LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 11-19-2003, 06:29 PM   #1
endezeichen
Member
 
Registered: Nov 2003
Posts: 48

Rep: Reputation: 15
tracing ips


I've been using the netstat -n command alot lately and have noticed someones ip showing up very frequently. It's not mine, and I cant narrow it down to any program. Is there any way to find out where it's coming from? I know with Windows there was Neotrace, is there anything I can do with linux?
 
Old 11-19-2003, 08:23 PM   #2
Sometimes
Member
 
Registered: Oct 2003
Location: Richmond, VA
Distribution: Depends on the week...
Posts: 64

Rep: Reputation: 15
There is a simply way to link it back to a program. The -p arguement when passed to netstat will tell you which program is using it.

For example:

netstat -np

That will show you on the same line, which program has established that connection.


If that isn't enough for ya, also run this command:

host (insert weird IP here)


I'll step you through from there...
 
Old 11-19-2003, 08:26 PM   #3
hw-tph
Senior Member
 
Registered: Sep 2003
Location: Sweden
Distribution: Debian
Posts: 3,032

Rep: Reputation: 57
There are tons of network utilities for Linux, and most distributions come with a more or less complete set. Some commands to try:

host <host>
host -v <host>
whois <host>
traceroute <host>


...where <host> is the IP or DNS name of the remote computer.

That should get you started.

Håkan
 
Old 11-26-2003, 01:38 PM   #4
endezeichen
Member
 
Registered: Nov 2003
Posts: 48

Original Poster
Rep: Reputation: 15
I know on Windows I used the netstat -n command, and it would give me foreign ip's. I think someone is in my computer, so how can I find his ip?(then trace it)
 
Old 11-26-2003, 02:33 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,744
Blog Entries: 54

Rep: Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973
Make sure you harden your box, check out the LQ FAQ: Security references.
Wrt netstat, as root, try "netstat -pane -A inet", or "lsof -n -i" (or socklist, or sockstat, depending on your distro).
 
Old 11-27-2003, 02:04 AM   #6
Sometimes
Member
 
Registered: Oct 2003
Location: Richmond, VA
Distribution: Depends on the week...
Posts: 64

Rep: Reputation: 15
Just do a:

man netstat


Netstat will always be able to give you most of the information you need. You just need to know the appropriate arguements.
 
Old 11-27-2003, 08:38 AM   #7
Robert0380
Guru
 
Registered: Apr 2002
Location: Atlanta
Distribution: Gentoo
Posts: 1,280

Rep: Reputation: 47
if u think someone has actually logged in:

i like the w and who commands to see who is logged in to my box and from where
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Tracing traffic origins zoubidoo Linux - Networking 3 05-06-2005 09:28 AM
how to define a specific range of IPs and/or multiple IPs in an iptables rule?... TheHellsMaster Linux - Security 9 09-20-2004 11:06 AM
tracing commands in linux ananthbv Programming 2 07-27-2004 01:58 AM
Ethernet Traffic tracing kinct Linux - Newbie 4 01-08-2004 04:27 AM
Tracing and debugging ravichella Programming 4 10-30-2003 04:33 PM


All times are GMT -5. The time now is 09:39 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration