tracing ips

endezeichen · 11-19-2003, 05:29 PM

I've been using the netstat -n command alot lately and have noticed someones ip showing up very frequently. It's not mine, and I cant narrow it down to any program. Is there any way to find out where it's coming from? I know with Windows there was Neotrace, is there anything I can do with linux?

Sometimes · 11-19-2003, 07:23 PM

There is a simply way to link it back to a program. The -p arguement when passed to netstat will tell you which program is using it.

For example:

netstat -np

That will show you on the same line, which program has established that connection.

If that isn't enough for ya, also run this command:

host (insert weird IP here)

I'll step you through from there...

hw-tph · 11-19-2003, 07:26 PM

There are tons of network utilities for Linux, and most distributions come with a more or less complete set. Some commands to try:

host <host>
host -v <host>
whois <host>
traceroute <host>

...where <host> is the IP or DNS name of the remote computer.

That should get you started.

Håkan

endezeichen · 11-26-2003, 12:38 PM

I know on Windows I used the netstat -n command, and it would give me foreign ip's. I think someone is in my computer, so how can I find his ip?(then trace it)

unSpawn · 11-26-2003, 01:33 PM

Make sure you harden your box, check out the LQ FAQ: Security references.
Wrt netstat, as root, try "netstat -pane -A inet", or "lsof -n -i" (or socklist, or sockstat, depending on your distro).

Sometimes · 11-27-2003, 01:04 AM

Just do a:

man netstat

Netstat will always be able to give you most of the information you need. You just need to know the appropriate arguements.

Robert0380 · 11-27-2003, 07:38 AM

if u think someone has actually logged in:

i like the w and who commands to see who is logged in to my box and from where