Member-only story
How I Use netstat and ss to Catch Suspicious Connections on Linux
--
Share
Intro: Sometimes the biggest threats to your Linux server arenโt in the logs โ theyโre quietly hiding in plain sight, listening on open ports or making outbound connections you didnโt authorize. This post explains how I use netstat and ss to find those sneaky processes and shut them down before they become a real problem.
๐ 1. The Threat: Undetected Network Activity
Most malware and unauthorized scripts โcall homeโ or open ports to accept commands. If youโre not checking for this regularly, youโre trusting every connection your server makes.
โ๏ธ 2. Install net-tools and Use netstat
On older systems or for familiarity:
# Debian/Ubuntu:sudo apt install net-tools
# Red Hat/CentOS:sudo yum install net-tools
Check all listening ports:
sudo netstat -tulnp
This lists:
- Protocol (tcp, udp)
- Local address/port
- PID/Program name
Top comments (0)