argh! Ports

Jeff Newman wrote:

Actually that is what I want (every port on that IP) - It's a second
nic on that box that only does one thing (just on a couple different
random ports)

I just tried both:
PORT "REMOTE=%192.168.22.3:.*"
and
PORT REMOTE=%192.168.22.3:.*

(without the double quotes)
and neither worked.

Again, explicitly stating PORT REMOTE=192.168.22.3:1234 does work, so
I know it at least partially works :-)

-jeff


On 5/17/07, Galen Johnson <user-d2ff723b6cb6@xymon.invalid> wrote:

Jeff Newman wrote:

All,

Quick question. I have tried every permutation I can think of but
basically:

Every PORT example I can find has something similar to:

PORT LOCAL=%[.:]22$  (etc...)
or
PORT LOCAL=%[.:](80|443)

No example I have seen has it where you KNOW the IP and you DONT know
the port, such as:

192.168.22.3:???????????

I need the port string to match an IP with an unknown port number.

If I do:
PORT REMOTE=192.168.22.3:1234 (saying that netstat has a 1234
established)
it works fine, but (again pretending on the port #'s) if a netstat had
3 established connections to ports 1234,1111,23521 I only get the
1234. I want all of them.

Ive tried permutations for 2 hours now, and can't figure it out.

Thanks,
Jeff

Have you tried "REMOTE=%192.168.22.3:.*"?  Now, that will most likely
get you every port on that IP...which is probably not what you
want...it's usually easier to write it for the ports you want...or
"EXREMOTE=%192.168.22.3:.*"...

=G=

Just tried it using pcretest and it works...there are some threads on 
the list that suggest wrapping the regex in quotes: 
REMOTE="%192.168.22.3:.*"

Dunno what else to try...

=G=