Network/Tools

From LunaSys
Jump to navigation Jump to search

Nice commands

taken from: 

- [1]
- [2]

netstat

useful to find out if your server is under attack or not. You can also list abusive IP address using this method. 

# netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n

Dig out more information about a specific ip address: 

# netstat -nat |grep {IP-address} | awk '{print $6}' | sort | uniq -c | sort -n

To print list of all unique IP address connected to server, enter: 

# netstat -nat | awk '{ print $5}' | cut -d: -f1 | sed -e '/^$/d' | uniq

If you think your Linux box is under attack, print out a list of open connections on your box and sorts them by according to IP address, enter: 

# netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort | uniq -c | sort -n

ss

Display Sockets Summary 

# ss -s

Display All Open Network Ports 

# ss -l

Display All TCP Sockets 

# ss -t -a

Display All UDP Sockets 

# ss -u -a

Display All Established SMTP Connections 

# ss -o state established '( dport = :smtp or sport = :smtp )'

Display All Established HTTP Connections 

# ss -o state established '( dport = :http or sport = :http )'

Find All Local Processes Connected To X Server 

# ss -x src /tmp/.X11-unix/*

List all the TCP sockets in state -FIN-WAIT-1 for our httpd to network 202.54.1/24 and look at their timers: 

# ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 202.54.1/24

How Do I Filter Sockets Using TCP States? 

## tcp ipv4 ##
ss -4 state FILTER-NAME-HERE
## tcp ipv6 ##
ss -6 state FILTER-NAME-HERE

How Do I Matches Remote Address And Port Numbers? 

ss dst ADDRESS_PATTERN
## Show all ports connected from remote 192.168.1.5##
ss dst 192.168.1.5
## show all ports connected from remote 192.168.1.5:http port##
ss dst 192.168.1.5:http
ss dst 192.168.1.5:smtp
ss dst 192.168.1.5:443
Retrieved from "http://wiki.lunasys.fr/mediawiki/index.php?title=Network/Tools&oldid=89"