find application that are scanning the network Post: 302300190

Sponsored Content

Top Forums UNIX for Advanced & Expert Users find application that are scanning the network Post 302300190 by sysgate on Monday 23rd of March 2009 12:37:22 PM

03-23-2009

Registered User

When it comes to network, I always think of "netstat".
Example from my workstation :

Code:

[root@work:~] $ netstat -na | grep -i estab
Active Internet connections (servers and established)
tcp        0      0 10.192.6.666 :) :52237       64.12.104.181:5190      ESTABLISHED

I see that I have connection to this -> 64.12.104.181 IP address.
Then I would do :

Code:

root:~ # lsof |grep 64.12.104.18

Output information may be incomplete.
pidgin     3839  sysgate   17u     IPv4     215250      0t0        TCP my.host.com:52237->64.12.104.181:aol (ESTABLISHED)

I see the user, I see the PID. I see that this is my IM client also :)
If you are suspicious about running network scanners, look at the connected users, their history files, and log files as well.

sysgate

View Public Profile for sysgate

Find all posts by sysgate

4 More Discussions You Might Find Interesting

1. Red Hat

application to be run on machines connected in same network

I have a set up of 5 machines which are connected in same network. Now i want to run a small application so that those machines are not ideal.

2. Solaris

Can I Install the Gani Network Driver Using the Application that Came on the CD?

When I boot up the Solaris 10 5/09 install CD and select 'Solaris' from the GRUB menu that comes up, a menu loads. Option 5 is 'Apply Driver Updates'. Can I install the Gani driver using that? I tried using the tar file (the way it came) that I wrote to a floppy but when I asked it to look at the...

3. IP Networking

Unable to access web application hosted in same network

All, I have various web applications hosted in a client network. These web apps are accessed through a Apache web server. We have deployed a new web application server and it is not serviced through the Apache web server. So i am unable to access this applications. But i am able to access...

4. UNIX for Advanced & Expert Users

How to find remote IP addresses that applications are scanning them?

Hi, I have a web server running on Debian 6.0.4 in a computer outside my university, but the web URL is blocked by my university, the security group of the university said because it was scanning computers inside university. I could not find any applications in my web server are doing...

LEARN ABOUT X11R4

zgrep

ZGREP(1)                                                      General Commands Manual                                                     ZGREP(1)

NAME

       zgrep - search possibly compressed files for a regular expression

SYNOPSIS

       zgrep [ grep_options ] [ -e ] pattern filename...

DESCRIPTION

       Zgrep  invokes  grep  on  compressed  or  gzipped  files.   These  grep  options  will  cause  zgrep  to  terminate  with  an  error  code:
       (-[drRzZ]|--di*|--exc*|--inc*|--rec*|--nu*).  All other options specified are passed directly to grep.  If no file is specified,  then  the
       standard input is decompressed if necessary and fed to grep.  Otherwise the given files are uncompressed if necessary and fed to grep.

       If the GREP environment variable is set, zgrep uses it as the grep program to be invoked.

EXIT CODE

       2 - An option that is not supported was specified.

AUTHOR

       Charles Levert (charles@comm.polymtl.ca)

SEE ALSO

       grep(1), gzexe(1), gzip(1), zdiff(1), zforce(1), zmore(1), znew(1)

                                                                                                                                          ZGREP(1)