?
Solved

Log All Outgoing Connections

Posted on 2010-09-21
2
Medium Priority
?
647 Views
Last Modified: 2012-05-10
I need to know what external connections (WAN) a server is using over a period of a day. I thought of using Wireshark or netstat >textfile or even windows firewall but am not sure how the best way would be. Once I have a days worth I can then create static routes for these connections and remove the default gateway to restrict the servers outbound connections.
0
Comment
Question by:DowntownIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 1000 total points
ID: 33731715
You can certainly use
netstat -abnt 10 |findstr /rv 127.0.0.1 | findstr ESTABLISHED >somefile.txt
 to query netstat every 10 seconds breaking down ip:port. Creating static routes and removing the gateway are not how you would allow/restrict access to these sites. Wireshark may better suited for the task as you can use better expressions to filter what you want to capture.

You can use a wireshark capture filter of:
tcp or udp and not dst net 10.0.0.0/8
if your network is using 10.x.x.x, or 192.168.0.0/16 if your using that rfc1918 subnet.
-rich
0
 
LVL 70

Assisted Solution

by:Qlemo
Qlemo earned 1000 total points
ID: 33732291
To deny/allow traffic you usually configure the integrated firewall. And even that will not help you much when you allow only based on IP address, as IP addresses might change (eg. automated update services use akamai servers, which are *a lot*). You will need to allow all traffic from particular services and executables for that reason.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question