Problem:
I have a network that uses a server in my basement at a gateway. It runs iptables. All net traffic in the house to the outside passes through this. Is there a way to monitor the traffic to see what ports an application needs?
From time to time we run apps that need particular ports
open e.g., our local library doesn't use port 80, I'd like to be able to
see what ports an application is using. I've tried netstat but cannot see
what ports are being used.
Answer:
The gateway is the linux system through which traffic for all devices are routed & the outbound traffic on this server is controller via iptables.
You could run tcpdump on this servers to find the source
port and destination IP + port for a particular. e.g. for device with IP
1.2.3.4 (substitute interface_name with eth0/ eth1 etc.. as applicable).
tcpdump help detect all traffic passing through the server / interface
Linux Code:
tcpdump -vv -nn -i <interface_name> host 1.2.3.4
Additional Note:
I'd used tcpdump before, but it is just a huge amount of information. Your switches helped. Just for reference for anyone reading this and needs to do the same thing:
1. The connection to the outside world for all my computer is through a linux server. eth0 is hooked to the outside, eth1 to the internal network. IPTables do the necessary magic so requests from inside go to the outside. (Yeah, yeah, I know there are more modern devices that do these, but this server has been in place and upgraded for years.)
2. Many, many ports are closed by iptables, and as necessary exceptions are made.
3. The odd program comes along (e.g., Kodak's imaging software for medical use!) that have their own ports. To find out what ports it needs I used tcpdump ... often changing host to dst net xxx.xxx.xxx.xxx once I know what it is connecting to. The proper ports are tacked to the tail of this address tcpdump reports.
