LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 02-10-2004, 06:00 PM   #1
General_Tso
Member
 
Registered: Jan 2003
Location: New York, NY, USA
Distribution: Mac OS X (10.4.6), Ubuntu 6.06
Posts: 183

Rep: Reputation: 30
"Opposite" to "Listening" in Port Lingo


Folks:

I'm checking up on what programs are accessing the internet, and I did the following commands:

netstat -anp tcp | grep LISTEN
netstat -anp udp | grep LISTEN

If I'm trying to to see there's any outgoing traffic. would the command be "netstat -anp udp | grep FORWARD"? Sorry, I'm not having a lot of luck on google, etc.

--Tso

Last edited by General_Tso; 02-10-2004 at 08:07 PM.
 
Old 02-10-2004, 06:26 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
I think what you after is ESTABLISHED:

netstat -pantu | grep ESTABLISHED

or just do the netstat -pantu and look for ports in the ESTABLISHED state
 
Old 02-10-2004, 07:28 PM   #3
General_Tso
Member
 
Registered: Jan 2003
Location: New York, NY, USA
Distribution: Mac OS X (10.4.6), Ubuntu 6.06
Posts: 183

Original Poster
Rep: Reputation: 30
Thanks for the imput so far. "Established" might be what I'm looking for...I'm not sure, honestly. I'm trying to see if any applications are contacting parts unknown via TCP and UDP or parts unknown are contacting my machine. Using "netstat -anp tcp | grep ESTABLISHED" and "netstat -anp udp | grep ESTABLISHED", I got a list of the current connections established, but the "-pantu" argument didn't work for me. It told me "antu" was an unknown or uninstrumental protocol.

Thanks again!
 
Old 02-10-2004, 09:44 PM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
You might not be executing it as root or some other permission issue. That command works for me on one of my FC1 boxes. the "tu" part just adds tcp and udp connections to the displayed output (same as you were doing, just less typing). See the netstat man page for what all the options do.

Btw, what are you trying to do, there might be an easier way...maybe "lsof -i" is what you're after?
 
Old 02-10-2004, 10:44 PM   #5
General_Tso
Member
 
Registered: Jan 2003
Location: New York, NY, USA
Distribution: Mac OS X (10.4.6), Ubuntu 6.06
Posts: 183

Original Poster
Rep: Reputation: 30
I was doing it on OS X in just a usual Admin account. I'll trying it from root when I get a chance. I used I've used "lsof -i" to get more info on the ports that I didn't know what they were. I've read the man pages--I'm sorry, I'm just sketchy on the usage of this command.

Thanks!
 
Old 02-10-2004, 11:21 PM   #6
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Ahhh, you're using OSX. That might be the problem. I don't have an OSX box handy, but it might use different options than the linux version. There should be an option to display all sockets (in linux it's netstat -a).

In most cases, the socket will spend most of it's time in the "ESTABLISHED"state, but there technically are a number of states that the socket can be in: SYN SENT, SYN RECV, FIN WAIT, TIME WAIT, LAST ACK, etc. Very rarely will you see a connection in one of the other states, as normally they're initiated and torn down in a short period of time. For some protocols, there can be no state at all (ICMP and UDP). So if you want a complete list use the OSX equivalent of "netstat -a"
 
Old 02-11-2004, 12:19 PM   #7
General_Tso
Member
 
Registered: Jan 2003
Location: New York, NY, USA
Distribution: Mac OS X (10.4.6), Ubuntu 6.06
Posts: 183

Original Poster
Rep: Reputation: 30
Thanks for all the imput. "netstat -a" works in OS X, and I've playing with the other arguments. I think I have a good handle on it, but I'm going to poke through soem tutorials to get the how and why. Is there tutorial on understanding ports and sockets that might not be in the usual Google suspects?

Thanks again.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
bash script: using "select" to show multi-word options? (like "option 1"/"o zidane_tribal Programming 6 03-21-2013 11:35 AM
what is "sticky bit mode" , "SUID" , "SGID" augustus123 Linux - General 10 08-03-2012 05:40 AM
Telling people to use "Google," to "RTFM," or "Use the search feature" Ausar General 77 03-21-2010 12:26 PM
"Xlib: extension "XFree86-DRI" missing on display ":0.0"." zaps Linux - Games 9 05-14-2007 04:07 PM
Can't install "glibmm" library. "configure" script can't find "sigc++-2.0&q kornerr Linux - General 4 05-10-2005 03:32 PM


All times are GMT -5. The time now is 01:45 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration