netstat command

Unhide is a little handy forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique. This tools works under both Linux / Unix, and MS-Windows operating systems. From the man page:

It detects hidden processes using three techniques:

  1. The proc technique consists of comparing /proc with the output of /bin/ps.
  2. The sys technique consists of comparing information gathered from /bin/ps with information gathered from system calls.
  3. The brute technique consists of bruteforcing the all process IDs. This technique is only available on Linux 2.6 kernels.

{ 15 comments }

How can I list the open ports on my system and the process that owns them?

{ 11 comments }

Explains how to use netstat command to display current connections and find out if your server is under DoS attack or not.

{ 22 comments }

You can use traditional netstat / lsof command to lists open Internet or UNIX domain sockets on FreeBSD. FreeBSD comes with a simple and easy to use command called sockstat. The -4 option only displays IPv4 sockets. The -6 option only displays IPv6 sockets. The -c option only displays connected sockets. The -l option only […]

{ 0 comments }

From my mailbag the other day I received an interesting suggestion about obtaining information regarding all running process and network connections remotely using inetd / xinetd : SSH client can be used to execute a command(s) on a remote UNIX box. Same technique can be used to get current network and system information using netstat […]

{ 0 comments }

My friend wanted to know how to change or convert DHCP network configuration to static configuration. After initial installation, he wanted to change network settings. Further, his system is w/o GUI system aka X Windows. Here is quick way to accomplish the same: Your main network configuration file is /etc/network/interfaces Desired new sample settings: => […]

{ 80 comments }

Someone might attack on your system. You can drop attacker IP using IPtables. However, you can use route command to null route unwanted traffic. A null route (also called as blackhole route) is a network route or kernel routing table entry that goes nowhere. Matching packets are dropped (ignored) rather than forwarded, acting as a […]

{ 32 comments }