Traceroute script to filter behind firewall servers

RamkumarA · ‎03-04-2010

Hi Experts,

I have a list of servers in a file and i need to run traceroute command against each node and if the output for any node comes like * * * (pasted below), then that node should be emailed as behind firewall server. The traceroute output for ordinary servers will not return * * * in the output and just want to filter out only the behind firewall servers using the * * * pattern.

(example)

Traceroute output for behind firewall server:-

shcscp18:/clocal $ traceroute cli002pait01.cldc.chrysler.com
traceroute: Warning: Multiple interfaces found; using 10.128.243.234 @ ce0:1
traceroute to cli002pait01.cldc.chrysler.com (53.229.96.121), 30 hops max, 40 byte packets
1 passdca1.v2818.tcom.chrysler.com (10.128.243.2) 1.071 ms 0.717 ms 0.720 ms
2 passdcc1.v2801.tcom.chrysler.com (10.128.254.129) 2.625 ms 0.551 ms 0.529 ms
3 pascldc1.v1124.tcom.chrysler.com (10.133.254.26) 0.945 ms 0.962 ms 0.811 ms
4 crscldlab-sdcu1.vl103.tcom.chrysler.com (53.231.214.22) 0.691 ms 0.679 ms 0.744 ms
5 crscldlab-oddu1.vl104.tcom.chrysler.com (53.231.212.65) 0.758 ms 0.727 ms 0.653 ms
6 fwclbgv1.is.chrysler.com (53.229.103.196) 1.130 ms 1.065 ms 1.050 ms
7 crscldlab-oddz1-vl476.tcom.chrysler.com (53.229.103.178) 1.527 ms 1.488 ms 1.628 ms
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 cli002pait01.cldc.chrysler.com (53.229.96.121) 1.795 ms * *

Please advise.

Currently i am using the below script which is extracting the traceroute output for all nodes and sending that file.

for node in `cat /tmp/test1.txt`
do
echo "Traceroute output for $node" >> /tmp/result1.txt
echo "***************************************************" >> /tmp/result1.txt
traceroute $node >> /tmp/result1.txt
done
mailx -s "Trace route results" myemailid < /tmp/result1.txt

Thanks,
Ramkumar A.

James R. Ferguson · ‎03-04-2010

Hi:

Consider this:

# cat ./mytrace
#!/usr/bin/sh
while read HOST
do
traceroute ${HOST} 2>/dev/null |awk '/\* \* \*/ {exit 1}'
[ $? -eq 1 ] && echo "${HOST} is firewalled" || echo "${HOST}_OK"
done < file

...

The input "file" contains the hosts to examine --- one per line. You can easily change the 'echo' to a 'mailx' like:

...
[ $? -eq 1 ] && mailx -s "${HOST} is firewalled" myemailid

Regards!

...JRF...

Steven E. Protter · ‎03-04-2010

Shalom,

There is no real reliable way to be certain a system is firewalled.

The *** is possible from a temporary network outage.

Anyway.

while read -r node
do
traceroute $node >> /tmp/result1.txt
fw=$(grep "* * *" /tmp/result1.txt| wc -l)
if [ $fw -ge 1 ]
then
echo "Firewalled"
else
echo "Not firewalled"
fi

done < list_of_hosts

My example is not intended to be complete but to be a template.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

RamkumarA · ‎03-04-2010

Hi Guys,

Thanks for your advise.

I tried the script given by James and it works perfectly..

Thanks,
Ramkumar A.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Traceroute script to filter behind firewall servers

Traceroute script to filter behind firewall servers

Re: Traceroute script to filter behind firewall servers

Re: Traceroute script to filter behind firewall servers

Re: Traceroute script to filter behind firewall servers