netstat -a -n -f inet -P tcp
Which gives me *everything*. Now let's filter out localhost connections:
netstat -a -n -f inet -P tcp | awk '$2 !~ /^127\.0\./'
Sweet! Now let's get rid of stuff on our local LAN (192.168.1.0/24) and stuff that's in a LISTEN state:
bash-3.00$ netstat -a -n -f inet -P tcp | \
awk '$2 !~ /^127\.0\./ && $2 !~ /^192\.168\.1\./ && $7 !~ /LISTEN/'
TCP: IPv4
Local Address Remote Address Swind Send-Q Rwind Recv-Q State
-------------------- -------------------- ----- ------ ----- ------ -----------
*.* *.* 0 0 49152 0 IDLE
*.* *.* 0 0 49152 0 IDLE
*.1017 *.* 0 0 49152 0 BOUND
*.32832 *.* 0 0 49152 0 BOUND
192.168.1.29.22 10.88.0.90.54670 64128 0 49232 0 ESTABLISHED
Getting closer... let's also remove those idle and bound lines:
bash-3.00$ netstat -a -n -f inet -P tcp | \ awk '$2 !~ /^127\.0\./ && $2 !~ /^192\.168\.1\./ && $7 !~ /LISTEN/ && $7 !~ /BOUND/ && $7 !~ /IDLE/' TCP: IPv4 Local Address Remote Address Swind Send-Q Rwind Recv-Q State -------------------- -------------------- ----- ------ ----- ------ ----------- 192.168.1.29.22 10.88.0.90.54670 64128 0 49232 0 ESTABLISHED
Yay. Now I can see my SSH login, and more to the point, see that there are no other connections to this host from outside our LAN, which is what I wanted to check.
No comments:
Post a Comment