Re: Analyze Traffic of ssh port using perl script

Are you local on the box? If so, you can use Proc::ProcessTable to see who is running sshd. Those are your ssh users, minus the sshd which is the parent, which will be the original sshd which is running and listening to port 22. I don't know what you mean by "analyze the traffic". Hope you aren't trying to be an 31337 h4X0r or something.

Some non-perl centered options might be parsing 'netstat -an' output and seeing who is connected to port 22. Or how about using the output of 'lsof -i'.

HTH

Comment on Re: Analyze Traffic of ssh port using perl script

Replies are listed 'Best First'.
Re: Re: Analyze Traffic of ssh port using perl script by Anonymous Monk on Jul 29, 2003 at 13:15 UTC
Hi , I want to get connected to port 22 of a remote machine and then get the user's logged in on 22 port of that remote machine . I would like to display a list of users logged in , time of connect , disconnect time and the IP addresses from where they arrived . Can u suggest me something on my above problem ??? Thankyou !	[reply]
Re: Re: Re: Analyze Traffic of ssh port using perl script by pzbagel (Chaplain) on Jul 29, 2003 at 16:09 UTC
Unless you can authenticate and get shell access, you will not be able to enumerate what is running on the box. You used to be able to do this with a service like rstat, rwho, finger, etc. but any sysadmin worth his salt turns those services off because they are an information leak for hackers. If you do have shell access, then simply have your script login and use one of the method I described above. HTH	[reply]