netstat command

Unhide is a little handy forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique. This tools works under both Linux / Unix, and MS-Windows operating systems. From the man page:

It detects hidden processes using three techniques:

  1. The proc technique consists of comparing /proc with the output of /bin/ps.
  2. The sys technique consists of comparing information gathered from /bin/ps with information gathered from system calls.
  3. The brute technique consists of bruteforcing the all process IDs. This technique is only available on Linux 2.6 kernels.

{ 15 comments }

How can I list the open ports on my system and the process that owns them?

{ 11 comments }

Explains how to use netstat command to display current connections and find out if your server is under DoS attack or not.

{ 22 comments }

You can use traditional netstat / lsof command to lists open Internet or UNIX domain sockets on FreeBSD. FreeBSD comes with a simple and easy to use command called sockstat. The -4 option only displays IPv4 sockets. The -6 option only displays IPv6 sockets. The -c option only displays connected sockets. The -l option only […]

{ 0 comments }

From my mailbag the other day I received an interesting suggestion about obtaining information regarding all running process and network connections remotely using inetd / xinetd : SSH client can be used to execute a command(s) on a remote UNIX box. Same technique can be used to get current network and system information using netstat […]

{ 0 comments }

My friend wanted to know how to change or convert DHCP network configuration to static configuration. After initial installation, he wanted to change network settings. Further, his system is w/o GUI system aka X Windows. Here is quick way to accomplish the same: Your main network configuration file is /etc/network/interfaces Desired new sample settings: => […]

{ 84 comments }

Someone might attack on your Linux based system. You can drop attacker IP using IPtables. However, you can use route or ip command to null route unwanted traffic. A null route (also called as blackhole route) is a network route or kernel routing table entry that goes nowhere. Matching packets are dropped (ignored) rather than forwarded, acting as a kind of very limited firewall. The act of using null routes is often called blackhole filtering.

You can nullroute (like some time ISP do prevent your network device from sending any data to a remote system) stopping various attacks coming from a single IP (read as spammers or hackers) using the following syntax on a Linux based system.

{ 34 comments }