231
Securing Linux 6
If the data link is indeed saturated, the next step is to determine where the connections are coming
from. A very effective way of doing this is with the netstat command, which is included as part
of the base Fedora installation. Type the following to see connection information:
# netstat ??“tupn
Table 6-3 describes each of the netstat parameters used here.
TABLE 6-3
netstat Parameters
Parameter Description
-t, --tcp Show TCP socket connections.
-u, --udp Show UDP socket connections.
-p, --program Show the PID and name of the program to which each socket belongs.
-n, --numeric Show the numerical address instead of trying to determine the symbolic host, port, or
usernames.
The following is an example of what the output might look like:
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 65.213.7.96:22 13.29.132.19:12545 ESTABLISHED 32376/sshd
tcp 0 224 65.213.7.96:22 13.29.210.13:29250 ESTABLISHED 13858/sshd
tcp 0 0 65.213.7.96:6667 13.29.194.190:33452 ESTABLISHED 1870/ircd
tcp 0 0 65.213.7.96:6667 216.39.144.152:42709 ESTABLISHED 1870/ircd
tcp 0 0 65.213.7.96:42352 67.113.1.99:53 TIME_WAIT -
tcp 0 0 65.213.7.96:42354 83.152.6.9:113 TIME_WAIT -
tcp 0 0 65.
Pages:
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501