Paul Walker on 3 Sep 2014 17:19:15 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Tools for analyzing network traffic from personal computer?

I think I'll spin up a couple scripts to check network activity against a baseline, but in the end I probably want to go with something more robust.... LittleSnitch was recommended but I'd prefer to use something foss. More research.


On Wed, Sep 3, 2014 at 6:28 PM, Keith C. Perry <kperry@daotechnologies.com> wrote:
I generally I will do something like "netstat -tnp" so that the pid numbers for the tcp connections are is included but that is on Linux.  I don't remember if the p parameter is on the OS-X version.

I used to use ethereal (now wireshark) when I was teaching networking classes.  Looks like they do have OS-X versions.



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Keith C. Perry, MS E.E.

From: "Michael Lazin" <microlaser@gmail.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Sent: Wednesday, September 3, 2014 6:16:09 PM
Subject: Re: [PLUG] Tools for analyzing network traffic from personal        computer?


Well for a server I am fond of lsof for finding malware because it's output includes the PID as well as the open port.  If you see something running on a port that shouldn't be open you can search /proc for the directory that corresponds with the PID and see what the path of the portbinding script is.


On Wed, Sep 3, 2014 at 6:12 PM, Paul Walker <starsinmypockets@gmail.com> wrote:
I'm running OSX on a laptop and trying to get a better handle on what sort of network traffic is happening on it. I'm `using netstat -t -a` which outputs a very long list (600+) of tcp / udp connections. I have a psuedo-professional curiosity about what all this stuff is. I'm wondering if there are any tools or resources folks would recommend that could help me analyze the network traffic, to detect malware for instance, and also just as an educational exercise. 

Cheers,

Paul

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug




--
Michael Lazin

to gar auto estin noein te kai ennai

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug