Get the time a connection is established to a destination IP? Detect VPN?
-
Hi,
is there a possibility to get the time how long a connection to a destination IP is established ?
I think this could make it possible for me to find connections which are VPN connections.So lets say a connection which is established to the same destination IP longer than 5min is not a common http or https connection. There could be of course some exception.
So is there a way from pfsense webGUI or some freebsd command line code ?
Thanks
-
Perhaps you can use the firewall log to see when a connection is established, then check the state table (Diagnostics->States) to see if the connection is still open and do the math.
But I wouldn't make the assumption that an http/https connection open longer than 5 minutes is inappropriate. Dowloading a large file, for example.
-
Perhaps you can use the firewall log to see when a connection is established, then check the state table (Diagnostics->States) to see if the connection is still open and do the math.
Would be hardly possible I think because I have to check many many https connections and that would be really hard. But in theory this would work. :)
But I wouldn't make the assumption that an http/https connection open longer than 5 minutes is inappropriate. Dowloading a large file, for example.
Generally you are right. But then I would have regularyly a look on this connection and if this will be there every day then I can take a deeper look at that.
I thought about a "top ten" of the longest established connections somewhere on pfsense GUI or on command line.
-
I did some more search on the internet and some tips for the command line or other tools but I did not find anything useful.
So if there is someone who could give me some tips it would be really great.