NETSTAT - checking network status
I think the final tool I'm going to look into is the netstat command which is used to query TCP/IP about the network status of the local host. The netstat command will provide information on things like active TCP connections at the local host, the state of all TCP/IP servers on the local host and the sockets used by them, devices and links used by TCP/IP and the IP routing tables (gateway tables) in use on the local host.
Some of the command options from the man pages are:
-i Show the state of interfaces which have been auto-configured
(interfaces statically configured into a system, but not located at
boot time are not shown).
-a With the default display, show the state of all sockets; normally
sockets used by server processes are not shown.
-r Show the routing tables.
-p protocol, Show statistics about protocol, which is either a well-known
name for a protocol or an alias for it.
-b With the interface display (option -i, as described below), show
the number of bytes in and out.
-d With either interface display (option -i or an interval, as
described below), show the number of dropped packets.
The output from this command will tell you what your system is listening for and what is possibly open for someone to connect to. The first thing to do is look for services that you have no need to be open and the ensure they are firewalled off, in conjunction you can go in and kill the process and make sure the process doesn't start up form a boot prompt as well as automatically regenerate itself.
The Bigwebmast.com site has a good tutorial that starts at section 8.3 and offers more specifics as to what to be looking for with the different options. Also there is a Netstat Analyzer tool which will help analyze the results from the netstat command.
Some of the command options from the man pages are:
-i Show the state of interfaces which have been auto-configured
(interfaces statically configured into a system, but not located at
boot time are not shown).
-a With the default display, show the state of all sockets; normally
sockets used by server processes are not shown.
-r Show the routing tables.
-p protocol, Show statistics about protocol, which is either a well-known
name for a protocol or an alias for it.
-b With the interface display (option -i, as described below), show
the number of bytes in and out.
-d With either interface display (option -i or an interval, as
described below), show the number of dropped packets.
The output from this command will tell you what your system is listening for and what is possibly open for someone to connect to. The first thing to do is look for services that you have no need to be open and the ensure they are firewalled off, in conjunction you can go in and kill the process and make sure the process doesn't start up form a boot prompt as well as automatically regenerate itself.
The Bigwebmast.com site has a good tutorial that starts at section 8.3 and offers more specifics as to what to be looking for with the different options. Also there is a Netstat Analyzer tool which will help analyze the results from the netstat command.
