LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-09-2016, 04:20 PM   #1
cbtshare
Member
 
Registered: Jul 2009
Posts: 610

Rep: Reputation: 42
DDOS Question


Hello all,

When I run the following netstat command I get back results, but what does the 0.0.0.0 address mean?

Code:
 netstat -anp | grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
      1 10.201.2.83
     11 6.*.131.211
     14
     15 127.0.0.1
     32 0.0.0.0
Thank you
 
Old 09-09-2016, 04:56 PM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,577
Blog Entries: 14

Rep: Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969
Typically that is a reference to your default gateway.
 
Old 09-09-2016, 05:49 PM   #3
cbtshare
Member
 
Registered: Jul 2009
Posts: 610

Original Poster
Rep: Reputation: 42
Thank you
 
Old 09-09-2016, 05:54 PM   #4
michaelk
Moderator
 
Registered: Aug 2002
Posts: 14,931

Rep: Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520
Code:
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
The posted command basically strips out the fifth column (awk '{print $5}') which is the foreign address column (The output header is above). From the netstat wiki...

Foreign Address - The IP address and port number of the remote computer to which the socket is connected. The names that corresponds to the IP address and the port are shown unless the -n parameter is specified. If the port is not yet established, the port number is shown as an asterisk (*).

If you just look at the comman i.e. netstat -anp | grep 'tcp\|udp' you will see the entire output. There are 32 IPV4 processes running that have not established a remote connection.

https://en.wikipedia.org/wiki/Netstat

Last edited by michaelk; 09-09-2016 at 05:56 PM.
 
Old 09-09-2016, 06:28 PM   #5
Habitual
LQ Addict
 
Registered: Jan 2011
Location: Youngstown, Ohio
Distribution: LM17.1/Xfce4.11.8
Posts: 7,159
Blog Entries: 10

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
Where's the DDoS Question?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: World Live DDoS attack maps Live DDoS Monitoring LXer Syndicated Linux News 0 08-09-2014 09:30 PM
[SOLVED] DDOS, please help! Seregwethrin Linux - Security 27 03-11-2011 02:55 PM
DDOS and pf sci3ntist Linux - Security 3 06-03-2010 03:48 PM
strange ddos question jancat Linux - Security 5 07-08-2008 11:58 AM
Ddos Mag|c Linux - Security 2 08-16-2003 10:41 PM


All times are GMT -5. The time now is 06:22 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration