Can Nagios detect the activity on a port # ?

James Turnbull james at lovedthanlost.net
Thu Jun 30 13:05:08 CEST 2005


Andreas Ericsson wrote:

> Iñigo Gomez Abrisketa wrote:
>
>> Related to my previous mail, I've found that Remote Desktop port 
>> number is 3389.
>> Nagios, obviously, can check if this port is active, but ...
>> Can Nagios detect if this port is in use (or in session)?
>>
>
> Not without sitting as a router or doing something which would 
> normally being considered black-hat'ish.
>
> You could set up a netflow gatherer and submit passive checks, I 
> suppose, but there's no way of determining traffic to/from a remote 
> host without sniffing the wire. Moste catenets won't allow that 
> without some sort of ARP poisoning scheme in place, and that's very 
> disruptive for the network.

I agree with Andreas - very messy to do this via the network.  I guess 
it depends what you are trying to achieve.  If you just want to see if a 
Remote Desktop session is active you could approach this from a 
different direction.  Instead of looking at it from the network side you 
could run NSclient or the like on the Windows host and monitor the event 
log or set up a WMI script to monitor Remote Desktop activities.  The 
NSClient could then execute a check on this log file or using this script.

Regards

James Turnbull

-- 
James Turnbull <james at lovedthanlost.net>
---
Author of Hardening Linux from Apress
(http://www.amazon.com/exec/obidos/tg/detail/-/1590594444/)
---
PGP Key (http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0C42DF40)



-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list