eliminating bogus port 43 exits

Hans de Hartog dehartog at rootsr.com
Sun Jun 14 09:59:51 UTC 2009 

Thank you. I switched on info-logging and tomorrow I'll post the results
of your script.

Hans de Hartog


Scott Bennett wrote:
>      Unfortunately, the above method is unlikely to see more than a tiny
> fraction of the port 43 exits, which are usually of very short duration.
>      Instead, try turning on info-level logging.  Then you can use something
> like
>
> /usr/bin/fgrep connection_edge_finished_connecting /var/log/tor/info.log | \
>  nice +14 /usr/bin/sed -e 's/connection_edge_finished_connecting(): Exit connection to \[scrubbed\]:/Exit to port /' -e 's/(\[scrubbed\]) //' -e 's/(.* established.//' -e 's/\ established.//' -e 's/ 1499//' | \
>   nice +14 sort -n -g +7 -8 | uniq -c -f 7
>
> (Beware of linewrap in the line containing the /usr/bin/sed command.)  Note
> that your paths, options to sort(1) and uniq(1), etc. may vary, depending
> upon your operating system.  This example works properly for FreeBSD.  Also,
> use of nice is obviously optional, but a good idea if you're sharing a system
> with other users at the same time.  Output from the above looks like this:
>
>   39 Jun 14 03:19:02.223 [info] Exit to port 443
>    1 Jun 14 03:16:21.795 [info] Exit to port 6001
>    1 Jun 14 03:19:20.310 [info] Exit to port 6010
>    1 Jun 14 03:16:24.275 [info] Exit to port 6666
>
> and so on, where the number at the lefthand side is the number of exits for
> that port, and the date+timestamp is from the first occurrence in the log file
> of an exit for that port.  You may wish to change the final form of the output
> lines to suit your own taste.
>      I think you'll find that scanning an info-level log file gives you a
> very different result from looking at periodic samplings of netstat(1) output.
>
>
>                                   Scott Bennett, Comm. ASMELG, CFIAG
> **********************************************************************
> * Internet:       bennett at cs.niu.edu                              *
> *--------------------------------------------------------------------*
> * "A well regulated and disciplined militia, is at all times a good  *
> * objection to the introduction of that bane of all free governments *
> * -- a standing army."                                               *
> *    -- Gov. John Hancock, New York Journal, 28 January 1790         *
> **********************************************************************
>
>
>

More information about the tor-talk mailing list