FAQ Database Discussion Community


Understanding netstat listing and protect against DDOS

linux,ubuntu,netstat,fail2ban
My server is under attack! When I use netstat -anp | grep :80 I get the following listing: tcp 0 0 162.167.98.11:80 5.189.156.224:58211 SYN_RECV - tcp 0 0 162.167.98.11:80 5.189.156.224:39608 SYN_RECV - tcp 0 0 162.167.98.11:80 5.189.156.224:33261 SYN_RECV - tcp 0 0 162.167.98.11:80 5.189.156.224:56951 SYN_RECV - There are tens of...

How quickly does netstat capture network snapshot?

networking,tcp,netstat
I have a machine where there are a large number of connects and disconnects every second(or even lesser). I need to capture the network snapshot at one instance of time. But I see that netstat takes some time to return the result by then a lot of sockets would get...

How does netstat determine symbolic hostname?

linux,unix,networking,tcp,netstat
I was trying to understand what the --numeric/-n flag of netstat does? Manual says the following about --numeric/-n --numeric , -n Show numerical addresses instead of trying to determine symbolic host, port or user names. Following is a line of output with "-n" option tcp 0 0 :::8080 :::* LISTEN...

Cannot establish connection to application listening on 0.0.0.0:8443

connection,netstat
I have an application that is listening on 0.0.0.0:8443 (local address). "netstat -ant" output: proto||Recv-Q||Send-Q||Local Address||Foreign Address||State tcp||0||0||0.0.0.0:22||0.0.0.0:||LISTEN tcp||0||0||0.0.0.0:8443||0.0.0.0:||LISTEN These are the only two ports that are listening. When i telnet localhost port 22 and 8443, both are able to connect. But when i telnet from another computer on the...

netstat: parse (awk?) output to return “Program name” not “PID/Program name”

bash,ubuntu,awk,netstat
UBUNTU 14.04 netstat -p outputs both "PID/Program name" in the same column. I just want "Program name" in that column. What's the easiest way to do this? Actual Output [email protected]:~# netstat -tlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0...

How can I figure out which process is opening the certain tcp port?

linux,ssh,netstat,fuser
I usually use fuser command to check pid opening the certain tcp port like the following fuser 22/tcp //To get pid opening the 22 tcp port I've got a reference board which running a embedded linux. It have been already opening 22 tcp port for ssh connection. But fuser doesn't...