12 March 2013

netstat usage example


Sometimes we need to know who are connected to our system. this can be to find malware or botnet that may be connecting us to somewhere. or some trojan stealling our data. end point is we need to find out network activities. this can be done with 'netstat'.


running netstat command will display all connection in a unix system.

netstat



to find out all TCP connection with netstat.

netstat -t



to find out all TCP and UDP connection...

netstat -tu



to find out all connection initiated by a program through TCP..

netstat -tp



to output all information in numeric format..

netstat -n



to find out all incoming connection and listening to..

netstat -l



you can also combine them..

netstat -tn



this will output TCP connection in Numeric format.

netstat -tupn


this will output all connection made by a software program in Numeric format.


these above are few example of netstat. you can check out man page for more.


put this script inside your bash profile in /home/user/.bashrc

#!/bin/bash

connection()
{
cat=$( netstat -tun | sed '1,2 d' | awk '{print $5}' | sed -r 's/(.*)\:(.*)/\1/g' | sort | uniq );

for i in $cat; do
netname=$( whois $i | grep -i netname | awk '{print $2}' );
echo "connection with: $netname ($i)";
done;
}


now open 'terminal' and type 'connection'.

this is just one stupid script. you can build better than this.
godspeed.