Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Thanks for the imput so far. "Established" might be what I'm looking for...I'm not sure, honestly. I'm trying to see if any applications are contacting parts unknown via TCP and UDP or parts unknown are contacting my machine. Using "netstat -anp tcp | grep ESTABLISHED" and "netstat -anp udp | grep ESTABLISHED", I got a list of the current connections established, but the "-pantu" argument didn't work for me. It told me "antu" was an unknown or uninstrumental protocol.
You might not be executing it as root or some other permission issue. That command works for me on one of my FC1 boxes. the "tu" part just adds tcp and udp connections to the displayed output (same as you were doing, just less typing). See the netstat man page for what all the options do.
Btw, what are you trying to do, there might be an easier way...maybe "lsof -i" is what you're after?
I was doing it on OS X in just a usual Admin account. I'll trying it from root when I get a chance. I used I've used "lsof -i" to get more info on the ports that I didn't know what they were. I've read the man pages--I'm sorry, I'm just sketchy on the usage of this command.
Ahhh, you're using OSX. That might be the problem. I don't have an OSX box handy, but it might use different options than the linux version. There should be an option to display all sockets (in linux it's netstat -a).
In most cases, the socket will spend most of it's time in the "ESTABLISHED"state, but there technically are a number of states that the socket can be in: SYN SENT, SYN RECV, FIN WAIT, TIME WAIT, LAST ACK, etc. Very rarely will you see a connection in one of the other states, as normally they're initiated and torn down in a short period of time. For some protocols, there can be no state at all (ICMP and UDP). So if you want a complete list use the OSX equivalent of "netstat -a"
Thanks for all the imput. "netstat -a" works in OS X, and I've playing with the other arguments. I think I have a good handle on it, but I'm going to poke through soem tutorials to get the how and why. Is there tutorial on understanding ports and sockets that might not be in the usual Google suspects?