LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   "Opposite" to a "Listening" in Port Lingo (https://www.linuxquestions.org/questions/linux-security-4/opposite-to-a-listening-in-port-lingo-144578/)

General_Tso 02-10-2004 05:00 PM
"Opposite" to "Listening" in Port Lingo
 
Folks:

I'm checking up on what programs are accessing the internet, and I did the following commands:

netstat -anp tcp | grep LISTEN
netstat -anp udp | grep LISTEN

If I'm trying to to see there's any outgoing traffic. would the command be "netstat -anp udp | grep FORWARD"? Sorry, I'm not having a lot of luck on google, etc.

--Tso

Capt_Caveman 02-10-2004 05:26 PM
I think what you after is ESTABLISHED:

netstat -pantu | grep ESTABLISHED

or just do the netstat -pantu and look for ports in the ESTABLISHED state

General_Tso 02-10-2004 06:28 PM
Thanks for the imput so far. "Established" might be what I'm looking for...I'm not sure, honestly. I'm trying to see if any applications are contacting parts unknown via TCP and UDP or parts unknown are contacting my machine. Using "netstat -anp tcp | grep ESTABLISHED" and "netstat -anp udp | grep ESTABLISHED", I got a list of the current connections established, but the "-pantu" argument didn't work for me. It told me "antu" was an unknown or uninstrumental protocol.

Thanks again!

Capt_Caveman 02-10-2004 08:44 PM
You might not be executing it as root or some other permission issue. That command works for me on one of my FC1 boxes. the "tu" part just adds tcp and udp connections to the displayed output (same as you were doing, just less typing). See the netstat man page for what all the options do.

Btw, what are you trying to do, there might be an easier way...maybe "lsof -i" is what you're after?

General_Tso 02-10-2004 09:44 PM
I was doing it on OS X in just a usual Admin account. I'll trying it from root when I get a chance. I used I've used "lsof -i" to get more info on the ports that I didn't know what they were. I've read the man pages--I'm sorry, I'm just sketchy on the usage of this command.

Thanks!

Capt_Caveman 02-10-2004 10:21 PM
Ahhh, you're using OSX. That might be the problem. I don't have an OSX box handy, but it might use different options than the linux version. There should be an option to display all sockets (in linux it's netstat -a).

In most cases, the socket will spend most of it's time in the "ESTABLISHED"state, but there technically are a number of states that the socket can be in: SYN SENT, SYN RECV, FIN WAIT, TIME WAIT, LAST ACK, etc. Very rarely will you see a connection in one of the other states, as normally they're initiated and torn down in a short period of time. For some protocols, there can be no state at all (ICMP and UDP). So if you want a complete list use the OSX equivalent of "netstat -a"

General_Tso 02-11-2004 11:19 AM
Thanks for all the imput. "netstat -a" works in OS X, and I've playing with the other arguments. I think I have a good handle on it, but I'm going to poke through soem tutorials to get the how and why. Is there tutorial on understanding ports and sockets that might not be in the usual Google suspects?

Thanks again.


All times are GMT -5. The time now is 04:40 PM.