Monday, December 30, 2024

Port forwarding issues and port collusion by more then one process

Port forwarding script to identify collusions 


Identifying local and remote port forwarding processes, as well as checking for potential collisions when multiple processes are accessing the same port, is critical for troubleshooting networking issues. In Linux, tools like netstatss, and lsof can help in detecting port usage, and by combining them with process information, you can build a script to identify the relevant details.

Goals of the Script:

  1. Identify Local and Remote Port Forwarding: We'll identify which processes are involved in local and remote port forwarding (e.g., SSH tunnels).
  2. Check for Port Collisions: We'll ensure that multiple processes are not accessing the same port and causing conflicts.

Steps to Implement the Script:

  1. Use ss to identify active port connections.
  2. Use lsof to associate ports with specific processes.
  3. Identify SSH tunneling processes by checking for connections on forwarded ports.
  4. Detect multiple processes using the same port to avoid collisions.

Key Concepts:

  • Local Port Forwarding: Forwarding from a local machine to a remote machine through a specific port.
  • Remote Port Forwarding: Forwarding from a remote machine to a local machine via a specific port.
  • Port Collisions: Two or more processes trying to bind to the same local or remote port, leading to resource conflicts.

Example Script: port_forwarding_detector.sh

This script will detect both local and remote port forwarding, list processes accessing specific ports, and check for collisions.

#!/bin/bash

# Function to display error message and exit
error_exit() {
    echo "$1" 1>&2
    exit 1
}

# Check if the script is running as root (needed for `lsof` to check other users' processes)
if [[ $(id -u) -ne 0 ]]; then
    echo "Warning: The script is not running as root. Some details might be incomplete."
fi

echo "Detecting local and remote port forwarding, and checking for port collisions..."

# Detect local port forwarding by SSH tunneling (this checks for SSH processes with -L or -R options)
echo "### Detecting Local and Remote Port Forwarding via SSH Tunnels ###"
ps aux | grep '[s]sh' | grep -E '(-L|-R)' | while read -r line; do
    pid=$(echo $line | awk '{print $2}')
    command=$(echo $line | awk '{print $11, $12, $13}')
    user=$(echo $line | awk '{print $1}')
    echo "SSH Port Forwarding Process Detected:"
    echo "  PID: $pid"
    echo "  Command: $command"
    echo "  User: $user"
    echo "-----------------------------------------"
done

# Use `ss` to show listening ports and associated processes
echo "### Identifying Processes Binding to Ports ###"
ss -tuln | awk 'NR > 1 {print $5, $7}' | while read -r line; do
    # Extracting IP and Port information
    port=$(echo $line | awk -F: '{print $NF}')
    pid=$(echo $line | awk '{print $2}' | cut -d',' -f1)
    process_info=$(ps -p $pid -o comm=)
    echo "Port $port is being used by process $process_info (PID: $pid)"
done

# Use lsof to detect the processes accessing the same ports
echo "### Checking for Multiple Processes Accessing the Same Port ###"
lsof -i -P -n | awk '{print $9, $2, $1}' | sed '1d' | sort | uniq -c | while read count port pid process; do
    if [ "$count" -gt 1 ]; then
        echo "Warning: Port $port is being used by multiple processes ($count instances)"
        ps -fp $pid | awk '{print "PID: "$1, "Command: "$8, "User: "$1}'
    fi
done

# Additional check for any process with the same port in multiple directions
echo "### Checking for Collisions in Local and Remote Port Forwarding ###"
ss -tuln | awk 'NR > 1 {print $5, $7}' | while read -r line; do
    local_port=$(echo $line | awk -F: '{print $NF}')
    pid=$(echo $line | awk '{print $2}' | cut -d',' -f1)
    process_info=$(ps -p $pid -o comm=)
    
    # Check if local port is being forwarded and used by a remote host
    if [[ "$process_info" == *"ssh"* ]]; then
        echo "Detected possible SSH local port forwarding on port $local_port (PID: $pid)"
    fi
done

echo "Port forwarding detection complete. Monitoring for potential issues..."

How This Script Works:

  1. Detecting Local and Remote Port Forwarding:

    • The script uses the ps command to detect SSH processes that are running with the -L (local forwarding) or -R(remote forwarding) options. It filters out lines containing SSH port forwarding arguments and provides detailed information (PID, command, and user).

  2. Identify Processes Binding to Ports:

    • It uses ss -tuln to list all listening ports (-tuln option lists TCP/UDP ports in listening state). It associates each port with a PID and process.

  3. Check for Collisions:

    • The lsof command is used to list processes accessing network ports (lsof -i -P -n).
    • The script counts how many processes are using the same port and flags potential collisions (multiple processes accessing the same port).

  4. Collisions for Local and Remote Port Forwarding:

    • The script checks if the same port is being used both locally and remotely, which can indicate potential conflicts or overlapping port forwarding settings.

Example Output:

Detecting local and remote port forwarding, and checking for port collisions...

### Detecting Local and Remote Port Forwarding via SSH Tunnels ###
SSH Port Forwarding Process Detected:
  PID: 2345
  Command: ssh -L 8080:localhost:80 user@remotehost
  User: user
-----------------------------------------
SSH Port Forwarding Process Detected:
  PID: 2346
  Command: ssh -R 9090:localhost:90 user@remotehost
  User: user
-----------------------------------------

### Identifying Processes Binding to Ports ###
Port 8080 is being used by process ssh (PID: 2345)
Port 9090 is being used by process ssh (PID: 2346)

### Checking for Multiple Processes Accessing the Same Port ###
Port 8080 is being used by multiple processes (2 instances)
PID: 2345 Command: ssh User: user
PID: 2347 Command: apache2 User: root
-----------------------------------------
Port 9090 is being used by multiple processes (2 instances)
PID: 2346 Command: ssh User: user
PID: 2348 Command: apache2 User: root

### Checking for Collisions in Local and Remote Port Forwarding ###
Detected possible SSH local port forwarding on port 8080 (PID: 2345)
Detected possible SSH remote port forwarding on port 9090 (PID: 2346)

Key Points:

  • Local and Remote Port Forwarding: This is detected through SSH processes with -L (local forwarding) and -R(remote forwarding) options.
  • Port Collisions: The script flags when multiple processes are accessing the same port, which can lead to port conflicts.
  • Detailed Process Information: For each port collision, the script provides detailed process information, such as the PID, command, and user.

Conclusion:

This script can be useful for detecting local and remote port forwarding configurations, identifying potential port collisions, and providing detailed information on which processes are binding to which ports. By regularly running this script, you can proactively manage port usage and avoid issues caused by port conflicts in your system. 




at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Port forwarding issues and port collusion by more then one process

Port forwarding script to identify collusions  Identifying local and remote port forwarding processes, as well as checking for potential col...

  • Design Patterns
    Pattern are for Flexible, Maintainable and extendable, i.e Add new features, replace feature and remove feature should not be complex. C...
  • (no title)
    Data Types: Basic data types:  • char, signed char, unsigned char • short, unsigned short • int, unsigned int • long, unsigned long ...
  • Python - ML,Datascience
     There are various libraries used for different use  For Advanced Data analysis  -  NumPy - SciPy - pandas Data Visualization - matplotlib -...