Let’s say I want to collect the following info on a set of servers locally to the system:

– any tcp or udp connection (in or out) and the source and dest ports – but only to or from a specific set of hosts.

– uniqued so I don’t have more than one copy of any connection

what would be the least invasive way to do that? I thought of something like tcpdump – but that seems expensive. I also thought about trying to do something like it with iptables logging – but I’m not sure how much control I can get from the output of the logs.

thoughts?

Advertisements

canary?

May 4, 2011

or is it a canard?

or is it maybe a red fish?

so hard to tell these days.

just ignore this.