Find the source IP address of a telnet connection. - HP UX
This is a discussion on Find the source IP address of a telnet connection. - HP UX ; Can anyone help with tracking the source IP address of a telnet
connection under 11.23i. We currently do this using lsof but lsof under
11.23i has a problem with identifying telnet connections.
I need to be able to track it ...
-
Find the source IP address of a telnet connection.
Can anyone help with tracking the source IP address of a telnet
connection under 11.23i. We currently do this using lsof but lsof under
11.23i has a problem with identifying telnet connections.
I need to be able to track it by using the connection's tty (e.g.
pts/1) as a starting point.
TIA
-
Re: Find the source IP address of a telnet connection.
robwlindsay@gmail.com wrote:
> Can anyone help with tracking the source IP address of a telnet
> connection under 11.23i.
11.23i? Is that perhaps mashing the kernel naming - ie 11.23 with the
Operating environment naming - ie 11iv2?
> We currently do this using lsof but lsof under 11.23i has a problem
> with identifying telnet connections.
Can you be more specific?
> I need to be able to track it by using the connection's tty (e.g.
> pts/1) as a starting point.
> TIA
--
a wide gulf separates "what if" from "if only"
these opinions are mine, all mine; HP might not want them anyway... 
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...
-
Re: Find the source IP address of a telnet connection.
robwlindsay@gmail.com wrote:
> Can anyone help with tracking the source IP address of a telnet
> connection under 11.23i. We currently do this using lsof but lsof under
> 11.23i has a problem with identifying telnet connections.
>
> I need to be able to track it by using the connection's tty (e.g.
> pts/1) as a starting point.
>
> TIA
To be more precise, the HP-UX kernel's PSTAT implementation from which
lsof
obtains open file information has a problem. That problem was once
fixed in HP-UX
11.11, but the fix was lost in HP-UX 11.23 for all architectures.
I have been told that fix will be restored by a depot available "real
soon now." I've
tested a preliminary version of it and it appears to restore the
delivery of telnet TCP/IP
connection parameters to lsof. To track or locate the depot, refer to
defect
JAGag05130.
Unfortunately the patch in the depot does not fix a similar problem
that exists for nfsd,
reported in defect JAGaf96371 in November 2005. The PSTAT kernel
implementation
does not deliver its UDP/IP parameters, either. While both are related
to the failure of
PSTAT to report stream sockets properly by following their module
chains to their
private TCP/IP and IDP/IP information structures, the nfsd UDP/IP
solution to this
defect has been declared an enhancement request by the HP NetUX
Transport Lab
and there is so far no commitment to fix it.
Vic Abell, lsof author
-
Re: Find the source IP address of a telnet connection.
Thanks for the info ...
Any suggestions on tracking the source of a telnet connection without
using lsof ... until the patch is delivered?
abe@purdue.edu wrote:
> robwlindsay@gmail.com wrote:
> > Can anyone help with tracking the source IP address of a telnet
> > connection under 11.23i. We currently do this using lsof but lsof under
> > 11.23i has a problem with identifying telnet connections.
> >
> > I need to be able to track it by using the connection's tty (e.g.
> > pts/1) as a starting point.
> >
> > TIA
>
> To be more precise, the HP-UX kernel's PSTAT implementation from which
> lsof
> obtains open file information has a problem. That problem was once
> fixed in HP-UX
> 11.11, but the fix was lost in HP-UX 11.23 for all architectures.
>
> I have been told that fix will be restored by a depot available "real
> soon now." I've
> tested a preliminary version of it and it appears to restore the
> delivery of telnet TCP/IP
> connection parameters to lsof. To track or locate the depot, refer to
> defect
> JAGag05130.
>
> Unfortunately the patch in the depot does not fix a similar problem
> that exists for nfsd,
> reported in defect JAGaf96371 in November 2005. The PSTAT kernel
> implementation
> does not deliver its UDP/IP parameters, either. While both are related
> to the failure of
> PSTAT to report stream sockets properly by following their module
> chains to their
> private TCP/IP and IDP/IP information structures, the nfsd UDP/IP
> solution to this
> defect has been declared an enhancement request by the HP NetUX
> Transport Lab
> and there is so far no commitment to fix it.
>
> Vic Abell, lsof author
-
Re: Find the source IP address of a telnet connection.
The only suggestion I can offer is to see if your HP support people can
get access
to the pre-release copy of the patch against which I have tested lsof.
Vic
robwlindsay@gmail.com wrote:
> Thanks for the info ...
>
> Any suggestions on tracking the source of a telnet connection without
> using lsof ... until the patch is delivered?
>
> abe@purdue.edu wrote:
>
> > robwlindsay@gmail.com wrote:
> > > Can anyone help with tracking the source IP address of a telnet
> > > connection under 11.23i. We currently do this using lsof but lsof under
> > > 11.23i has a problem with identifying telnet connections.
> > >
> > > I need to be able to track it by using the connection's tty (e.g.
> > > pts/1) as a starting point.
> > >
> > > TIA
> >
> > To be more precise, the HP-UX kernel's PSTAT implementation from which
> > lsof
> > obtains open file information has a problem. That problem was once
> > fixed in HP-UX
> > 11.11, but the fix was lost in HP-UX 11.23 for all architectures.
> >
> > I have been told that fix will be restored by a depot available "real
> > soon now." I've
> > tested a preliminary version of it and it appears to restore the
> > delivery of telnet TCP/IP
> > connection parameters to lsof. To track or locate the depot, refer to
> > defect
> > JAGag05130.
> >
> > Unfortunately the patch in the depot does not fix a similar problem
> > that exists for nfsd,
> > reported in defect JAGaf96371 in November 2005. The PSTAT kernel
> > implementation
> > does not deliver its UDP/IP parameters, either. While both are related
> > to the failure of
> > PSTAT to report stream sockets properly by following their module
> > chains to their
> > private TCP/IP and IDP/IP information structures, the nfsd UDP/IP
> > solution to this
> > defect has been declared an enhancement request by the HP NetUX
> > Transport Lab
> > and there is so far no commitment to fix it.
> >
> > Vic Abell, lsof author
-
Re: Find the source IP address of a telnet connection.
robwlindsay@gmail.com writes:
> Thanks for the info ...
>
> Any suggestions on tracking the source of a telnet connection without
> using lsof ... until the patch is delivered?
"who -R"?
Regards,
Ulrich
-
Re: Find the source IP address of a telnet connection.
# Status de Conecciones Telnet en HP-UX por Ricardo Pelcastre
# MexLord - mexlord@hotmail.com
#!/opt/perl/bin/perl
%dias = (Sun => "Dom",
Mon => "Lun",
Tue => "Mar",
Wed => "Mie",
Thu => "Jue",
Fri => "Vie",
Sat => "Sab"
);
%meses = (Jan => "Ene",
Feb => "Feb",
Mar => "Mar",
Apr => "Abr",
May => "May",
Jun => "Jun",
Jul => "Jul",
Aug => "Ago",
Sep => "Sep",
Oct => "Oct",
Nov => "Nov",
Dec => "Dic"
);
$ip=$ARGV[0];
$cmd="/usr/bin/grep \"$ip\" /var/adm/syslog/syslog.log\n";
@lineas=qx($cmd);
foreach (@lineas)
{
if (/telnet\/tcp: Connection from\s+(\S+)\s+\((\S+)\) at (\S+)
(\S+)\s+(\S+) (\S+) (\S+)$/)
{
$salida=sprintf("[%s %2s %s %s] - %s =>
%s\n",$dias{$3},$5,$meses{$4},$6,$1,$2);
print $salida;
}
}
