09-09-2011, 03:08 AM
Hello good people,
I thought I would talk a bit about netstat. Its quite a helpful tool to manage incoming and out going connections. Connections made can be easily viewed with netstat command.
Here I will discuss the various modes of this command.
Requirements:
Command shell
Checking connections:
This is pretty basic stuff:
netstat [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]
-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with the -s option.
-n Displays addresses and port numbers in numerical form.
-p proto Shows connections for the protocol specified by proto; proto may be TCP or UDP. If used with the -s option to display per-protocol statistics, proto may be TCP, UDP, or IP.
-r Displays the routing table.
-s Displays per-protocol statistics.
Now when we make a connection, under "foreign addresses" we can see the IP its sending a syn packet to and at which port.
Killing a TCP session:
LINUX
Killing a TCP session is pretty easy in LINUX,
tcpkill -i eth0 { expression }
Example:
(a) Kill all outgoing ftp (port 21) connection:
tcpkill -i eth0 port 21
(b) Kill all all packets arriving at or departing from host 192.168.1.2 (host12.nixcraft.com)
tcpkill host 192.168.1.2
WINDOWS
Well, people tend to use third party programs but this will give you guys an idea of how it works.
Getting process ID
Since every process has an ID, we can achieve the TCP session IP with netstat,
netstat -b | find ":100"
This will show the process id of all the TCP connections taking place with port 100 and its corresponding process ID.
Killing the ID
Well, you can do that with taskkill.
taskkill /PID {argument}
I thought I would talk a bit about netstat. Its quite a helpful tool to manage incoming and out going connections. Connections made can be easily viewed with netstat command.
Here I will discuss the various modes of this command.
Requirements:
Command shell
Checking connections:
This is pretty basic stuff:
netstat [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]
-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with the -s option.
-n Displays addresses and port numbers in numerical form.
-p proto Shows connections for the protocol specified by proto; proto may be TCP or UDP. If used with the -s option to display per-protocol statistics, proto may be TCP, UDP, or IP.
-r Displays the routing table.
-s Displays per-protocol statistics.
Now when we make a connection, under "foreign addresses" we can see the IP its sending a syn packet to and at which port.
Killing a TCP session:
LINUX
Killing a TCP session is pretty easy in LINUX,
tcpkill -i eth0 { expression }
Example:
(a) Kill all outgoing ftp (port 21) connection:
tcpkill -i eth0 port 21
(b) Kill all all packets arriving at or departing from host 192.168.1.2 (host12.nixcraft.com)
tcpkill host 192.168.1.2
WINDOWS
Well, people tend to use third party programs but this will give you guys an idea of how it works.
Getting process ID
Since every process has an ID, we can achieve the TCP session IP with netstat,
netstat -b | find ":100"
This will show the process id of all the TCP connections taking place with port 100 and its corresponding process ID.
Killing the ID
Well, you can do that with taskkill.
taskkill /PID {argument}