Can Nagios detect the activity on a port # ?

Michael Schwartzkopff misch at multinet.de
Thu Jun 30 13:13:10 CEST 2005

Previous message: Can Nagios detect the activity on a port # ?
Next message: Can Nagios detect the activity on a port # ?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am Donnerstag, 30. Juni 2005 13:05 schrieb James Turnbull:
> Andreas Ericsson wrote:
> > Iñigo Gomez Abrisketa wrote:
> >> Related to my previous mail, I've found that Remote Desktop port
> >> number is 3389.
> >> Nagios, obviously, can check if this port is active, but ...
> >> Can Nagios detect if this port is in use (or in session)?
> >
> > Not without sitting as a router or doing something which would
> > normally being considered black-hat'ish.
> >
> > You could set up a netflow gatherer and submit passive checks, I
> > suppose, but there's no way of determining traffic to/from a remote
> > host without sniffing the wire. Moste catenets won't allow that
> > without some sort of ARP poisoning scheme in place, and that's very
> > disruptive for the network.
>
> I agree with Andreas - very messy to do this via the network.  I guess
> it depends what you are trying to achieve.  If you just want to see if a
> Remote Desktop session is active you could approach this from a
> different direction.  Instead of looking at it from the network side you
> could run NSclient or the like on the Windows host and monitor the event
> log or set up a WMI script to monitor Remote Desktop activities.  The
> NSClient could then execute a check on this log file or using this script.
>
> Regards
>
> James Turnbull

Hi,

what about good old SNMP? Even Microsoft implemented the tcpConnState Table of 
the MIBII. There you can see which connections are esablished to your server 
at the moment. Just try ist:

snmpwalk -v1 -cpublic <host> .tcpConnState

It should not be too difficult to feed the output into a script and find any 
special connection. By the way: This should work with EVERY OS!

Regards,
-- 
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Bretonischer Ring 7
85630 Grasbrunn

Tel: (+49 89) 456 911 - 0
Fax: (+49 89) 456 911 - 21
mob: (+49 174) 343 28 75

PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://www.monitoring-lists.org/archive/users/attachments/20050630/86c29bde/attachment.sig>

Previous message: Can Nagios detect the activity on a port # ?
Next message: Can Nagios detect the activity on a port # ?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list