netstat and what is connected to my server

Posted on 2006-11-27
Medium Priority
Last Modified: 2008-01-09
I am trying to get an idea of what is connecting to my machine internally and externally.
Using netstat -t I can see some of the ip address of the machine, internal as well as external ip address of machines connected to my machine.  is there away to get more information of harmful attempts vs normal attempts?

here is some netstat output
tcp        0      0 mail.domain:smtp aky179.neoplus.adsl.t:rnmap TIME_WAIT  
tcp        0      0 mail.domain:ndmp ESTABLISHED
tcp        0      0 mail.domain:ndmp   ESTABLISHED
tcp        0      0 mail.domain:smtp   ESTABLISHED
tcp        0      0 mail.domain:pop3 ::ffff: TIME_WAIT  
tcp        0      0 mail.domain:pop3 ::ffff:192.1:teleniumdaemon TIME_WAIT  
tcp        0      0 mail.domain:pop3 ::ffff:192.168.1.:hpvmmdata TIME_WAIT  
tcp        0      0 mail.domain:pop3 ::ffff:192.1:krb5gatekeeper TIME_WAIT  
Question by:iceman19330
LVL 16

Expert Comment

ID: 18019884

Have you tried using:

netstat -ntlp

This should show all the connections
LVL 14

Expert Comment

ID: 18019936
harmful events are more often recorded in


do a

tail -f /var/log/messages

netstat -an

might give a list of ip addresses and you might want to do a

cat /var/log/messages | grep ip.address.from.netstat.here

which might show only relevant messages...

Accepted Solution

_iskywalker_ earned 2000 total points
ID: 18019983
netstat -ntlp as root says a lot.
you should start there, then go to lsof (shows which files are opens, sockets are files, so you see also opened sockets).
if you want to trace you nettraffic try ethereal. it traces the traffic so you see what is send and what is received.

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Cron is one of the most popular and basic utilities found on Unix systems. Combined with other tools, cron makes it exceptionally easy to automate a broad range of tasks on your server.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question