2

I have an app that makes some kind of upd ping to the network and for some short time listens for some port in order to receive some feedback during some timeout. It is short enough to observe if with netstat. I need events of opening port and closing it to be logged. Any ideas?

Improve this question
1
  • 1
    First thing I'd try is strace with the some filtering to get only open and close system calls.
    – dirkt
    Commented Jul 1, 2017 at 8:51

1 Answer 1

Reset to default
2

I'm not sure it is the best approach but i used

buffer1=$(ss -ltun); while true; do buffer2=$(ss -ltun); diff <(echo "$buffer1") <(echo "$buffer2") >> netlog2.log; buffer1=$buffer2; done

^C

cat netlog2.log 6c6 < tcp 0 8 172.16.1.215:31087 :
---

tcp 0 8 172.16.1.215:47339 :
6d5 < tcp 0 8 172.16.1.215:47339 :
11a11 tcp 0 8 172.16.1.215:49491 :
11d10 < tcp 0 8 172.16.1.215:49491 :
10a11 tcp 0 8 172.16.1.215:35249 :

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .