Hi
@Chintan Myakal,
You can see the status of the TCP connections in /proc/hades/status.
Here's the link to the article that can be useful:
https://docs.imperva.com/howto/0c0def26.BTW if you are using version 14.1 and higher, /proc/hades is in new location:
/opt/SecureSphere/etc/proc/hades.
Also, you can check /proc/hades/streams or /proc/hades/debug_streams, where you can find the output in the following format:
#
5
3
1
(
0
0
)
172.31
.
1.2
:
38058
->
172.31
.
1.20
:
80
[
3696045778
11986
] VedaApp_6388299901074987586:http
#
11
4
1
(
420
17376
)
172.31
.
1.2
:
38066
->
172.31
.
1.20
:
80
[
2843750936
12824
] VedaApp_6388299901074987586:http
#
3
4
1
(
3280
51007
)
172.31
.
1.2
:
38055
->
172.31
.
1.20
:
80
[
1196734582
47222
] VedaApp_6388299901074987586:http
#
4
6
1
(
1606
14632
)
172.31
.
1.2
:
38056
->
172.31
.
1.20
:
80
[
1169739654
53126
] VedaApp_6388299901074987586:http
#
10
6
0
(
0
0
)
172.31
.
1.2
:
38051
->
172.31
.
1.20
:
80
[
1048636680
60680
] VedaApp_6388299901074987586:http
#
1
4
1
(
1194
5645
)
172.31
.
1.20
:
32817
->
172.31
.
1.10
:
3306
[
828832888
64632
] VedaDB_-
6090531506468589997
:mysql
#
12
6
0
(
0
0
)
172.31
.
1.2
:
38057
->
172.31
.
1.20
:
80
[
764157005
7245
] VedaApp_6388299901074987586:http
#
8
3
1
(
0
0
)
172.31
.
1.2
:
38060
->
172.31
.
1.20
:
80
[
1127231097
11897
] VedaApp_6388299901074987586:http
#
3
4
1
(
425
37648
)
172.31
.
1.2
:
38050
->
172.31
.
1.20
:
80
[
1586378835
14419
] VedaApp_6388299901074987586:http
#
11
3
1
(
0
0
)
172.31
.
1.2
:
38065
->
172.31
.
1.20
:
80
[
2493203771
17723
] VedaApp_6388299901074987586:http
#
5
3
1
(
0
0
)
172.31
.
1.2
:
38053
->
172.31
.
1.20
:
80
[
4063321227
23691
] VedaApp_6388299901074987586:http
#
10
4
1
(
2050
29543
)
172.31
.
1.2
:
38064
->
172.31
.
1.20
:
80
[
3291583387
37787
] VedaApp_6388299901074987586:http
#
4
3
1
(
0
0
)
172.31
.
1.2
:
38052
->
172.31
.
1.20
:
80
[
534762305
54081
] VedaApp_6388299901074987586:http
#
1
4
1
(
812
7296
)
172.31
.
1.2
:
38048
->
172.31
.
1.20
:
80
[
2830162023
55399
] VedaApp_6388299901074987586:http
Output Syntax (per column):
- stream-id: Internal stream identification number
- state: TCP connection state (0:SYN_INIT, 1:SYN_ACK, 2:SYN_ACK_INIT, 3:CONNECT_ACK, 4:ESTABLISHED, 5:ESTABLISHED_INIT, 6:FIN_WAIT, 7:TIME_WAIT)
- conndir: Connection direction (0 or 1)
- (data_count1 data_count2): Bytes that flow in each direction (s2d d2s)
- srcip:srcport -> dstip:dstport: Socket tuple that identify unequivocally the connection in the network.
- [hashtbl hashtbl_index]: TBD
- ServerGroup:service: Server group and service where the stream is hooked. Useful to evaluate load per service.
Please let me know if this is helpful or you need more info.
Best,
------------------------------
Ira Miga
Imperva
Knowledge Engineer
------------------------------
Original Message:
Sent: 04-03-2021 04:27
From: Chintan Myakal
Subject: How to check current HTTPS connections in securesphere vis CLI ?
Hello,
I am unable to find out, how to check current HTTPS connections in on-premise waf via CLI. Also, please share if there's a reference document .
Thanks
Chintan
#On-PremisesWAF(formerlySecuresphere)
------------------------------
Chintan Myakal
Sr.Cybersecurity Analyst
Mumbai
------------------------------