Router-Action

Warum

• Damit man schoen sehen kann, warum grad alles so langsam geht.
• Fuer Korintenkacker: Natuerlich wird nur anhand des Ports "geraten", was das so fuer Verkehr ist. Da allerdings im Weimarnetz nichts geblockt ist, nehmen die meisten Programme die Standardports...

Skript

#!/bin/sh

awk -F'[= ]' '/ESTABLISHED/ {
if(match($0,"dport=698 ")==0){
gsub(/=6667 /,"=CHAT/IRC ")
gsub(/=6666 /,"=CHAT/IRC ")
gsub(/=6665 /,"=CHAT/IRC ")
gsub(/=6664 /,"=CHAT/IRC ")
gsub(/=6663 /,"=CHAT/IRC ")
gsub(/=6662 /,"=CHAT/IRC ")
gsub(/=5223 /,"=CHAT/Jabber_secure ")
gsub(/=5222 /,"=CHAT/Jabber ")
gsub(/=5190 /,"=CHAT/AIM/ICQ ")
gsub(/=1863 /,"=CHAT/MSN ")
gsub(/=995 /,"=MAIL/POP3_secure ")
gsub(/=993 /,"=MAIL/IMAP_secure ")
gsub(/=443 /,"=www_secure ")
gsub(/=411 /,"=P2P/DC++ ")
gsub(/=143 /,"=MAIL/IMAP ")
gsub(/=110 /,"=MAIL/POP3 ")
gsub(/=80 /,"=www ")
gsub(/=25 /,"=MAIL/SMTP ")
gsub(/=22 /,"=SSH ")
printf("%-14s ---> %14s... %s %16s ---> %-16s\n",$11,substr($13,1,length($13)-3),$1,$15,$17)
}}' /proc/net/ip_conntrack|sort|awk '
BEGIN{printf "Content-type: text/plain\n"}{if($1!=A&&S!=1&&Z>0){print "";S=1}else{print;S=0;Z=1}A=$1}'

Ausgabe

Testweise mal hier installiert: http://mmlxvi.dyndns.org:8082/cgi-bin-inet

10.63.16.1     --->       10.63.13... tcp   www ---> 3874 
10.63.16.1     --->       10.63.13... tcp  4233 ---> www  

10.63.180.1    --->   216.133.246.... tcp  1078 ---> www  
10.63.180.1    --->   216.133.246.... tcp  1616 ---> www  

10.63.73.1     --->      80.171.19... tcp  3726 ---> 30401
10.63.73.1     --->     68.53.202.... tcp  3747 ---> 18102
10.63.73.1     --->    194.247.253... tcp  3500 ---> 28490

104.63.186.2   --->      62.104.23... tcp  2672 ---> www  
104.63.186.2   --->      72.14.221... tcp  2906 ---> www  
104.63.186.2   --->     72.14.221.... tcp  2668 ---> www  

104.63.45.2    --->     64.236.34.... tcp  2128 ---> www  

104.63.58.2    --->     213.83.60.... tcp  1426 ---> www_secure

104.63.7.2     --->       10.63.11... tcp  2029 ---> 411