Solved

netstat and what is connected to my server

Posted on 2006-11-27
3
1,295 Views
Last Modified: 2008-01-09
I am trying to get an idea of what is connecting to my machine internally and externally.
Using netstat -t I can see some of the ip address of the machine, internal as well as external ip address of machines connected to my machine.  is there away to get more information of harmful attempts vs normal attempts?

here is some netstat output
tcp        0      0 mail.domain:smtp aky179.neoplus.adsl.t:rnmap TIME_WAIT  
tcp        0      0 mail.domain:ndmp 192.168.1.22:timestenbroker ESTABLISHED
tcp        0      0 mail.domain:ndmp 192.168.1.227:nattyserver   ESTABLISHED
tcp        0      0 mail.domain:smtp 59.92.39.244:netbill-auth   ESTABLISHED
...
tcp        0      0 mail.domain:pop3 ::ffff:192.168.1.6:bvtsonar TIME_WAIT  
tcp        0      0 mail.domain:pop3 ::ffff:192.1:teleniumdaemon TIME_WAIT  
tcp        0      0 mail.domain:pop3 ::ffff:192.168.1.:hpvmmdata TIME_WAIT  
tcp        0      0 mail.domain:pop3 ::ffff:192.1:krb5gatekeeper TIME_WAIT  
0
Comment
Question by:iceman19330
3 Comments
 
LVL 16

Expert Comment

by:xDamox
ID: 18019884
Hi,

Have you tried using:

netstat -ntlp

This should show all the connections
0
 
LVL 14

Expert Comment

by:ygoutham
ID: 18019936
harmful events are more often recorded in

/var/log/secure
/var/log/messages

do a

tail -f /var/log/messages

netstat -an

might give a list of ip addresses and you might want to do a

cat /var/log/messages | grep ip.address.from.netstat.here

which might show only relevant messages...
0
 
LVL 6

Accepted Solution

by:
_iskywalker_ earned 500 total points
ID: 18019983
netstat -ntlp as root says a lot.
you should start there, then go to lsof (shows which files are opens, sockets are files, so you see also opened sockets).
if you want to trace you nettraffic try ethereal. it traces the traffic so you see what is send and what is received.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will explain how to make squid prevent malwares in five easy steps: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-…
I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now