Mangiare Senza Glutine disponibile su App Store

Per altre informazioni scrivi a fabriziocaldarelli@negusweb.it

Monitor server network output traffic with linux

Da Programmazione Software.

To monitor network output traffic with linux (in particular ports < 1024 and not 53 and not 25), i use tcpdump and a file where redirect his log.

So the steps are:
1) launch tcpdump and write to a file (in this example /root/controllo_traffico/capture.dat);
2) calculate md5 of this file to verify where there are changes;
3) if there are changes, i write a mail to admin address;

#!/bin/bash
 
ipServer="1.2.3.4"
emailAddress="admin@example.com"
 
tcpdump -nn -i eth0 src $ipServer and dst portrange 1-1024 and not dst port 53 and not dst port 25 > /root/controllo_traffico/capture.dat &
 
precMd5=""
while :
do
	md5Capture=`md5sum /root/controllo_traffico/capture.dat`
 
	if [ "$md5Capture" != "$precMd5" ];
	then
		precMd5=$md5Capture
 
		echo "`netstat -ntp`" | cat - /root/controllo_traffico/capture.dat | mail -s "server network traffic control" $emailAddress
	fi
sleep 1
done