LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices



Reply
 
Search this Thread
Old 11-03-2004, 02:26 PM   #1
six6
Member
 
Registered: Jun 2004
Location: In Adamantine Chains and penal Fire
Distribution: Debian Sarge & Ubuntu Breezy
Posts: 107

Rep: Reputation: 16
programs making outbound connections


So, I'm wondering how I can tell if programs are making outbound connections, and if so, where the connections are going to.

It's a poor comparison, but in windows, everytime a connection is attempted, zonealarm firewall told me "such-and-such is trying to reach <ip>, allow or disallow?". I liked that feature; I felt in control.

I know I have programs that are accessing the net without my direct intervention (ex: popularity-contest, sshd (when it initates a connection), non-free binary only programs, etc), so how can I monitor which ones connected when?

PS I know I can monitor sshd via auth.log.
 
Old 11-03-2004, 06:22 PM   #2
mjrich
Senior Member
 
Registered: Dec 2001
Location: New Zealand
Distribution: Debian
Posts: 1,046

Rep: Reputation: 45
I personally haven't ever come across a ZoneAlarm equivalent for Linux, however Ethereal and <netstat -lnp> are good places to start if you are curious as to what's coming in and out of your system. Firestarter is also quite useful, but concentrates on inbound connections. Otherwise, on a separate, old box you could always install Smoothwall or IPCop.
 
Old 11-04-2004, 12:04 AM   #3
celejar
Member
 
Registered: Oct 2003
Location: New York
Distribution: Debian Sid
Posts: 185

Rep: Reputation: 30
Sniffers are the basic tools for monitoring outgoing (or incoming) net connections. The basic no-frills option is the standard 'tcpdump' (many other sniffers have options to load or save data in 'tcpdump format') which requires some old-style unix command line savvy. Ethereal is the best known and widely used, it has a GUI, but you still have to know what you're doing; it is quite sophisticated and complex. Netstat shows active connections, but you would have to run it while the program was talking to the world, and some connections can be brief. Snort runs as a daemon and can be told to look for and log various things, but it also requires skill to use properly.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
making your own programs for linux linuxmandrake Linux - Software 6 06-09-2005 08:30 AM
Making programs lock to one desktop linux-nerd Linux - Software 1 09-16-2004 04:42 PM
cannot make outbound anonymous ftp connections kvankawala Linux - Software 1 03-23-2004 01:30 PM
suspicious outbound connections di11rod Linux - Networking 13 01-23-2004 03:55 AM
Non-existing IP addresses making connections? J_Szucs Linux - Networking 9 11-05-2003 10:44 AM


All times are GMT -5. The time now is 05:36 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration