The Cache: Technology Expert's Forum
 
*
Welcome, Guest. Please login or register. September 18, 2019, 07:42:18 PM

Login with username, password and session length


Pages: [1]
  Print  
Author Topic: Callback for netstat grokkers...  (Read 3641 times)
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« on: March 11, 2008, 09:27:24 AM »

Occasionally I have slowdowns on some of my machines and have a difficult time ascertaining the source... I know that netstat -a is one of the tools to figure it out but do not understand how to read what I am looking at... anyone here got a quick-and-dirty on how to use that tool to see if I have a bogart on my pipe?

TIA,
/p
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
vsloathe
vim ftw!
Global Moderator
Lifer
*****
Offline Offline

Posts: 1669



View Profile
« Reply #1 on: March 11, 2008, 09:29:23 AM »

I've never used the linux version, but in Windows it just shows inbound and outbound connections and upon which ports they are. I just look for rogues, but then in general I pride myself on having a very good knowledge of what *should* be there. You see some mysterious process connecting on a weird UDP port in the ether regions of 5-digitness, look up what it is and what it might be doing.
Logged

hai
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #2 on: March 11, 2008, 10:17:48 AM »

Do you know if I can use it (or what is the right tool) to diagnose where network traffic might be coming from? I have a scanner running on a private network showing me overall traffic, but cannot seem to pinpoint what process/port/machine is beating up on the net intermittently...

Thanks BTW
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
vsloathe
vim ftw!
Global Moderator
Lifer
*****
Offline Offline

Posts: 1669



View Profile
« Reply #3 on: March 11, 2008, 10:23:49 AM »

Once again, without looking at the *nix netstat command, under Windows it shows you the IP or CName of the host to which any connection is going. Might not be the case with the *nix netstat command, but I will do some digging to try to find out what can get you that info.
Logged

hai
vsloathe
vim ftw!
Global Moderator
Lifer
*****
Offline Offline

Posts: 1669



View Profile
« Reply #4 on: March 11, 2008, 10:27:20 AM »

OK, yeah I looked it up and for all intents and purposes, they are identical (*nix vs. Win32 netstat).

If I may offer some advice: Close all programs that have any connections going outbound or coming inbound from the machine in question (AIM clients, email clients, web browsers, et al [obviously something you can figure out, I'm trying to be patronizing for the sake of future readers]), 'netstat -a' from the console and take a look at what's going on. Aside from the usual broadcasts to *.* and the odd DNS packet here or there, you shoudln't see much. Take a look at the host names or IPs of your connections. If you're looking to monitor all your network's activity from one machine, obviously a packet sniffer is better suited (in promiscuous mode, of course).
Logged

hai
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #5 on: March 11, 2008, 10:48:01 AM »

OK, yeah I looked it up and for all intents and purposes, they are identical (*nix vs. Win32 netstat).

If I may offer some advice: Close all programs that have any connections going outbound or coming inbound from the machine in question (AIM clients, email clients, web browsers, et al [obviously something you can figure out, I'm trying to be patronizing for the sake of future readers]), 'netstat -a' from the console and take a look at what's going on.
Have done exactly that... there must be a daemon running somewhere, because as far as I can tell I have nothing active. the only thing that has changed is that I have a new TimeCapsule appliance on my net, but nothing seems to be connecting to it... so I am thus far sort of lost... but will post if I get some new info.

thanks again VS
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
thedarkness
Lifer
*****
Offline Offline

Posts: 585



View Profile
« Reply #6 on: March 12, 2008, 05:33:59 AM »

netstat -lpn
tcpdump
iptraf

Cheers,
td

[edit] Sorry, I should elaborate but I'm whipped and about to turn in. I think IP traf is the one you want if the traffic is flowing "through" the machine you are running it on. ping me in about 8 hours if you want to rap perk. Nite all  [/quote]
« Last Edit: March 12, 2008, 05:38:15 AM by thedarkness » Logged

"I want to be the guy my dog thinks I am."
 - Unknown
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #7 on: March 12, 2008, 10:27:39 AM »

Gnight lad, thanks for the thoughts. Talk to you in 8.

/p
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
Pages: [1]
  Print  
 
Jump to:  

Perkiset's Place Home   Best of The Cache   phpMyIDE: MySQL Stored Procedures, Functions & Triggers
Politics @ Perkiset's   Pinkhat's Perspective   
cache
mart
coder
programmers
ajax
php
javascript
Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks


Valid XHTML 1.0! Valid CSS!