Home > Blockchain >  automated retrieval of the external ip address of all of my current connections
automated retrieval of the external ip address of all of my current connections

Time:12-31

I am trying to make a program that automatically lists all of the connections to my computer from outside of the router. The end goal of this script is that I would like to be able to have a clean list of the external IP addresses of every server/website I am connecting to. I am also trying to use this as a way to learn more about how networks, websites, and servers work so I am sorry for any mistakes I make with terminology and general knowledge!

My tcpdump bash script:

while :
do
# get myip and assign it to a variable
myip="$(ifconfig wlp2s0 | grep -E -o -m 1 "inet................" | grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)")"


# tcpdump on my ip for all packets going to or from my ip address. the ipaddress of the packets is placed in IP Address.txt
sudo tcpdump -c 1 -nn host "$myip" | grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" >> IPaddress.txt


done

I thought that tcpdump would be the tool for this however I confess that I do not know how tcpdump works. This script is a bash file that I am running through ubuntu. How would I use tcpdump to collect the IP address of every website that I am connecting to? I read the tcpdump documentation and believe it can help me achieve my goal however if there are better tools out there I would love to hear it! Currently, this code only displays internal IP addresses. ;(

CodePudding user response:

I'd lean more towards using ss or netstat.

ss --all --ipv4 

Would show all IPv4 connections.

The same works for IPv6 of course; and you could add one of many arguments to get more detailed information if you want, such as --processes, --extended, or --info.

There's also a few more arguments to control the output format, making it more suitable for parsing:

ss --all --ipv4 --processes --no-header --oneline

CodePudding user response:

Suggest to follow ss command . Learn about ss command here.

  • Related