netstat

Unhide is a little handy forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique. This tools works under both Linux / Unix, and MS-Windows operating systems. From the man page:

It detects hidden processes using three techniques:

  1. The proc technique consists of comparing /proc with the output of /bin/ps.
  2. The sys technique consists of comparing information gathered from /bin/ps with information gathered from system calls.
  3. The brute technique consists of bruteforcing the all process IDs. This technique is only available on Linux 2.6 kernels.

{ 15 comments }

Explains how to use netstat command to display current connections and find out if your server is under DoS attack or not.

{ 22 comments }

From my mailbag the other day I received an interesting suggestion about obtaining information regarding all running process and network connections remotely using inetd / xinetd : SSH client can be used to execute a command(s) on a remote UNIX box. Same technique can be used to get current network and system information using netstat […]

{ 0 comments }

You can use route command to configure routing. Syntax is as follows: route add net {network-address} netmask {subnet} {router-address} Let us assume your router address is 192.168.1.254 and network ID is 192.168.1.0/24, then you can type route command as follows: # route add net 192.168.1.0 netmask 255.255.255.0 192.168.1.254 OR To add a default route: # […]

{ 4 comments }