How to log the ip addresses trying to connect to a port?
68,937
Solution 1
You could do it using iptables
iptables -I INPUT -p tcp -m tcp --dport 5901 -m state --state NEW -j LOG --log-level 1 --log-prefix "New Connection "
This will log new tcp connections on port 5901 to /var/log/syslog
and /var/log/kernel.log
like this
Dec 12 07:52:48 u-10-04 kernel: [591690.935432] New Connection IN=eth0 OUT= MAC=00:0c:29:2e:78:f1:00:0c:29:eb:43:22:08:00 SRC=192.168.254.181 DST=192.168.254.196 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=40815 DF PROTO=TCP SPT=36972 DPT=5901 WINDOW=14600 RES=0x00 SYN URGP=0
Solution 2
if it's short term - this should do:
tcpdump -n -i eth0 -w file.cap "port 5901"
alternatively you can use the log target of iptables:
iptables -A INPUT -p tcp --dport 5901 -j LOG --log-prefix '** guests **'--log-level 4
this might flood your logs
Related videos on Youtube
Author by
Gihan Lasita
Updated on September 18, 2022Comments
-
Gihan Lasita almost 2 years
Is it possible to log all IP addresses that trying to connect or connected to port "5901" in Linux Debian?
How can i do that?
-
Gihan Lasita over 11 yearswhy down vote as soon as question posted?
-
MadHatter over 11 yearsI didn't downvote it, but one of the reasons for a downvote on SF is that the question "does not show any research effort" and I'm sorry, but yours doesn't.
-
-
kasperd over 8 yearsSince that command is not producing a log of all the IP addresses, it is not an answer to the question.
-
tripleee over 7 yearsAlso, "ESTABLISHED" will only have happened when they successfully connected, so this doesn't show who is attempting to connect (for example, if the port isn't open, they will all fail).