Thursday, March 1, 2018

R80.10 Checkpoint Top Talkers Script - Display top 50 Source/Destinations 

#!/bin/bash
# Last Edit on 05/03/2013
# Using SecureXL connection table vs general connections table to minimize impact on live devices. It is also significantly quicker to poll.

pause(){
  local m="$@"
 echo "$m"
 read -p "Press [Enter] key to continue..." key
}


clear
while :
do
clear
echo "Hello, Welcome to the Checkpoint Top Talkers display utility by Craig Dods"
echo "-----------------------------------------------"
echo "      M A I N - M E N U"
echo "-----------------------------------------------"
echo "Please note that this is for use on devices with SecureXL enabled ONLY"
echo ""
echo "1.  Display the top 50 Source/Destination combos"
echo "2.  Display the top 50 Source/Destination combos with identical Destination Ports"
echo "3.  Display the top 50 Source/Destination combos with identical Source Ports"
echo "4.  Display the top 50 Sources"
echo "5.  Display the top 50 Destinations"
echo "6.  Display the top 50 Source/Destination combos on a Custom Destination Port"
echo "7.  Display the top 50 Source/Destination combos on a Custom Source Port"
echo "8.  Display the top 50 Sources on a Custom Destination Port"
echo "9.  Display the top 50 Destinations on a Custom Destination Port"
echo "10. Display the top 50 Sources on a Custom Source Port"
echo "11. Display the top 50 Destinations on a Custom Source Port"
echo "12. Display the top 20 Destination Ports"
echo "13. Display the top 20 Source Ports"
echo "14. Display Connections From A Specific Host (large list)"
echo "15. Display Connections To A Specific Host (large list)"
echo "16. Exit"

echo -n "Please Make A Selection:  "

read opt
 case $opt in
 1) 
 echo "     #      SRC IP          DST IP"
 fwaccel conns | awk '{printf "%-16s %-15s\n", $1,$3}' | sort | uniq -c | sort -n -r | head -n 50;
 pause;;
 2) 
 echo "     #      SRC IP          DST IP       DPort"
 fwaccel conns | awk '{printf "%-16s %-16s %-10s\n", $1,$3,$4}' | sort | uniq -c | sort -n -r | head -n 50
 pause;;
 3) 
 echo "     #      SRC IP          DST IP       SPort"
 fwaccel conns | awk '{printf "%-16s %-16s %10s\n", $1,$3,$2}' | sort | uniq -c | sort -n -r | head -n 50
 pause;;
 4) 
 echo "     #      SRC IP"
 fwaccel conns | awk '{print $1}' | sort | uniq -c | sort -n -r | head -n 50
 pause;;
 5) 
 echo "     #      DST IP"
 fwaccel conns | awk '{print $3}' | sort | uniq -c | sort -n -r | head -n 50
 pause;;
 6) 
 echo "Please enter the specific Destination Port you wish to filter for:  "
 read dport;
 echo ""
 echo "     #      SRC IP       DST IP on DPORT" $dport
 fwaccel conns | awk -v DPT=$dport '$4==DPT{print}' | awk '{printf "%-16s %-15s\n", $1,$3}' | sort | uniq -c | sort -n -r | head -n 50
 pause;;
 7) 
 echo "Please enter the specific Source Port you wish to filter for:  "
 read sport;
 echo ""
 echo "     #      SRC IP       DST IP on SPORT" $sport
 fwaccel conns | awk -v DPT=$sport '$2==DPT{print}' | awk '{printf "%-16s %-15s\n", $1,$3}' | sort | uniq -c | sort -n -r | head -n 50
 pause;;
 8) 
 echo "Please enter the specific Destination Port you wish to filter for:  "
 read dport;
 echo ""
 echo "     #  SRC IP on DPORT" $dport
 fwaccel conns | awk -v DPT=$dport '$4==DPT{print}' | awk '{printf "%-16s\n", $1}' | sort | uniq -c | sort -n -r | head -n 50
 pause;;
 9) 
 echo "Please enter the specific Destination Port you wish to filter for:  "
 read dport;
 echo ""
 echo "     #  DST IP on DPORT" $dport
 fwaccel conns | awk -v DPT=$dport '$4==DPT{print}' | awk '{printf "%-16s\n", $3}' | sort | uniq -c | sort -n -r | head -n 50
 pause;;
 10) 
 echo "Please enter the specific Source Port you wish to filter for:  "
 read sport;
 echo ""
 echo "     #  SRC IP on SPORT" $sport
 fwaccel conns | awk -v DPT=$sport '$2==DPT{print}' | awk '{printf "%-16s\n", $1}' | sort | uniq -c | sort -n -r | head -n 50
 pause;;
 11) 
 echo "Please enter the specific Source Port you wish to filter for:  "
 read sport;
 echo ""
 echo "     #  DST IP on SPORT" $sport
 fwaccel conns | awk -v DPT=$sport '$2==DPT{print}' | awk '{printf "%-16s\n", $3}' | sort | uniq -c | sort -n -r | head -n 50
 pause;;
 12) 
 echo ""
 echo "     #  DPORT" $dport
 fwaccel conns | awk '{print $4}' | sort | uniq -c | sort -n -r | head -n 20
 pause;;
 13) 
 echo ""
 echo "     #  SPORT" $sport
 fwaccel conns | awk '{print $2}' | sort | uniq -c | sort -n -r | head -n 20
 pause;;
 14) 
 echo "Please enter the specific Host you wish to filter for as a Source:  "
 read host;
 echo ""
 fwaccel conns -s
 echo "Number of entries sourced from this host"
 fwaccel conns | awk -v DPT=$host '$1==DPT{print}' | wc -l
 echo "     #  Host" $host
 fwaccel conns | awk -v DPT=$host '$1==DPT{print}'| sort | sort -n -r
 pause;;
 15) 
 echo "Please enter the specific Host you wish to filter for as a Destination:  "
 read host;
 echo ""
 fwaccel conns -s
 fwaccel conns | awk -v DPT=$host '$3==DPT{print}' | wc -l
 echo "     #  Host" $host
 fwaccel conns | awk -v DPT=$host '$3==DPT{print}'| sort | sort -n -r 
 pause;;
 16)
 exit 1;;

 esac
done
Posted by at