Eli Fulkerson .com HomeProjectsConnflow
 

connflow.py

Description:

This script connects to a Cisco firewall (originally PIX, currently ASA, the output is pretty much identical). It pulls down the 'show conn' output, waits 10 seconds, pulls down a second 'show conn', and then parses and generates an html file detailing the differences between the two. In a nutshell, this lets you see which of the connections are currently the biggest talkers based on those two snapshots. I've had this script kicking around for a long time and never uploaded it - I think its a little brittle.

You will also need plink.exe - this is the command line driven version of PuTTY. I have not included it in this download.

This program isn't particularly polished. Here is the 'readme.txt' that I have included for myself...

Readme.txt:

This is a script that logs into a Cisco Pix/ASA, does two "show conn" commands ~10 seconds apart, then compares the output and generates an html report based on the difference between the two sets of output. In particular, it gives you a kbps for each discovered connection (by subtracting the bit count from the original command from the second and dividing by interval). Its a quick and dirty "who is talking RIGHT NOW" script. This script might be a little rough around the edges - I wrote it 6+ years ago and only recently discovered that it wasn't lost. Other than making it work again I have done very little cleanup of past Eli's sloppy code. You will need to keep a few things in mind. - Download a copy of "plink.exe", that is, the command line version of PuTTY and have it available for the script (that is, path or same directory) I'm including one, which is probably pretty old at this point since his license (http://www.chiark.greenend.org.uk/~sgtatham/putty/licence.html) seems to permit it. If the script still works you are probably better off with whatever his modern version is. Leaving the old one in here for myself, because lazy. - Folder has to be writable, pix_scrape_tmp has to be writable - For some reason plink can't find the temporary command file under Cygwin, I can't be bothered to figure out why. use cmd.exe or the batch file. - Might have to edit the batch file based on your Python installation location. I believe at the time I wrote this I'm using Python 2.7 under windows. - You will need to connect to each device with putty manually, first. This is because it isn't possible to skip the "new key/changed key" prompt the first time you connect. You have to connect manually and accept the key and you should be fine. You might have to tweak things if Cisco changes their output, also. -Eli

Example Output:

connflow_demo.html Note - the IP addresses in this file are deliberate gibberish.

Download:

projects/connflow/connflow.zip