On Sun, 14 Jun 2009 09:57:31 +0200 Hans de Hartog <dehar...@rootsr.com> wrote: >Let's get back to the facts. I ran the following script last night >every 10 seconds for 10 hours on my exit node (lowest possible >bandwidth, i.e. 20 KBs). >Port Connections(cumulative for all runs) >443 131013 >80 31367 >43 306 >Other ports neglectable, so why the fuzz about port 43? >The script: >netstat -n | awk ' >/^tcp4/ { split($5, p, ".") > if(p[5] < 1000) cnt[p[5]]++ >} >END { for (a in cnt) { > printf("%4d %8d\n", a, cnt[a]) >} }' > Unfortunately, the above method is unlikely to see more than a tiny fraction of the port 43 exits, which are usually of very short duration. Instead, try turning on info-level logging. Then you can use something like
/usr/bin/fgrep connection_edge_finished_connecting /var/log/tor/info.log | \ nice +14 /usr/bin/sed -e 's/connection_edge_finished_connecting(): Exit connection to \[scrubbed\]:/Exit to port /' -e 's/(\[scrubbed\]) //' -e 's/(.* established.//' -e 's/\ established.//' -e 's/ 1499//' | \ nice +14 sort -n -g +7 -8 | uniq -c -f 7 (Beware of linewrap in the line containing the /usr/bin/sed command.) Note that your paths, options to sort(1) and uniq(1), etc. may vary, depending upon your operating system. This example works properly for FreeBSD. Also, use of nice is obviously optional, but a good idea if you're sharing a system with other users at the same time. Output from the above looks like this: 39 Jun 14 03:19:02.223 [info] Exit to port 443 1 Jun 14 03:16:21.795 [info] Exit to port 6001 1 Jun 14 03:19:20.310 [info] Exit to port 6010 1 Jun 14 03:16:24.275 [info] Exit to port 6666 and so on, where the number at the lefthand side is the number of exits for that port, and the date+timestamp is from the first occurrence in the log file of an exit for that port. You may wish to change the final form of the output lines to suit your own taste. I think you'll find that scanning an info-level log file gives you a very different result from looking at periodic samplings of netstat(1) output. Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at cs.niu.edu * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************