It's maybe lame to say that searches done here or 'gled haven't been thorough but I'm "linked out" and doubly guilty of not pagesaving or booking a seen article!

Before I joined I lurked a bit earlier in the month and came across some threads about mostly server security breaches and the various methods given by the members and mods to track down the 'how'.

Many posts had external links to related info and one in particular dealing with using netstat and then lsof to find the processes, ports and files related to the attacker's "entry trail" probably had such an external link. Meaning it's not a FAQ/howto in here. Also, it may have been a 3rd or 4th party, like the link in here gave some relevant info but that sitepage then had a further link...

This result -which I failed to mark/save- was some kind of tutorial/howto on using nestat/lsof and perhaps some other CLI files to do all the necessary tracking. It had examples of using the various "-abcd" options for each file to get the required output like PID, port etc and then grepping/piping into the next. For netstat I remember it had possibly terminal window screengrab examples where you see what is 'Listening' and the service/port/address associated. You know basically 'netstat -taup, -taun'.

The tutor then pointed out how to delve deeper into what is 'Listening' or 'established' with the next screengrab showing command line code to get further behind the process/service/port/address etc, etc. The result was a pretty good demo of how to keep tabs on what's going on with a -albeit single pc- network.

As much as I've searched and looked over the 'mans' and tried out things, I can't get what I vaguely remember as being clear results.

I'm not an admin as such nor have a cracked setup, in fact a relative Linux newbie, but I'd really like to be able to know more about using the tools to understand what's going on. If the description above of pages demoing netstat/lsof ring a bell with anyone I'd be very grateful for info. thanks

I think the system logs document the activity you are looking for. You may also remember frequent advice to check the logs, along with any other actions one may take.

Found some additional info that may be more on point towards what you were looking for:

https://help.ubuntu.com/9.10/keeping...html#id2801292

It's basically how to test your firewall using lsof and nmap. If that's still not what you wanted, I apologize. Just do:
and
to get an idea of how to use them.

hey there

I had mentioned looking at the 'mans' and experimenting.

I'm certain the tute I had in mind wasn't on a Forum page like the the ubuntu, though that's quite basic.

no need for sorry; thanks anyway