open_ports.sh shows which currently open network connections your computer has -- both outgoing and incoming.
Fist a note on security: the script must run as root – otherwise it would only see the network connections of the user that is running the script. Also, the previous auto-update of the script has been removed. If you want to play with it, please do so (just don't update since it will “restore” an original copy! :-) I have tried to comment it thoroughly, but if you have questions, please email me!
It works on Linux as well (the same script). For tested distros, see the final point!
On a Mac you can use it with GeekTool (not included) to see the result on the desktop:
This is what it can look like when you are behind a NAT-router:
For outgoing traffic, the following information is displayed:
• Number of connections
• The server you are connected to
• Where in the world (country and city) this machine is located
It also reports what is running and is waiting for traffic from the outside. For listening ports, the following is reported:
• Protocol (IPv4 or IPv6)
• ”Servicerange”, i.e. who are being served (some services only serve the local machine or subnet))
The script is run by the system owner ”root” every other minute (using
launchd on the Mac and
cron on Linux) and uses the command
lsof to gather data in a number of files (see below).
When the script is run by a normal user (for instance with GeekTool) the data files are analyzed and the result is presented.
• every other hour the checksum of the
lsof command is checked to detect an intrusion that alters the
lsof binary (see this picture)
• the access right of the data files
• that the data files exist (warns otherwise, see this picture)
• that the launchd-component is running (Mac-only, see this picture)
• that the data files are younger than 1 hour (see this picture)
• that we have an IP-adress at all (see this picture)
Once every hour the external IP-address of the computer is checked (if you are behind a NAT-router) and if it changes this is noted in a ”diary” (so that in retrospect, you can see where you have been :-).
Explanation of colors:
|red background||process is owned by root|
|red text||the IP-number does not have a corresponding DNS-name|
|blue text||the IP-number is being matched by severad DNS-names|
|green text||the protocol is "safe" (ssh, https, imaps, smtps, scp, sftp) or the program is sshd|
sudo adminusernamneand then
sudo -i; if you are an admin-user, type
chmod 755 open_ports_install.shor
open_ports_install_linux.sh(you must locate it)
Note that GeekTool doesn't move things around if you change the number of monitors (for instance a portable computer with external displays). It will, however be visible again when you restore the monitor setting!
Also note that the script will start automatically after a reboot!
The script no longer auto-updates. You must update it manually! (massive feedback from MacOSX Hints about this).
You update the script manually by running, as
root, the following command in a terminal window:
It will fetch the latest version of the script and install it (if it is different that what you have). If you already have the latest version it will tell you!
You can also get it directly:
curl fileadmin.cs.lth.se/cs/Personal/Peter_Moller/scripts/open_ports.sh > /usr/bin/open_ports.sh
chmod 755 /usr/bin/open_ports.sh
You can run the script anytime (in a terminal window). What happens depends on who is running it:
• if you are
root new data is generated (but now shown)
• for any other user you will see the output
If it doesn't report any connection, you can double check this by running the following (as
lsof +c 0 -i 4 -n | grep EST
If that also is empty, the the report is correct.
If you don't want to see the data (but continue gathering of data) all you have to do is quit GeekTool.
You stop execution by (as
root) issuing the following commands in a terminal window:
launchctl stop se.lth.cs.open_ports
launchctl unload /Library/LaunchDaemons/se.lth.cs.open_ports.plist
You deinstall by also issue::
rm -rf /usr/bin/open_ports.sh (the script)
rm -rf /Library/LaunchDaemons/se.lth.cs.open_ports.plist (the gather control)
rm -rf /Library/cs.lth.se/OpenPorts (the data files)
The components are these:
| ||The script that is being used both to gather data and display them|
| ||Control-script for |
| ||Growing number of IP-number and their geographical location (to speed up the execution of the script) |
This is used by many scripts!!
| ||Checksum for |
| ||The external IP-adress of the computer. Is used if you are behind a NAT-router|
| ||”Diary” of where the computer has been; IP-number, time and geographical location (checked once every hour)|
| ||Data for ESTABLISHED-IPv4 connections. Updated every 2 minutes|
| ||Data for ESTABLISHED-IPv6 connections. Updated every 2 minutes|
| ||Data for the latest GeoIP-lookup|
| ||List of LISTEN-ports. Updated every 2 minutes|
Apart from Mac OS X (on which the script has been developed) the following distros have been tested with open_ports.sh:
• Mandriva 2010
Please email me about news from other distros!
Frågor om innehållet: Peter Möller
Webbtekniska frågor: firstname.lastname@example.org
Senast uppdaterad: 2011-07-13