Join Log in
Score:2
Numid avatar Server

Lists active network ports and protocols over time

nu flag
Numid

Is there a linux server utility that can list the network ports and protocols that have been active over a given period of time?

For example, I'd like to know which ports and protocols were active at least once last week. The answer would be something like: TCP/80, TCP/443, UDP/5678...

61
1 + 2
jcaron avatar
co flag
jcaron
What do you mean by "active"? A process was listening on one of those ports? There was an incoming connection on one of those ports? A process connected to that port on a remote server? Something else?
0
Reply
Numid avatar
nu flag
Numid
I mean that incoming connections have occurred.
0
Reply
Score:3
Romeo Ninov avatar Server
in flag
Romeo Ninov

You can install and activate auditd. Add there rules in audit config:

-a always,exit -F arch=b64 -S connect -F key=CONNECT
-a always,exit -F arch=b64 -S bind -F key=BIND
-a always,exit -F arch=b64 -S socket -F key=SOCKET
-a always,exit -F arch=b64 -S listen -F key=LISTEN
-a always,exit -F arch=b64 -S shutdown -F key=SHUTDOWN
-a always,exit -F arch=b64 -S close -F key=CLOSE

and you will have in audit logs you can monitor socket related system calls.

If you want to find now old information (and do not have audit) I do not think you will find relevant information in linux.

+ 2
Numid avatar
nu flag
Numid
Thank you. That utility seems to be a good fit for monitoring the socket activity of the server. However, the log it produces is dense. How can I extract the desired information? Digging a little bit deeper, I have found https://www.linkedin.com/pulse/using-auditd-monitor-network-connections-alex-maestretti/ along with https://twiki.cern.ch/twiki/bin/view/LinuxSupport/IDSNetConnectionLogger. Still, I can't make my way out of it.
0
Reply
Romeo Ninov avatar
in flag
Romeo Ninov
@Numid, you can filter by using `key` value directly from `audit`. And then filter by port, IP, etc
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.