Checking how many connections are established on specified port - unix

How can I check, how many connections are established for example on port 80 and then write it to the file using bash console?
I've read that netstat can do this, but I can not find , what exactly should I do with that, as I'm newbie on "Unix" systems.

You probably want sockstat if you're on FreeBSD:
sockstat -c -L -P tcp -p 80

Related

windows 10 bash tcpdump: socket: Invalid argument

I am using windows 10 bash to use tcpdump
From tutorial i found that to listen to a interface command is:
tcpdump -i eth0 //eth0 is ethernet interface
tcpdump -i any // to listen to any interface
In both cases I am getting tcpdump: socket: Invalid argument error.
NOTE:
tcpdump -D
does not print anything on console.
Based on https://github.com/Microsoft/WSL/issues/69, this is a limitation of the current Windows Subsystem for Linux. The Fall Creators update added a lot of functionality, but tcpdump still does not work.
Try nmap. It will output a page of errors but eventually works.
sudo nmap -sP 192.168.1.0/24
WSL, while utilizing Linux, is not a "true" Linux based operating system yet.

DoS attack using iperf in the network

I would like to do a TCP DoS attack using iperf in my simulated network. (I use mininet). The only code that I could find is the following command for making UDP burst traffic in my network which is not relevant.
(host1: 10.0.0.1) iperf -s
(host2: 10.0.0.2) iperf -c 10.0.0.1 -b 30M -l 1200
Please let me know if there is a better code to do the TCP DoS attack using iperf or even if, there is any other code or approach to make TCP traffic as an attack.
Thanks in advance.
The only thing I could do is that, just to add number of iperf tx form attacker using threads. In this way,it sends packet in parallel to the server. So, I used the following code:
host1: 10.0.0.1) iperf -s
(host2: 10.0.0.2) iperf -c 10.0.0.1 -b 30M -l 1200 -P 6
If you want to send UDP flooding, then you must use -u switch on the server command:
iperf -s -u
on the client side, using your specification, it will be:
iperf -c 10.0.0.1 -t 200 -l 1200 -P 6
iperf is suitable for bandwidth testing. If you want to do ddos attack, please try hping3 or dperf.

nmap scan (part of UDP but full range TCP)

i have a question about nmap scan exactly about part of udp ports but full range tcp ports together...is it possible? I mean that i would like to scan just a few udp ports (most common) but the whole 65535 tcp in one command.
i try this full range but this is very slow
nmap -v -n -sT -sU -p- -sV -sC --open --reason (ip)
i also try
nmap -v -n -sT -sU -p U:53,111,137 T:(here need tips for full range tcp) -sV -sC --open --reason (ip)
thanks for your time
The syntax you need to use is: -p U:53,111,137,T:-
The - part means "all ports" and is equivalent to 1-65535. Because it comes after the T:, it applies only to TCP ports.
You probably also want to use -sS instead of -sT. Both scan for open TCP ports, but -sS lets Nmap have more fine-grained control over scan probes and a better understanding of responses, which leads to faster overall scan times. -sT uses generic socket connect() calls, which can be less efficient.

Do i have reset service/something when banning an ip with iptables -j DROP

I just run this command
iptables -A INPUT -s 1.1.1.1 -p TCP -j DROP
Do i have to reset a service or something like that? It does not seems to work because when i use netstat -antp i can still see the ip i just dropped
The TCP connection may still be kept open until the timeouts (up to 5 minutes if I remember correctly), but the traffic itself should be dropped (eg. there should be no data flowing).

lsof print numeric ports

How do you get lsof to produce numeric port information instead of attempting to resolve the port to service name?
For example, I want TCP *:http (LISTEN) to give me TCP *:80 (LISTEN) in-fact if at all possible I never want to see another service name in lsof print-out ever again. So if there is a way to make numeric ports the default I would like to understand how to do that as well.
Run lsof -P.
And make sure the P goes before the i, if you combine the option with -i:
lsof -Pi
According to man lsof, -P inhibits the conversion of port numbers to port names for network files. Inhibiting the conversion may make lsof run a little faster. It is also useful when port name lookup is not working properly."
Sometimes handy is:
lsof -Pi
When I tried losf -iP it gave me some trash, so make sure P goes first.
As a side note: lsof -3.14 will provide the same trash, don't try this.

Resources