-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathtop_talkers.sh
139 lines (133 loc) · 4.91 KB
/
top_talkers.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
#!/bin/bash
# Written by Craig Dods
# Last Edit on 05/03/2013
# Using SecureXL connection table vs general connections table to minimize impact on live devices. It is also significantly quicker to poll.
pause(){
local m="$@"
echo "$m"
read -p "Press [Enter] key to continue..." key
}
clear
while :
do
clear
echo "Hello, Welcome to the Checkpoint Top Talkers display utility by Craig Dods"
echo "-----------------------------------------------"
echo " M A I N - M E N U"
echo "-----------------------------------------------"
echo "Please note that this is for use on devices with SecureXL enabled ONLY"
echo ""
echo "1. Display the top 50 Source/Destination combos"
echo "2. Display the top 50 Source/Destination combos with identical Destination Ports"
echo "3. Display the top 50 Source/Destination combos with identical Source Ports"
echo "4. Display the top 50 Sources"
echo "5. Display the top 50 Destinations"
echo "6. Display the top 50 Source/Destination combos on a Custom Destination Port"
echo "7. Display the top 50 Source/Destination combos on a Custom Source Port"
echo "8. Display the top 50 Sources on a Custom Destination Port"
echo "9. Display the top 50 Destinations on a Custom Destination Port"
echo "10. Display the top 50 Sources on a Custom Source Port"
echo "11. Display the top 50 Destinations on a Custom Source Port"
echo "12. Display the top 20 Destination Ports"
echo "13. Display the top 20 Source Ports"
echo "14. Display Connections From A Specific Host (large list)"
echo "15. Display Connections To A Specific Host (large list)"
echo "16. Exit"
echo -n "Please Make A Selection: "
read opt
case $opt in
1)
echo " # SRC IP DST IP"
fwaccel conns | awk '{printf "%-16s %-15s\n", $1,$3}' | sort | uniq -c | sort -n -r | head -n 50;
pause;;
2)
echo " # SRC IP DST IP DPort"
fwaccel conns | awk '{printf "%-16s %-16s %-10s\n", $1,$3,$4}' | sort | uniq -c | sort -n -r | head -n 50
pause;;
3)
echo " # SRC IP DST IP SPort"
fwaccel conns | awk '{printf "%-16s %-16s %10s\n", $1,$3,$2}' | sort | uniq -c | sort -n -r | head -n 50
pause;;
4)
echo " # SRC IP"
fwaccel conns | awk '{print $1}' | sort | uniq -c | sort -n -r | head -n 50
pause;;
5)
echo " # DST IP"
fwaccel conns | awk '{print $3}' | sort | uniq -c | sort -n -r | head -n 50
pause;;
6)
echo "Please enter the specific Destination Port you wish to filter for: "
read dport;
echo ""
echo " # SRC IP DST IP on DPORT" $dport
fwaccel conns | awk -v DPT=$dport '$4==DPT{print}' | awk '{printf "%-16s %-15s\n", $1,$3}' | sort | uniq -c | sort -n -r | head -n 50
pause;;
7)
echo "Please enter the specific Source Port you wish to filter for: "
read sport;
echo ""
echo " # SRC IP DST IP on SPORT" $sport
fwaccel conns | awk -v DPT=$sport '$2==DPT{print}' | awk '{printf "%-16s %-15s\n", $1,$3}' | sort | uniq -c | sort -n -r | head -n 50
pause;;
8)
echo "Please enter the specific Destination Port you wish to filter for: "
read dport;
echo ""
echo " # SRC IP on DPORT" $dport
fwaccel conns | awk -v DPT=$dport '$4==DPT{print}' | awk '{printf "%-16s\n", $1}' | sort | uniq -c | sort -n -r | head -n 50
pause;;
9)
echo "Please enter the specific Destination Port you wish to filter for: "
read dport;
echo ""
echo " # DST IP on DPORT" $dport
fwaccel conns | awk -v DPT=$dport '$4==DPT{print}' | awk '{printf "%-16s\n", $3}' | sort | uniq -c | sort -n -r | head -n 50
pause;;
10)
echo "Please enter the specific Source Port you wish to filter for: "
read sport;
echo ""
echo " # SRC IP on SPORT" $sport
fwaccel conns | awk -v DPT=$sport '$2==DPT{print}' | awk '{printf "%-16s\n", $1}' | sort | uniq -c | sort -n -r | head -n 50
pause;;
11)
echo "Please enter the specific Source Port you wish to filter for: "
read sport;
echo ""
echo " # DST IP on SPORT" $sport
fwaccel conns | awk -v DPT=$sport '$2==DPT{print}' | awk '{printf "%-16s\n", $3}' | sort | uniq -c | sort -n -r | head -n 50
pause;;
12)
echo ""
echo " # DPORT" $dport
fwaccel conns | awk '{print $4}' | sort | uniq -c | sort -n -r | head -n 20
pause;;
13)
echo ""
echo " # SPORT" $sport
fwaccel conns | awk '{print $2}' | sort | uniq -c | sort -n -r | head -n 20
pause;;
14)
echo "Please enter the specific Host you wish to filter for as a Source: "
read host;
echo ""
fwaccel conns -s
echo "Number of entries sourced from this host"
fwaccel conns | awk -v DPT=$host '$1==DPT{print}' | wc -l
echo " # Host" $host
fwaccel conns | awk -v DPT=$host '$1==DPT{print}'| sort | sort -n -r
pause;;
15)
echo "Please enter the specific Host you wish to filter for as a Destination: "
read host;
echo ""
fwaccel conns -s
fwaccel conns | awk -v DPT=$host '$3==DPT{print}' | wc -l
echo " # Host" $host
fwaccel conns | awk -v DPT=$host '$3==DPT{print}'| sort | sort -n -r
pause;;
16)
exit 1;;
esac
done