.txt
done
mailx -s "Trace route results" myemailid < /tmp/result1.txt

Thanks,
Ramkumar A.
3 REPLIES 3
James R. Ferguson
Acclaimed Contributor
Solution

Re: Traceroute script to filter behind firewall servers

Hi:

Consider this:

# cat ./mytrace
#!/usr/bin/sh
while read HOST
do
traceroute ${HOST} 2>/dev/null |awk '/\* \* \*/ {exit 1}'
[ $? -eq 1 ] && echo "${HOST} is firewalled" || echo "${HOST}_OK"
done < file

...

The input "file" contains the hosts to examine --- one per line. You can easily change the 'echo' to a 'mailx' like:

...
[ $? -eq 1 ] && mailx -s "${HOST} is firewalled" myemailid

Regards!

...JRF...
Steven E. Protter
Exalted Contributor

Re: Traceroute script to filter behind firewall servers

Shalom,

There is no real reliable way to be certain a system is firewalled.

The *** is possible from a temporary network outage.

Anyway.


while read -r node
do
traceroute $node >> /tmp/result1.txt
fw=$(grep "* * *" /tmp/result1.txt| wc -l)
if [ $fw -ge 1 ]
then
echo "Firewalled"
else
echo "Not firewalled"
fi


done < list_of_hosts



My example is not intended to be complete but to be a template.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
RamkumarA
Respected Contributor

Re: Traceroute script to filter behind firewall servers

Hi Guys,

Thanks for your advise.

I tried the script given by James and it works perfectly..

Thanks,
Ramkumar A.