HPE Community
Operating System - HP-UX
1829182 Members
2242 Online
109986 Solutions
New Discussion

Re: Traceroute script to filter behind firewall servers

 
SOLVED
Go to solution
RamkumarA
Respected Contributor

‎03-04-2010 12:24 PM

‎03-04-2010 12:24 PM

Traceroute script to filter behind firewall servers

Hi Experts,

I have a list of servers in a file and i need to run traceroute command against each node and if the output for any node comes like * * * (pasted below), then that node should be emailed as behind firewall server. The traceroute output for ordinary servers will not return * * * in the output and just want to filter out only the behind firewall servers using the * * * pattern.

(example)

Traceroute output for behind firewall server:-

shcscp18:/clocal $ traceroute cli002pait01.cldc.chrysler.com
traceroute: Warning: Multiple interfaces found; using 10.128.243.234 @ ce0:1
traceroute to cli002pait01.cldc.chrysler.com (53.229.96.121), 30 hops max, 40 byte packets
1 passdca1.v2818.tcom.chrysler.com (10.128.243.2) 1.071 ms 0.717 ms 0.720 ms
2 passdcc1.v2801.tcom.chrysler.com (10.128.254.129) 2.625 ms 0.551 ms 0.529 ms
3 pascldc1.v1124.tcom.chrysler.com (10.133.254.26) 0.945 ms 0.962 ms 0.811 ms
4 crscldlab-sdcu1.vl103.tcom.chrysler.com (53.231.214.22) 0.691 ms 0.679 ms 0.744 ms
5 crscldlab-oddu1.vl104.tcom.chrysler.com (53.231.212.65) 0.758 ms 0.727 ms 0.653 ms
6 fwclbgv1.is.chrysler.com (53.229.103.196) 1.130 ms 1.065 ms 1.050 ms
7 crscldlab-oddz1-vl476.tcom.chrysler.com (53.229.103.178) 1.527 ms 1.488 ms 1.628 ms
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 cli002pait01.cldc.chrysler.com (53.229.96.121) 1.795 ms * *

Please advise.


Currently i am using the below script which is extracting the traceroute output for all nodes and sending that file.

for node in `cat /tmp/test1.txt`
do
echo "Traceroute output for $node" >> /tmp/result1.txt
echo "***************************************************" >> /tmp/result1.txt
traceroute $node >> /tmp/result1.txt
done
mailx -s "Trace route results" myemailid < /tmp/result1.txt

Thanks,
Ramkumar A.
0 Kudos
Reply
3 REPLIES 3
James R. Ferguson
Acclaimed Contributor

‎03-04-2010 12:59 PM

‎03-04-2010 12:59 PM

Solution

Re: Traceroute script to filter behind firewall servers

Hi:

Consider this:

# cat ./mytrace
#!/usr/bin/sh
while read HOST
do
traceroute ${HOST} 2>/dev/null |awk '/\* \* \*/ {exit 1}'
[ $? -eq 1 ] && echo "${HOST} is firewalled" || echo "${HOST}_OK"
done < file

...

The input "file" contains the hosts to examine --- one per line. You can easily change the 'echo' to a 'mailx' like:

...
[ $? -eq 1 ] && mailx -s "${HOST} is firewalled" myemailid

Regards!

...JRF...
Reply
Steven E. Protter
Exalted Contributor

‎03-04-2010 02:17 PM

‎03-04-2010 02:17 PM

Re: Traceroute script to filter behind firewall servers

Shalom,

There is no real reliable way to be certain a system is firewalled.

The *** is possible from a temporary network outage.

Anyway.


while read -r node
do
traceroute $node >> /tmp/result1.txt
fw=$(grep "* * *" /tmp/result1.txt| wc -l)
if [ $fw -ge 1 ]
then
echo "Firewalled"
else
echo "Not firewalled"
fi


done < list_of_hosts



My example is not intended to be complete but to be a template.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
RamkumarA
Respected Contributor

‎03-04-2010 03:33 PM

‎03-04-2010 03:33 PM

Re: Traceroute script to filter behind firewall servers

Hi Guys,

Thanks for your advise.

I tried the script given by James and it works perfectly..

Thanks,
Ramkumar A.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.