Solved

netstat and what is connected to my server

Posted on 2006-11-27
3
1,294 Views
Last Modified: 2008-01-09
I am trying to get an idea of what is connecting to my machine internally and externally.
Using netstat -t I can see some of the ip address of the machine, internal as well as external ip address of machines connected to my machine.  is there away to get more information of harmful attempts vs normal attempts?

here is some netstat output
tcp        0      0 mail.domain:smtp aky179.neoplus.adsl.t:rnmap TIME_WAIT  
tcp        0      0 mail.domain:ndmp 192.168.1.22:timestenbroker ESTABLISHED
tcp        0      0 mail.domain:ndmp 192.168.1.227:nattyserver   ESTABLISHED
tcp        0      0 mail.domain:smtp 59.92.39.244:netbill-auth   ESTABLISHED
...
tcp        0      0 mail.domain:pop3 ::ffff:192.168.1.6:bvtsonar TIME_WAIT  
tcp        0      0 mail.domain:pop3 ::ffff:192.1:teleniumdaemon TIME_WAIT  
tcp        0      0 mail.domain:pop3 ::ffff:192.168.1.:hpvmmdata TIME_WAIT  
tcp        0      0 mail.domain:pop3 ::ffff:192.1:krb5gatekeeper TIME_WAIT  
0
Comment
Question by:iceman19330
3 Comments
 
LVL 16

Expert Comment

by:xDamox
Comment Utility
Hi,

Have you tried using:

netstat -ntlp

This should show all the connections
0
 
LVL 14

Expert Comment

by:ygoutham
Comment Utility
harmful events are more often recorded in

/var/log/secure
/var/log/messages

do a

tail -f /var/log/messages

netstat -an

might give a list of ip addresses and you might want to do a

cat /var/log/messages | grep ip.address.from.netstat.here

which might show only relevant messages...
0
 
LVL 6

Accepted Solution

by:
_iskywalker_ earned 500 total points
Comment Utility
netstat -ntlp as root says a lot.
you should start there, then go to lsof (shows which files are opens, sockets are files, so you see also opened sockets).
if you want to trace you nettraffic try ethereal. it traces the traffic so you see what is send and what is received.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now