Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If I'm trying to to see there's any outgoing traffic. would the command be "netstat -anp udp | grep FORWARD"? Sorry, I'm not having a lot of luck on google, etc.
--Tso
Last edited by General_Tso; 02-10-2004 at 07:07 PM.
Thanks for the imput so far. "Established" might be what I'm looking for...I'm not sure, honestly. I'm trying to see if any applications are contacting parts unknown via TCP and UDP or parts unknown are contacting my machine. Using "netstat -anp tcp | grep ESTABLISHED" and "netstat -anp udp | grep ESTABLISHED", I got a list of the current connections established, but the "-pantu" argument didn't work for me. It told me "antu" was an unknown or uninstrumental protocol.
You might not be executing it as root or some other permission issue. That command works for me on one of my FC1 boxes. the "tu" part just adds tcp and udp connections to the displayed output (same as you were doing, just less typing). See the netstat man page for what all the options do.
Btw, what are you trying to do, there might be an easier way...maybe "lsof -i" is what you're after?
I was doing it on OS X in just a usual Admin account. I'll trying it from root when I get a chance. I used I've used "lsof -i" to get more info on the ports that I didn't know what they were. I've read the man pages--I'm sorry, I'm just sketchy on the usage of this command.
Ahhh, you're using OSX. That might be the problem. I don't have an OSX box handy, but it might use different options than the linux version. There should be an option to display all sockets (in linux it's netstat -a).
In most cases, the socket will spend most of it's time in the "ESTABLISHED"state, but there technically are a number of states that the socket can be in: SYN SENT, SYN RECV, FIN WAIT, TIME WAIT, LAST ACK, etc. Very rarely will you see a connection in one of the other states, as normally they're initiated and torn down in a short period of time. For some protocols, there can be no state at all (ICMP and UDP). So if you want a complete list use the OSX equivalent of "netstat -a"
Thanks for all the imput. "netstat -a" works in OS X, and I've playing with the other arguments. I think I have a good handle on it, but I'm going to poke through soem tutorials to get the how and why. Is there tutorial on understanding ports and sockets that might not be in the usual Google suspects?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
