Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

netstat and what is connected to my server

Posted on 2006-11-27
3
Medium Priority
?
1,312 Views
Last Modified: 2008-01-09
I am trying to get an idea of what is connecting to my machine internally and externally.
Using netstat -t I can see some of the ip address of the machine, internal as well as external ip address of machines connected to my machine.  is there away to get more information of harmful attempts vs normal attempts?

here is some netstat output
tcp        0      0 mail.domain:smtp aky179.neoplus.adsl.t:rnmap TIME_WAIT  
tcp        0      0 mail.domain:ndmp 192.168.1.22:timestenbroker ESTABLISHED
tcp        0      0 mail.domain:ndmp 192.168.1.227:nattyserver   ESTABLISHED
tcp        0      0 mail.domain:smtp 59.92.39.244:netbill-auth   ESTABLISHED
...
tcp        0      0 mail.domain:pop3 ::ffff:192.168.1.6:bvtsonar TIME_WAIT  
tcp        0      0 mail.domain:pop3 ::ffff:192.1:teleniumdaemon TIME_WAIT  
tcp        0      0 mail.domain:pop3 ::ffff:192.168.1.:hpvmmdata TIME_WAIT  
tcp        0      0 mail.domain:pop3 ::ffff:192.1:krb5gatekeeper TIME_WAIT  
0
Comment
Question by:iceman19330
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 16

Expert Comment

by:xDamox
ID: 18019884
Hi,

Have you tried using:

netstat -ntlp

This should show all the connections
0
 
LVL 14

Expert Comment

by:ygoutham
ID: 18019936
harmful events are more often recorded in

/var/log/secure
/var/log/messages

do a

tail -f /var/log/messages

netstat -an

might give a list of ip addresses and you might want to do a

cat /var/log/messages | grep ip.address.from.netstat.here

which might show only relevant messages...
0
 
LVL 6

Accepted Solution

by:
_iskywalker_ earned 2000 total points
ID: 18019983
netstat -ntlp as root says a lot.
you should start there, then go to lsof (shows which files are opens, sockets are files, so you see also opened sockets).
if you want to trace you nettraffic try ethereal. it traces the traffic so you see what is send and what is received.
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question