?
Solved

netstat and what is connected to my server

Posted on 2006-11-27
3
Medium Priority
?
1,318 Views
Last Modified: 2008-01-09
I am trying to get an idea of what is connecting to my machine internally and externally.
Using netstat -t I can see some of the ip address of the machine, internal as well as external ip address of machines connected to my machine.  is there away to get more information of harmful attempts vs normal attempts?

here is some netstat output
tcp        0      0 mail.domain:smtp aky179.neoplus.adsl.t:rnmap TIME_WAIT  
tcp        0      0 mail.domain:ndmp 192.168.1.22:timestenbroker ESTABLISHED
tcp        0      0 mail.domain:ndmp 192.168.1.227:nattyserver   ESTABLISHED
tcp        0      0 mail.domain:smtp 59.92.39.244:netbill-auth   ESTABLISHED
...
tcp        0      0 mail.domain:pop3 ::ffff:192.168.1.6:bvtsonar TIME_WAIT  
tcp        0      0 mail.domain:pop3 ::ffff:192.1:teleniumdaemon TIME_WAIT  
tcp        0      0 mail.domain:pop3 ::ffff:192.168.1.:hpvmmdata TIME_WAIT  
tcp        0      0 mail.domain:pop3 ::ffff:192.1:krb5gatekeeper TIME_WAIT  
0
Comment
Question by:iceman19330
3 Comments
 
LVL 16

Expert Comment

by:xDamox
ID: 18019884
Hi,

Have you tried using:

netstat -ntlp

This should show all the connections
0
 
LVL 14

Expert Comment

by:ygoutham
ID: 18019936
harmful events are more often recorded in

/var/log/secure
/var/log/messages

do a

tail -f /var/log/messages

netstat -an

might give a list of ip addresses and you might want to do a

cat /var/log/messages | grep ip.address.from.netstat.here

which might show only relevant messages...
0
 
LVL 6

Accepted Solution

by:
_iskywalker_ earned 2000 total points
ID: 18019983
netstat -ntlp as root says a lot.
you should start there, then go to lsof (shows which files are opens, sockets are files, so you see also opened sockets).
if you want to trace you nettraffic try ethereal. it traces the traffic so you see what is send and what is received.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy. ┬áThis article also serves as your NTP server documentation.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses
Course of the Month15 days, 6 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question