Solved

Log All Outgoing Connections

Posted on 2010-09-21
2
631 Views
Last Modified: 2012-05-10
I need to know what external connections (WAN) a server is using over a period of a day. I thought of using Wireshark or netstat >textfile or even windows firewall but am not sure how the best way would be. Once I have a days worth I can then create static routes for these connections and remove the default gateway to restrict the servers outbound connections.
0
Comment
Question by:DowntownIT
2 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 250 total points
ID: 33731715
You can certainly use
netstat -abnt 10 |findstr /rv 127.0.0.1 | findstr ESTABLISHED >somefile.txt
 to query netstat every 10 seconds breaking down ip:port. Creating static routes and removing the gateway are not how you would allow/restrict access to these sites. Wireshark may better suited for the task as you can use better expressions to filter what you want to capture.

You can use a wireshark capture filter of:
tcp or udp and not dst net 10.0.0.0/8
if your network is using 10.x.x.x, or 192.168.0.0/16 if your using that rfc1918 subnet.
-rich
0
 
LVL 69

Assisted Solution

by:Qlemo
Qlemo earned 250 total points
ID: 33732291
To deny/allow traffic you usually configure the integrated firewall. And even that will not help you much when you allow only based on IP address, as IP addresses might change (eg. automated update services use akamai servers, which are *a lot*). You will need to allow all traffic from particular services and executables for that reason.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question