Find the source IP address of a telnet connection. - HP UX

This is a discussion on Find the source IP address of a telnet connection. - HP UX ; Can anyone help with tracking the source IP address of a telnet connection under 11.23i. We currently do this using lsof but lsof under 11.23i has a problem with identifying telnet connections. I need to be able to track it ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: Find the source IP address of a telnet connection.

  1. Find the source IP address of a telnet connection.

    Can anyone help with tracking the source IP address of a telnet
    connection under 11.23i. We currently do this using lsof but lsof under
    11.23i has a problem with identifying telnet connections.

    I need to be able to track it by using the connection's tty (e.g.
    pts/1) as a starting point.

    TIA


  2. Re: Find the source IP address of a telnet connection.

    robwlindsay@gmail.com wrote:
    > Can anyone help with tracking the source IP address of a telnet
    > connection under 11.23i.


    11.23i? Is that perhaps mashing the kernel naming - ie 11.23 with the
    Operating environment naming - ie 11iv2?

    > We currently do this using lsof but lsof under 11.23i has a problem
    > with identifying telnet connections.


    Can you be more specific?

    > I need to be able to track it by using the connection's tty (e.g.
    > pts/1) as a starting point.


    > TIA



    --
    a wide gulf separates "what if" from "if only"
    these opinions are mine, all mine; HP might not want them anyway...
    feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

  3. Re: Find the source IP address of a telnet connection.


    robwlindsay@gmail.com wrote:
    > Can anyone help with tracking the source IP address of a telnet
    > connection under 11.23i. We currently do this using lsof but lsof under
    > 11.23i has a problem with identifying telnet connections.
    >
    > I need to be able to track it by using the connection's tty (e.g.
    > pts/1) as a starting point.
    >
    > TIA


    To be more precise, the HP-UX kernel's PSTAT implementation from which
    lsof
    obtains open file information has a problem. That problem was once
    fixed in HP-UX
    11.11, but the fix was lost in HP-UX 11.23 for all architectures.

    I have been told that fix will be restored by a depot available "real
    soon now." I've
    tested a preliminary version of it and it appears to restore the
    delivery of telnet TCP/IP
    connection parameters to lsof. To track or locate the depot, refer to
    defect
    JAGag05130.

    Unfortunately the patch in the depot does not fix a similar problem
    that exists for nfsd,
    reported in defect JAGaf96371 in November 2005. The PSTAT kernel
    implementation
    does not deliver its UDP/IP parameters, either. While both are related
    to the failure of
    PSTAT to report stream sockets properly by following their module
    chains to their
    private TCP/IP and IDP/IP information structures, the nfsd UDP/IP
    solution to this
    defect has been declared an enhancement request by the HP NetUX
    Transport Lab
    and there is so far no commitment to fix it.

    Vic Abell, lsof author


  4. Re: Find the source IP address of a telnet connection.

    Thanks for the info ...

    Any suggestions on tracking the source of a telnet connection without
    using lsof ... until the patch is delivered?

    abe@purdue.edu wrote:

    > robwlindsay@gmail.com wrote:
    > > Can anyone help with tracking the source IP address of a telnet
    > > connection under 11.23i. We currently do this using lsof but lsof under
    > > 11.23i has a problem with identifying telnet connections.
    > >
    > > I need to be able to track it by using the connection's tty (e.g.
    > > pts/1) as a starting point.
    > >
    > > TIA

    >
    > To be more precise, the HP-UX kernel's PSTAT implementation from which
    > lsof
    > obtains open file information has a problem. That problem was once
    > fixed in HP-UX
    > 11.11, but the fix was lost in HP-UX 11.23 for all architectures.
    >
    > I have been told that fix will be restored by a depot available "real
    > soon now." I've
    > tested a preliminary version of it and it appears to restore the
    > delivery of telnet TCP/IP
    > connection parameters to lsof. To track or locate the depot, refer to
    > defect
    > JAGag05130.
    >
    > Unfortunately the patch in the depot does not fix a similar problem
    > that exists for nfsd,
    > reported in defect JAGaf96371 in November 2005. The PSTAT kernel
    > implementation
    > does not deliver its UDP/IP parameters, either. While both are related
    > to the failure of
    > PSTAT to report stream sockets properly by following their module
    > chains to their
    > private TCP/IP and IDP/IP information structures, the nfsd UDP/IP
    > solution to this
    > defect has been declared an enhancement request by the HP NetUX
    > Transport Lab
    > and there is so far no commitment to fix it.
    >
    > Vic Abell, lsof author



  5. Re: Find the source IP address of a telnet connection.

    The only suggestion I can offer is to see if your HP support people can
    get access
    to the pre-release copy of the patch against which I have tested lsof.

    Vic

    robwlindsay@gmail.com wrote:
    > Thanks for the info ...
    >
    > Any suggestions on tracking the source of a telnet connection without
    > using lsof ... until the patch is delivered?
    >
    > abe@purdue.edu wrote:
    >
    > > robwlindsay@gmail.com wrote:
    > > > Can anyone help with tracking the source IP address of a telnet
    > > > connection under 11.23i. We currently do this using lsof but lsof under
    > > > 11.23i has a problem with identifying telnet connections.
    > > >
    > > > I need to be able to track it by using the connection's tty (e.g.
    > > > pts/1) as a starting point.
    > > >
    > > > TIA

    > >
    > > To be more precise, the HP-UX kernel's PSTAT implementation from which
    > > lsof
    > > obtains open file information has a problem. That problem was once
    > > fixed in HP-UX
    > > 11.11, but the fix was lost in HP-UX 11.23 for all architectures.
    > >
    > > I have been told that fix will be restored by a depot available "real
    > > soon now." I've
    > > tested a preliminary version of it and it appears to restore the
    > > delivery of telnet TCP/IP
    > > connection parameters to lsof. To track or locate the depot, refer to
    > > defect
    > > JAGag05130.
    > >
    > > Unfortunately the patch in the depot does not fix a similar problem
    > > that exists for nfsd,
    > > reported in defect JAGaf96371 in November 2005. The PSTAT kernel
    > > implementation
    > > does not deliver its UDP/IP parameters, either. While both are related
    > > to the failure of
    > > PSTAT to report stream sockets properly by following their module
    > > chains to their
    > > private TCP/IP and IDP/IP information structures, the nfsd UDP/IP
    > > solution to this
    > > defect has been declared an enhancement request by the HP NetUX
    > > Transport Lab
    > > and there is so far no commitment to fix it.
    > >
    > > Vic Abell, lsof author



  6. Re: Find the source IP address of a telnet connection.

    robwlindsay@gmail.com writes:

    > Thanks for the info ...
    >
    > Any suggestions on tracking the source of a telnet connection without
    > using lsof ... until the patch is delivered?


    "who -R"?

    Regards,
    Ulrich

  7. Re: Find the source IP address of a telnet connection.

    # Status de Conecciones Telnet en HP-UX por Ricardo Pelcastre
    # MexLord - mexlord@hotmail.com
    #!/opt/perl/bin/perl

    %dias = (Sun => "Dom",
    Mon => "Lun",
    Tue => "Mar",
    Wed => "Mie",
    Thu => "Jue",
    Fri => "Vie",
    Sat => "Sab"
    );

    %meses = (Jan => "Ene",
    Feb => "Feb",
    Mar => "Mar",
    Apr => "Abr",
    May => "May",
    Jun => "Jun",
    Jul => "Jul",
    Aug => "Ago",
    Sep => "Sep",
    Oct => "Oct",
    Nov => "Nov",
    Dec => "Dic"
    );


    $ip=$ARGV[0];
    $cmd="/usr/bin/grep \"$ip\" /var/adm/syslog/syslog.log\n";

    @lineas=qx($cmd);

    foreach (@lineas)
    {

    if (/telnet\/tcp: Connection from\s+(\S+)\s+\((\S+)\) at (\S+)
    (\S+)\s+(\S+) (\S+) (\S+)$/)
    {
    $salida=sprintf("[%s %2s %s %s] - %s =>
    %s\n",$dias{$3},$5,$meses{$4},$6,$1,$2);
    print $salida;
    }

    }


+ Reply to Thread