Sometimes I'd like an easy way to produce lists over everything a server accepts or connects to. Not what it can connect to/accept connections from (firewall rules etc) but actual connections.
I can kind of solve this in a number of ways:
- running ss or netstat on a schedule and collect data (how often and how long to make sure nothing slips through? yuck)
- get firewall to log almost everything (not always an option)
Both these ideas should allow me to (with some postprocessing and additional data gathering to ) to generate lists of
- which processes
- send and/or receive data (ok, maybe technically just connects in some cases)
- on what ports
- to or from which addresses
But I still have a feeling I might be missing a simpler solution. Does something like inotify / Filesystemwatcher exist for networks? Or something that can be used to similar effect? I'm more or less comfortable in both Powershell/Bash and a few mainstream programming languages so it is OK even if it requires some assembly.
This question here is kind of similar but the tools recommended seems to be geared more towards what can be connected to, not where data actually flows: Automated Network Mapping