URL: http://www.brazilfw.com.br/users/cavernicola/addons/caudit/0.1/caudit.tgz
Add-on State: Testing
Add-on Version: 0.1
Original Project Version: 0.1
Original Software author: El guapo Dan (Daniel R. Torres)
Original Project URL: [url]http://#[/url]
System Version Required: Any.
Other Packages Required: http://www.brazilfw.com.br/users/Bender ... bgcc_s.tgz (Only in BFW 2.30.x)
Other Packages Required: http://www.brazilfw.com.br/users/Bender ... ibstdc.tgz (Only in BFW 2.30.x)
Other Packages Conflict: Unknown.
ENGLISH- Description
- This add-on will install a little command line tool written in C++ called caudit what is an acronym of Connection Usage Auditor, this tool will let you to audit the connections usage of your network. Further more if you are a programmer, this tool will let you to obtain raw data of the information to let you easily parse it.
This tool depends on a file called caudit.wkp that is just a plain text list of well known ports, this file will be updated with the contribution of any one.
Installation Instructions:
- 1.- Read carefully all the instructions.
2.- If you are using BFW 2.30.1install the http://www.brazilfw.com.br/users/Bender/addons/libs/libgcc_s.tgz and http://www.brazilfw.com.br/users/Bender/addons/libs/libstdc.tgz add-ons as standard installation..
3.- Install the caudit.tgz add-on as Standard installation.
4.- Read the user's manual below.
ESPANOL- Description
- Este add-on instalara una pequena herramienta de linea de comandos escrita en C++ llamada caudit; caudit es el acronimo de Connection Usage Auditor (Auditor de uso de conexiones), esta herramienta le permitira auditar el uso de conexiones de su red. Aun mas, si usted es un programador, esta herrramienta le permite obtener informacion en bruto de los datos, esto es informacion sin formato para permitir que sea examinada facilmente.
Esta herramienta depende de un archivo de texto llamado caudit.wkp que es una simple lista de puertos bien conocidos, esta lista sera actualizada con la ayuda de todos.
Installation Instructions:
- 1.- Lea cuidadosamente las instrucciones.
2.- Si usted esta utilizando BFW 2.30.x, installe los add-on http://www.brazilfw.com.br/users/Bender/addons/libs/libgcc_s.tgz y http://www.brazilfw.com.br/users/Bender/addons/libs/libstdc.tgz con una instalacion estandar..
3.- Instale el add-on caudit.tgz con una instalacion standard.
4.- Lea el manual de usuario mas abajo.
MANUAL
- 1.- Caudit is a command line tool, you need to enter to your BFW's command line.
- Código: Selecionar todos
brazilfw# caudit -v -h -i -d -t -l -r- Código: Selecionar todos
brazilfw# caudit -h
caudit: An IP connection auditor for Brazil Firewall and Router
Usage: caudit [{|-v|-h|-i|-d|-t|-l|-r}]
-v gives the version number.
-h gives this message.
-i gives the data of the given IP.
-d gives detailed data.
-t gives only the totals.
-l lists the well known ports.
-r gives raw data without format.- Código: Selecionar todos
brazilfw# caudit -t
192.168.0.101: Total: 16
192.168.0.102: Total: 313
192.168.0.103: Total: 24
192.168.0.106: Total: 23
192.168.0.109: Total: 46
192.168.0.11: Total: 3
192.168.0.110: Total: 1
192.168.0.111: Total: 19
192.168.0.112: Total: 18
192.168.0.113: Total: 23
192.168.0.114: Total: 4
192.168.0.115: Total: 82
192.168.0.121: Total: 267
192.168.0.122: Total: 484
192.168.0.123: Total: 1
192.168.0.124: Total: 78
192.168.0.129: Total: 6
192.168.0.135: Total: 37
192.168.0.139: Total: 5
192.168.0.141: Total: 29
192.168.0.142: Total: 4
192.168.1.200: Total: 1
GRAND TOTAL:
Connections: 1484- Código: Selecionar todos
brazilfw# caudit
192.168.0.101:
Connections: 6
TCP: 5
UDP: 1
ICMP: 0
192.168.0.102:
Connections: 311
TCP: 8
UDP: 303
ICMP: 0
192.168.0.103:
Connections: 18
TCP: 15
UDP: 0
ICMP: 3
192.168.0.106:
Connections: 18
TCP: 16
UDP: 2
ICMP: 0
192.168.0.109:
Connections: 48
TCP: 8
UDP: 40
ICMP: 0
192.168.0.11:
Connections: 2
TCP: 2
UDP: 0
ICMP: 0
192.168.0.110:
Connections: 1
TCP: 1
UDP: 0
ICMP: 0
192.168.0.111:
Connections: 12
TCP: 10
UDP: 2
ICMP: 0
192.168.0.112:
Connections: 22
TCP: 19
UDP: 3
ICMP: 0
192.168.0.113:
Connections: 29
TCP: 22
UDP: 7
ICMP: 0
192.168.0.114:
Connections: 5
TCP: 4
UDP: 1
ICMP: 0
192.168.0.115:
Connections: 57
TCP: 49
UDP: 8
ICMP: 0
192.168.0.121:
Connections: 244
TCP: 5
UDP: 239
ICMP: 0
192.168.0.122:
Connections: 327
TCP: 20
UDP: 307
ICMP: 0
192.168.0.123:
Connections: 1
TCP: 1
UDP: 0
ICMP: 0
192.168.0.124:
Connections: 110
TCP: 102
UDP: 8
ICMP: 0
192.168.0.129:
Connections: 5
TCP: 3
UDP: 2
ICMP: 0
192.168.0.135:
Connections: 37
TCP: 7
UDP: 30
ICMP: 0
192.168.0.139:
Connections: 5
TCP: 3
UDP: 2
ICMP: 0
192.168.0.141:
Connections: 247
TCP: 13
UDP: 234
ICMP: 0
192.168.0.142:
Connections: 4
TCP: 4
UDP: 0
ICMP: 0
192.168.1.200:
Connections: 1
TCP: 0
UDP: 1
ICMP: 0
GRAND TOTAL:
Connections: 1510- Código: Selecionar todos
brazilfw# caudit -d
192.168.0.102:
Connections: 334
TCP: 11
UDP: 323
ICMP: 0
Details:
TCP-MSNP 2
TCP-Unknown 5
TCP-World_Wide_Web_HTTP 1
TCP-callbacks_to_cache_managers 1
TCP-http_protocol_over_TLS/SSL 2
UDP-Aionex_Communication_Management_Engine 1
UDP-Axis_WIMP_Port 1
UDP-Booster_Ware 1
UDP-Cisco_Line_Protocol 1
UDP-Cluster_Disc 1
UDP-CompactIS_Secure_Tunnel 1
UDP-Cumulus 1
UDP-DIRECWAY_Tunnel_Protocol 1
UDP-Distributed_Framework_Port 1
UDP-Domain_Name_Server 1
UDP-EBD_Server_2 1
UDP-EMC-Documentum_Content_Server_Product 1
UDP-Flamenco_Networks_Proxy 1
UDP-Guy-Tek_Automated_Update_Applications 1
UDP-IBM_Wireless_LAN 1
UDP-IGRS 1
UDP-Icona_License_System_Server 1
UDP-KV_Agent 1
UDP-MGE_UPS_Management 1
UDP-MS_V-Worlds 1
UDP-Message_Bus 1
UDP-NOAAPORT_Broadcast_Network 1
UDP-OpenDeploy_Listener 1
UDP-PCIHReq 1
UDP-Patrol_for_MQ_GM 1
UDP-Raven_Trinity_Data_Mover 1
UDP-SCP_Configuration_Port 1
UDP-STGXFWS 1
UDP-Scan_&_Change 1
UDP-SpectraTalk_Port 1
UDP-TALNET 1
UDP-TAMBORA 1
UDP-TCP_Port_Service_Multiplexer 2
UDP-Unknown 280
UDP-Virtual_Places_Audio_data 1
UDP-WinDb 1
UDP-glogger 1
[....]
192.168.1.200:
Connections: 1
TCP: 0
UDP: 1
ICMP: 0
Details:
UDP-Domain_Name_Server 1
GRAND TOTAL:
Connections: 1306
TCP: 303
UDP: 1000
ICMP: 3- Código: Selecionar todos
brazilfw# caudit -ti 192.168.0.129
192.168.0.129: Total: 6
brazilfw# caudit -i 192.168.0.129
192.168.0.129:
Connections: 6
TCP: 3
UDP: 3
ICMP: 0
brazilfw# caudit -id 192.168.0.129
192.168.0.129:
Connections: 5
TCP: 3
UDP: 2
ICMP: 0
Details:
TCP-MSNP 3
UDP-Amiga_Network_Filesystem 1
UDP-Teredo_Port 1- Código: Selecionar todos
brazilfw# caudit -tr
192.168.0.101 3
192.168.0.102 249
192.168.0.103 10
192.168.0.106 33
192.168.0.109 31
192.168.0.11 3
192.168.0.110 20
192.168.0.111 5
192.168.0.112 36
192.168.0.113 15
192.168.0.114 4
192.168.0.115 66
192.168.0.121 23
192.168.0.122 46
192.168.0.123 1
192.168.0.124 39
192.168.0.129 4
192.168.0.135 329
192.168.0.139 7
192.168.0.141 309
192.168.0.142 9
192.168.1.200 1- Código: Selecionar todos
brazilfw# caudit -r
192.168.0.101 3 3 0 0
192.168.0.102 136 8 128 0
192.168.0.103 48 44 1 3
192.168.0.106 20 18 2 0
192.168.0.109 30 9 21 0
192.168.0.11 2 2 0 0
192.168.0.110 5 4 1 0
192.168.0.111 30 29 1 0
192.168.0.112 54 44 10 0
192.168.0.113 28 26 2 0
192.168.0.114 1 1 0 0
192.168.0.115 98 95 3 0
192.168.0.121 23 7 16 0
192.168.0.122 51 11 40 0
192.168.0.123 1 1 0 0
192.168.0.124 41 38 3 0
192.168.0.129 4 2 2 0
192.168.0.132 15 13 2 0
192.168.0.135 310 7 303 0
192.168.0.139 3 2 1 0
192.168.0.141 324 10 314 0
192.168.0.142 7 6 1 0
192.168.1.200 1 0 1 0- Código: Selecionar todos
brazilfw# caudit -rd
192.168.0.101 2 2 0 0 TCP-Unknown:2
192.168.0.102 28 9 19 0 TCP-MSNP:1 TCP-Unknown:7 TCP-World_Wide_Web_HTTP:1 UDP-MYNAH_AutoStart:1 UDP-Unknown:18
192.168.0.103 9 5 1 3 TCP-OneHome_Service_Port:1 TCP-Redwood_Chat:1 TCP-Unknown:3 UDP-Domain_Name_Server:1
192.168.0.106 16 14 2 0 TCP-Unknown:11 TCP-World_Wide_Web_HTTP:3 UDP-Unknown:2
GRAND_TOTAL 1201 313 885 3- Código: Selecionar todos
brazilfw# cat /usr/share/caudit.wkp | more
0/tcp Reserved
0/udp Reserved
0/tcp Shirt_Pocket_netTunes
0/tcp Shirt_Pocket_launchTunes
1/tcp TCP_Port_Service_Multiplexer
1/udp TCP_Port_Service_Multiplexer
2/tcp Management_Utility
2/udp Management_Utility
3/tcp Compression_Process
3/udp Compression_Process
5/tcp Remote_Job_Entry
5/udp Remote_Job_Entry
7/tcp Echo
7/udp Echo
9/tcp Discard
9/udp Discard
9/sctp Discard
9/dccp Discard_SC:DISC
11/tcp Active_Users
11/udp Active_Users
13/tcp Daytime_(RFC_867)
13/udp Daytime_(RFC_867)
17/tcp Quote_of_the_Day
17/udp Quote_of_the_Day
18/tcp Message_Send_Protocol
18/udp Message_Send_Protocol
19/tcp Character_Generator
19/udp Character_Generator
20/tcp File_Transfer_[Default_Data]
20/udp File_Transfer_[Default_Data]
20/sctp FTP
21/tcp File_Transfer_[Control]
21/udp File_Transfer_[Control]
21/sctp FTP
22/tcp The_Secure_Shell_(SSH)_Protocol
22/udp The_Secure_Shell_(SSH)_Protocol
22/sctp SSH
23/tcp Telnet
23/udp Telnet
1.- Caudit es una herramienta de linea de comandos, usted necesita ingresar a la linea de comandos de BFW.
2.- You can to invoke the command caudit with one of the optional switches:
2.- Puede invocar a caudit con uno de los switches opcionales:
If you call caudit with the -h switch, you will see the help of the command usage:
If you want to know the total of the connections usage of all the IPs in your network, invoke caudit -t:
If you want to know the connections usage of all the IPs in your network with a little bit more information, invoke caudi without any switch:
If you want to know the connections usage of all the IPs in your network with A LOT MORE more information, invoke caudit -d:
You can use the same switches with one given IP:
- If you want the totals of all the IPs just invoke caudit -tr, this will give you a serie of lines one for each IP:
The order of the info is: ip, number_of_connections.
More detailed info?, just invoke the command with only the -r switch:
The order of the info is: ip, number_of_connections, quantity_of_tcp, quantity_of_udp, quantity_of_icmp.
Even more detailed information, use caudit -rd
The order of the info is: ip, number_of_connections, quantity_of_tcp, quantity_of_udp, quantity_of_icmp, description_of_the_port:quantity; and at the end the GRAND_TOTAL: quantity_of_all, total_udp, total_tcp, total_icmp,
4.- Caudit depends on a file called caudit.wkp to determine the name of all the ports, it is placed in /usr/share/caudit.wkp:
I found this file in google, I think that it is not too accurate, but worst is nothing, anyways, this file can be updated
I want to ask for help to all of you to update this file, if you know any port that is not listed, or you encounter some error in the list please let me know it in this post.
All the ports posted here will be updated in a list from where any one will can update his/her file..
More important, if you know about the ports used by some, virus, malware, trojan, etc... please post it here, and then we will can determine if one of our clients is infected or somethisg like that.
BFW and this add-on are free, please make a donation to support the life of the BFW project, contact one of the site admins to know how you can make a donation.
[/list]