Netstat is an extremely useful Linux command line tool that allows you to check which service is connecting to a port on your machine. Netstat ir ļoti noderīgs Linux komandrindas rīks, kas ļauj jums pārbaudīt visu, ko pakalpojumu ir saistīta ar ostas uz jūsu datora. It is very useful to analyze what's going on on your machine when you are facing or trying to to prevent an attack on it. Tas ir ļoti noderīgi, lai analizētu to, kas notiek jūsu datorā, kad saskaras vai mēģināt, lai novērstu uzbrukumu tai. You can find information such as how many connection are being made on a port, which IP addresses these connections originate from, and much more. Jūs varat atrast informāciju, piemēram, cik daudz savienojums tiek veikts osta, kas IP adreses šiem savienojumiem izcelsme, un vēl daudz vairāk. Netstat ships with most distributions of Linux so it should already be installed on yours. Netstat kuģi ar lielāko daļu sadali Linux, lai tā jau būtu instalēta jūsu.

Launch a shell terminal on your machine and run the following command: Uzsākt shell termināls jūsu datorā un palaist šādu komandu:

# netstat -ant # Netstat-ant
Active Internet connections (servers and established) Active interneta pieslēgumi (serveri un atzīti)
Proto Recv-Q Send-Q Local Address Foreign Address State Proto Recv-Q Sūtīt Q Local Address Foreign Address valsts
tcp 0 0 ::ffff:192.168.1.19:80 ::ffff:192.168.1.240:63049 TIME_WAIT tcp 0 0:: ffff: 192.168.1.19:80:: ffff: 192.168.1.240:63049 TIME_WAIT
tcp 0 0 ::ffff:192.168.0.19:80 ::ffff:192.168.1.240:62793 TIME_WAIT tcp 0 0:: ffff: 192.168.0.19:80:: ffff: 192.168.1.240:62793 TIME_WAIT
tcp 0 0 ::ffff:192.168.1.19:80 ::ffff:192.168.1.240:62795 TIME_WAIT tcp 0 0:: ffff: 192.168.1.19:80:: ffff: 192.168.1.240:62795 TIME_WAIT

The output will most likely be very long. Produkcija, visticamāk, būs ļoti ilgs. I've just given a snapshot of the output above. Esmu tikko sniegta aktuālākā informācija par produkcijas iepriekš. As you can see in the data above there is a connection made from 192.168.1.240 to my server's port 80 using the TCP protocol and the connection in the a state of TIME_WAIT. Kā jūs varat redzēt iepriekš minētie dati ir savienojums, kas no 192.168.1.240 līdz mana servera portu 80, izmantojot TCP protokolu un savienojumu stāvokli TIME_WAIT. The out put that you get for your server will have information about all the ports on your machine, not just port 80. Kas izvirzīti, ka jums par jūsu serveris ir informācija par visām ostām, uz jūsu datora, ne tikai ostas 80.

The first thing you realize is that an output this big is not of too much use. Pirmā lieta, tu saproti, ka izejas lielajā tas nav pārāk daudz. So let's organize it a bit. So let's organizēt tā mazliet. Here are a few tricks I use to analyze the nature of the connections being made to of from my server. Šeit ir daži triki lietot, lai analizētu veidu savienojumiem ir izdarīta uz no mana servera. the first thing I do is figure out which services I want to analyze. pirmais, ko man darīt, ir skaitlis, kura pakalpojumus es gribu analizēt. Usually it is port 80 as that's the default port for the web server to run on, and port 3306 which is the default port for MySQL to run on. Parasti tas ir porta 80, jo tas ir noklusējuma portu tīmekļa serveris darbojas, un osta 3.306, kas ir noklusējuma portu MySQL darboties tālāk. So i use the following query to see what's going on on port 80: Tātad es izmantoju šādu vaicājumu, lai redzētu, kas notiek no 80 port:

# netstat -ant | grep 80 # Netstat-ant | grep 80

Again I get big list of connections, smaller than the first, but still too big to grasp. Atkal man liels saraksts savienojumu, mazāki nekā pirmais, bet joprojām ir pārāk liels satvert. So I use the “wc -l” command to count the number of lines in the output to see approximately how many connections I have on my port 80: So I use "wc-l" komandu skaits skaita līnijas izejas, lai redzētu aptuveni cik daudz savienojumu esmu par manu portu 80:

# netstat -ant | grep 80 | wc -l # Netstat-ant | grep 80 | wc-l
625 625

And then I do the same for MySQL: Un tad es pati MySQL:

# netstat -ant | grep 3306 | wc -l # Netstat-ant | grep 3306 | wc-l
61 61

Now, if I want to get a complete picture of what's going on on my server in terms of the nature of connections here's what I do: Tagad, ja es gribu iegūt pilnīgu priekšstatu par to, kas notiek uz mana servera ziņā raksturu savienojumu here's what I do:

# netstat -ant | awk '{print $6}' | sort | uniq -c | sort -n # Netstat-ANT | awk '(print $ 6)' | sort | uniq-c | sort-n

1 established) 1 jāizveido)
1 Foreign 1 Foreign
4 FIN_WAIT2 4 FIN_WAIT2
8 LISTEN 8 klausīties
16 CLOSE_WAIT 16 CLOSE_WAIT
134 ESTABLISHED 134 ESTABLISHE D
409 TIME_WAIT 409 TIME_WAIT

This tells me how many connections of different types of state I have on my machine. Šis man saka cik daudz savienojumu dažāda veida valsts esmu par manu mašīnu. I can run a similar command to see a complete picture of the state of all the connections made to my web server: Es nevaru palaist līdzīgs komandu redzēt pilnīgu priekšstatu par situāciju visiem savienojumiem, lai manu web serveri:

netstat -ant | grep 80 | awk '{print $6}' | sort | uniq -c | sort -n netstat-ant | grep 80 | awk '(print $ 6)' | sort | uniq-c | sort-n

1 FIN_WAIT1 1 FIN_WAIT1
4 LISTEN 4 Noklausīties
6 FIN_WAIT2 6 FIN_WAIT2
17 CLOSE_WAIT 17 CLOSE_WAIT
94 ESTABLISHED 94 ESTABLISHE D
534 TIME_WAIT 534 TIME_WAIT

You can perform a lot more complex things using Netstat along with other Linux command line tools. Jūs varat veikt daudz sarežģītākas lietas, lietojot netstat kopā ar citiem Linux komandrindas rīkus. It can be helpful to be familiar with some tricks to get this kind of information using Netstat, particularly when you are facing an attack on your server. Tas var būt noderīgi, ka zina kādu trikus, lai saņemtu šāda veida informāciju, izmantojot netstat, īpaši ja saskaras ar uzbrukumu jūsu serveri.