LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 12-11-2007, 12:44 PM   #1
devmoc
Member
 
Registered: Sep 2005
Posts: 38

Rep: Reputation: 15
TCP Connection Viewer or a verbose Netstat??


I'm looking for a Linux utility (command line or GUI) that is capable of telling you the complete domain name of any connections that are made to and from your machine. An added bonus would be a utility that knows what application is making the connections.

Netstat is a problem because it truncates domain names. I'm totally making this up, but if the name is too long it kind of looks like:

www.long.domain.na:www ESTABLISHED

I've tried a few other apps such as IPtraf and some netstat frontends but they all truncate the domain name. Is there anything available that I am describing? Thanks.
 
Old 12-11-2007, 12:49 PM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by devmoc
I'm totally making this up, but if the name is too long it kind of looks like:

www.long.domain.na:www ESTABLISHED
Do you have a real example? I don't see the problem with that one in that nothing is being truncated.

You're not resolving service names to service ports, so what you see is domain:port. In this case www == tcp/udp 80.
 
Old 12-11-2007, 04:26 PM   #3
devmoc
Member
 
Registered: Sep 2005
Posts: 38

Original Poster
Rep: Reputation: 15
I'm not at my box right now, that's why I don't have a real example. Think up a long domain name like:

www.this.is.a.very.long.name.com

In netstat it would look something like:

www.this.is.a.ve:www

If you ever run netstat while looking at a numerous webpages or running bittorrent you'll see what I mean.
 
Old 12-11-2007, 05:59 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,462
Blog Entries: 54

Rep: Reputation: 2899Reputation: 2899Reputation: 2899Reputation: 2899Reputation: 2899Reputation: 2899Reputation: 2899Reputation: 2899Reputation: 2899Reputation: 2899Reputation: 2899
Here's a lame and probably crappy script on top of netstat

If it does what you want you get to keep it.
If it breaks you get to keep both pieces.
* note the "^H" is actually keycombo CTRL+V,CTRL+H
Code:
#!/bin/sh
\netstat -a -n -t -u | egrep '^(t|u)' | while read proto rq sq loc rem state; do 
 port=${rem//*:/}; addr=${rem//:*/}; oldaddr=${addr}; addr=${addr//0.0.0.0none}; 
 [ "$addr" != "none" ] && { addr=($(\host -c IN -t CNAME "${addr}" 2>/dev/null));
 addr=${addr[4]}; addr=${addr//NXDOMAIN/${oldaddr}}; addr=${addr//3(/}; 
 addr=${addr//)/}; echo $proto $loc ${addr}^H:${port}; }
done | column -t
exit 0
 
Old 12-12-2007, 10:11 AM   #5
devmoc
Member
 
Registered: Sep 2005
Posts: 38

Original Poster
Rep: Reputation: 15
unSpawn,

Thanks! I'll try this later today and let you know how it works.
 
Old 12-12-2007, 02:39 PM   #6
SiegeX
Member
 
Registered: Jul 2004
Location: Silicon Valley, CA
Distribution: Slackware
Posts: 171

Rep: Reputation: 38
Or you could just use 'lsof -i -P' It does not have the 18 character limit that netstat does.

Last edited by SiegeX; 12-12-2007 at 02:41 PM.
 
Old 12-12-2007, 09:34 PM   #7
devmoc
Member
 
Registered: Sep 2005
Posts: 38

Original Poster
Rep: Reputation: 15
Thumbs up

Quote:
Originally Posted by SiegeX View Post
Or you could just use 'lsof -i -P' It does not have the 18 character limit that netstat does.
Frickin beautiful..it even shows the application using the connection.. Also, "lsof -iTCP -P" lists just the TCP connections.

unspawn: Your script works too!

Thanks everyone. It never ceases to amaze me how scalable Linux is!
 
Old 12-14-2007, 12:58 AM   #8
SiegeX
Member
 
Registered: Jul 2004
Location: Silicon Valley, CA
Distribution: Slackware
Posts: 171

Rep: Reputation: 38
Quote:
Originally Posted by devmoc View Post
It never ceases to amaze me how scalable Linux is!
Although that is true as well, this is more of a case of flexibility =). lsof is a great tool and it's often under appreciated. lsof can help you figure out what program is locking down a certain file or the reverse, what files a program is using; hence the name (LiSt Open Files). Another thing about lsof is that most root kits don't trojan it, so if you think your computer might be compromised and netstat doesn't show anything funny, try lsof -i, it might just pop up that otherwise hidden connection.

Last edited by SiegeX; 12-14-2007 at 01:03 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Netstat issues 'warning, got duplicate tcp line' English_Man Linux - Networking 5 04-13-2009 03:07 AM
Connection refused when using Java VNC Viewer whipermr5 Linux - Networking 4 07-12-2006 01:21 AM
Netstat showing bonobo-activation connection to rkhunter mailserver conn-fused Linux - Security 1 03-02-2006 10:40 AM
netstat and open connection questions? sopiaz57 Linux - Networking 2 04-22-2003 07:27 AM
netstat doesn't show tcp sockets in Redhat 7.2 pfpalmer Linux - General 3 10-31-2002 03:04 AM


All times are GMT -5. The time now is 08:16 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration