Can Nagios detect the activity on a port # ?

[James Turnbull]

Michael Schwartzkopff wrote:

>Hi,
>
>what about good old SNMP? Even Microsoft implemented the tcpConnState Table of 
>the MIBII. There you can see which connections are esablished to your server 
>at the moment. Just try ist:
>
>snmpwalk -v1 -cpublic <host> .tcpConnState
>
>It should not be too difficult to feed the output into a script and find any 
>special connection. By the way: This should work with EVERY OS!
>
>Regards,
>  
>
Yes excellent point.  No need for a script even if you're prepared to 
very roughly use grep:

snmpwalk -v1 -cpublic <host> .tcpConnState | (grep 'established' | grep 
'3389')

Or thinking about it if you didn't want to pipe two greps together you 
could use sed:

snmpwalk -v1 -cpublic <host> .tcpConnState | sed -e '/established/!d' -e 
'/3389/!d'

Either of these would spit out all established connections on port 3389.

Regards

James Turnbull

-- 
James Turnbull <james at lovedthanlost.net>
---
Author of Hardening Linux from Apress
(http://www.amazon.com/exec/obidos/tg/detail/-/1590594444/)
---
PGP Key (http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0C42DF40)



-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null