Login or Register to Ask a Question and Join Our Community


UNIX for Advanced & Expert Users

find application that are scanning the network

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users find application that are scanning the network
# 1  
Old 03-20-2009
find application that are scanning the network
Hi,

I got a alert from network security that one of hpux server is running tcp port scan on the network, this server is running informix server and i am not aware of any application that is scanning the network. what are ways to findout the which application and user is doing the scan?
# 2  
Old 03-23-2009
When it comes to network, I always think of "netstat".
Example from my workstation :
Code:
[root@work:~] $ netstat -na | grep -i estab
Active Internet connections (servers and established)
tcp        0      0 10.192.6.666 :) :52237       64.12.104.181:5190      ESTABLISHED

I see that I have connection to this -> 64.12.104.181 IP address.
Then I would do :
Code:
root:~ # lsof |grep 64.12.104.18

Output information may be incomplete.
pidgin     3839  sysgate   17u     IPv4     215250      0t0        TCP my.host.com:52237->64.12.104.181:aol (ESTABLISHED)

I see the user, I see the PID. I see that this is my IM client also :)
If you are suspicious about running network scanners, look at the connected users, their history files, and log files as well.
Login or Register to Ask a Question

Previous Thread | Next Thread

4 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

How to find remote IP addresses that applications are scanning them?

Hi, I have a web server running on Debian 6.0.4 in a computer outside my university, but the web URL is blocked by my university, the security group of the university said because it was scanning computers inside university. I could not find any applications in my web server are doing... (3 Replies)
Discussion started by: hce
3 Replies

2. IP Networking

Unable to access web application hosted in same network

All, I have various web applications hosted in a client network. These web apps are accessed through a Apache web server. We have deployed a new web application server and it is not serviced through the Apache web server. So i am unable to access this applications. But i am able to access... (3 Replies)
Discussion started by: vel4ever
3 Replies

3. Solaris

Can I Install the Gani Network Driver Using the Application that Came on the CD?

When I boot up the Solaris 10 5/09 install CD and select 'Solaris' from the GRUB menu that comes up, a menu loads. Option 5 is 'Apply Driver Updates'. Can I install the Gani driver using that? I tried using the tar file (the way it came) that I wrote to a floppy but when I asked it to look at the... (8 Replies)
Discussion started by: Bradj47
8 Replies

4. Red Hat

application to be run on machines connected in same network

I have a set up of 5 machines which are connected in same network. Now i want to run a small application so that those machines are not ideal. (0 Replies)
Discussion started by: pradeepreddy
0 Replies
Login or Register to Ask a Question