Created
May 10, 2021 11:18
-
-
Save joswr1ght/a21c0b606f4aa00d81f8385158ca44b8 to your computer and use it in GitHub Desktop.
Linux server-side connection logging
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create a chain that logs new connections: | |
| iptables -N LOGNEW | |
| iptables -A LOGNEW -j LOG --log-prefix ' INBOUND TCP ' --log-level 4 | |
| iptables -A LOGNEW -j ACCEPT | |
| # Accept packets on existing connections without any fuss: | |
| iptables -A INPUT -p tcp -m state \! --state NEW -j ACCEPT | |
| # Log incoming packets on new connections: | |
| iptables -A INPUT -p tcp -j LOGNEW -m limit --limit 100/sec | |
| # Examine logs | |
| # $ sudo grep "INBOUND TCP" /var/log/kern.log | |
| # Dec 22 19:11:38 slingshot kernel: [ 64.993412] INBOUND TCP IN=eth0 OUT= MAC=00:0c:29:06:d6:34:00:50:56:c0:00:08:08:00 SRC=192.168.171.1 DST=192.168.171.130 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=53575 DPT=9001 WINDOW=65535 RES=0x00 CWR ECE SYN URGP=0 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment