Sometimes we need to know who are connected to our system. this can be to find malware or botnet that may be connecting us to somewhere. or some trojan stealling our data. end point is we need to find out network activities. this can be done with 'netstat'.
running netstat command will display all connection in a unix system.
netstatto find out all TCP connection with netstat.
netstat -tto find out all TCP and UDP connection...
netstat -tuto find out all connection initiated by a program through TCP..
netstat -tpto output all information in numeric format..
netstat -nto find out all incoming connection and listening to..
netstat -lyou can also combine them..
netstat -tnthis will output TCP connection in Numeric format.
netstat -tupnthis will output all connection made by a software program in Numeric format.
these above are few example of netstat. you can check out man page for more.
put this script inside your bash profile in /home/user/.bashrc
#!/bin/bash
connection()
{
cat=$( netstat -tun | sed '1,2 d' | awk '{print $5}' | sed -r 's/(.*)\:(.*)/\1/g' | sort | uniq );
for i in $cat; do
netname=$( whois $i | grep -i netname | awk '{print $2}' );
echo "connection with: $netname ($i)";
done;
}
now open 'terminal' and type 'connection'.
this is just one stupid script. you can build better than this.
godspeed.
No comments:
Post a Comment