# monitor ports

## noise

how do i see what ports are used?

nmap only scans to see if they are open.. but i need umm ..

for example:

if i have ftp server running. I would like to see who is connected at the moment (IP, user name and souch....). If possible.. for any port I choose (http, ssh, ...etc)..

thanx!

----------

## pjp

netstat might be what you want.

----------

## noise

yeah that wasnt so bad but i could use something with live update (like when i run command TOP)...

any more ideas?

----------

## DArtagnan

 *kanuslupus wrote:*   

> netstat might be what you want.

 

Netstat can do damage steps?

I mean, my net admin is a little crazy and see every thing is done on the net...will he see that i use netstat?

----------

## Ethernal

netstat only shows active connections on your pc, not anyone elses, so no, he won't see it. nmap:ing will freak him out though   :Very Happy: 

----------

## Matje

Doesn't the app ftpwho show on which port they are connected? It shows information of which file is being fetched, which client is connected, ... so it might just show that too  :Smile:  Don't have access to a ftp box atm so I can't check  :Smile: 

----------

## Ethernal

but that'll only show users actually connected to your ftp service, right?

----------

## noise

 *Ethernal wrote:*   

> but that'll only show users actually connected to your ftp service, right?

 

Yeah i think so... What i'm looking for is more of a 'global aproach'. I wouldnt go as far to say: 'Any port given...', but usual services would be nice  :Smile: .

I'm sure that there must be some kind of network monitor/analyser... or something like that  :Smile: .

//noise

----------

## fyerk

lsof might be what you're looking for. It's quite verbose, but should show you everything you could possibly want. Use with grep is recommended.

----------

## fyerk

[delete]

----------

## fyerk

[delete]

----------

## fyerk

Hmmm.. If a moderator is around could you please delete my last three posts (including this one).

For some weird reason 4 copies of the same post were sent even though phpBB displayed a "General Error".

Strange...

----------

## vertex

is "netstat | grep ESTABLISHED"

----------

## Craigo

Try this?

*  net-analyzer/ntop

      Latest version available: 2.0.99_rc2-r2

      Latest version installed: [ Not Installed ]

      Homepage: http://www.ntop.org/ntop.html

      Description: ntop is a unix tool that shows network usage like top

There is a lot of tools, just do some 'emerge -s network' etc and play around.

-/Craigo/-

----------

## cranch

could you explain that app to me  :Smile: 

I emerged it...tried to run it as SU

says it can't for security reasons...when I run it as a normal user it complains about needing root permissions to do network things...

am I missing something?

----------

## Craigo

The explanation about ntop is over 

http://www.ntop.org/overview.html

You have to be root to use this application so it can use raw sockets. Read the site for help etc. Type 'man ntop' should help.

But then if you don't want to try this out, there are many others applications...

-/Craigo/-

----------

