Tag Archives: wget

Connection counting on your *nix based router/appliance

At my work in the past we’ve had to hunt down infected systems that have caused networks to come to a near standstill and their WAN IP/email DNS name to become blacklisted. On routers with dd-wrt, there’s a nice feature where you can see a connection count per each system. A majority of the time we have discovered that systems with very high connection counts tend to be infected and cause network issues. Unfortunately, dd-wrt doesn’t really cut it anymore for our needs and we had to shift over toward different firmware alternatives (like http://tomato.groov.pl/?page_id=164 or https://www.snbforums.com/threads/fork-asuswrt-merlin-374-43-lts-releases-v22e4-23b8.18914/ ). However, these alternatives tend to not have a connection count feature. After some googling, I’ve found a work around if you can get ssh or telnet access to the device:

cat /proc/net/ip_conntrack | awk '{print $5}'| cut -d: -f1 | sort | uniq -c | sort -nr | fgrep "$(ifconfig br0 | grep "inet addr" | awk '{print $2}' | sed 's/addr://g' | cut -d. -f1-3)"

You can download from my website and run it this way:

wget http://zitstif.no-ip.org/concount; watch -n 1 ‘/bin/sh concount’

Stuff to throw in your C:\Windows\System32 directory and %PATH% variable

Ah… WINKEY+R and cmd.exe, two awesome means of launching programs and commands within a Windows environment. In my humble opinion, WINKEY+R is probably one of the best keyboard shortcuts to know,  especially if you work in the tech industry. I mention this because I find myself using this keyboard shortcut a lot and it’s nice just to call out the name of a program rather than hunting around for it in a GUI. Need to see trace route for google.com? WINKEY+R then tracert www.google.com. Need to do a force shutdown? WINKEY+R then shutdown -s -t 0 -f . The list goes on but today we will be adding to this list because we all know that there are a myriad of utilities out there that don’t come with Windows installations by default and it’s nice to have them sitting in your System32 directory or in your %PATH% variable to quickly execute. I will warn you that some of the utilities I will recommend may make it easier for your system to be used as a pivot point if your system gets compromised. Additionally some of these tools may be detected as ‘viruses’ by anti-virus programs. Lastly, this article isn’t a comprehensive list of ALL the utilities that could be added or desired. It’s merely a means of getting you started. With that being said, let’s continue.

Cygwin:

For those of you who want to give your Windows system more a UNIX/Linux feel, I strongly recommend installing Cygwin and customizing your install to have all the Unix based goodies that your little heart desires. Once you’ve done this, add the /bin/ directory to your %PATH% variable. Now you can use egrep instead of findstr. Also you can now use wget, curl, ssh utilities suite, netcat, perl and other powerful scripting languages from cmd.exe! (Provided you have selected to install these during the customization part of your Cygwin install.)

https://www.cygwin.com/

Sysinternals Tools:

Mark Russinovich deserves a medal of some sort. Practically every tool he makes for Windows is a must have if you work on Windows systems. So feel free to download and copy all of these .exe files to your System32 directory:

https://technet.microsoft.com/en-us/sysinternals/bb842062.aspx

I personally use autoruns.exe all the time as a much greater alternative to msconfig and hijackthis.

Putty software suite:

If you forgot to install the ssh utilities under Cygwin, don’t worry and put these in your System32 directory:

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html


Other useful tools to have:

Here’s a list of some other tools that are very useful to have in your System32 directory:

Bluescreenview – great utility for getting information on BSODs

coretemp – (pretty self explanatory)

cpuz– very useful tool for getting information about your CPU, Motherboard, and RAM

fciv – Microsoft’s hash checksum utility

gpuz – like cpuz but for graphics cards

p95 –useful tool to benchmark your system

rufus -Create bootable USB drives with picky distros (not all work with YUMI)

Speccy -great alternative to msinfo32 that is better in some departments

usbdeview -useful for getting information about usb devices that have been plugged into your system

vncviewer

YUMI – create multi linux distro and OS bootable flash drives (see: http://zitstif.no-ip.org/?p=973 )

Of course this list isn’t complete but I strongly feel that this is a good start. If you feel inclined to suggest some tools/utilities to add to the list feel free to leave a comment or send me an email.