I checked established connections with "netstat" command in command prompt, and I found that there are some connections with ip’s of microsoft (I checked ip online) that have http (and not https) connection established, they bring to some svchost.exe in a Win32 folder of the system. I know that http connections are not safe, but I guess they are safe since they have microsoft ip, but why these connections are not encrypted (http)? Is it normal?
enter image description here
These are the output images of the netstat command I ran it shows that they’re are too many outbound connection and many dgrams and stream . I also tried to capture the output using Wireshark and then reverse checking the IP address to whom does it belongs ( using www.arin.net) it showed up various organisation ( Google, Astricia).
I also tried to turnoff the wifi and then ran netstat but no change in the dgram and stream connections.
Please help , any input will be appreciated.
I was monitoring network connections using Netstat and came across Netstat -tlnp i was wondering what this it what it does and how the command works i have checked the Netstat man pages for my distro however can not seem to find the entire syntax any help will be appreciated Note: The reason why i ask this question here is because i have recently got into Information Security and was playing around with monitoring network traffic and looking into open connections to possible command and control servers
What does netstat -tlnp do and mean? I have read the man pages for netstat however can only find a answer for -l not the other options
I have run nginx once, but I have two, and only one node.js web server. The result of running
netstat -tnlp is as follows:
What’s the difference between
0.0.0.0: * and
netstat -tnlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1108/sshd tcp 0 0 127.0.0.1:27016 0.0.0.0:* LISTEN 20389/mongod tcp 0 0 0.0.0.0:3305 0.0.0.0:* LISTEN 17224/mysqld tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1139/nginx -g daemo tcp6 0 0 :::22 :::* LISTEN 1108/sshd tcp6 0 0 :::3002 :::* LISTEN 20567/node tcp6 0 0 :::80 :::* LISTEN 1139/nginx -g daemo
On Linux, network monitoring tools are limited to the current namespace and does not show the whole machine connections (like
I have to loop on all namespaces to see the whole machine connections with
sudo ip -all netns exec lsof -i
Is there other connections that are also hidden from lsof/netstat?
I am working on a PoC and I am currently adding APT. I would like to know if anyone knows any source code where netstat and/or ss tools are modified to not show connections on certain ports.
I am trying to look at the processes tagged to each individual tcp connection using busybox netstat -p as shown from their docs. However, after rooting and checking my root with RootChecker, it seems like i have root access and SU access; but unable to run adb shell busybox netstat and it shows the error
I am using NoxPlayer 18.104.22.168, running android version 4.4.2. This shows a picture of my attempt to do the same thing in Terminal Emulator itself.
And this shows an image of rootChecker verifying that i rooted the phone properly.
I came across articles saying that /proc/net is a symbolic link; thus only providing a “shortcut” to the file path and not the actual file, thus, netstat command was unable to be executed?
Hope to get some help for this issue.
Ubuntu server 18.04on local hardware
- A laptop from which I want to
sshinto the server over local network
Every once in a while right after boot, I can
ssh into the machine for a few minutes. But most of the time I simply get:
connect to host 192.168.0.101 port 22: Connection refused.
On the server
I disabled the firewall:
sudo ufw disable, but didn’t help.
Then I checked
netstat -nlptand it told me that
sshdis listening on port 22.
On my laptop
- But then I tried
nmap -v -p 22 192.168.0.101and it told me that port 22 was closed.
I am very confused why
nmap tell me different things. Could it be that my wifi-router is blocking ssh somehow?