On Tuesday 16 February 2010 14:23:31 Kelly Dunlop wrote:
[snip]
> I'd try:
>
> netstat -atn
>
> and check for a tcp line with port 22 (:22) in LISTEN mode eg:
>
> tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
>
> which tells you sshd is running and listening on port 22.
>
> Then:
>
> ps -ef | grep sshd
>
> just to check that sshd is running.
I have been trying to follow this thread, with limited success, as it is an
area where my igonorance is both wide and deep. :-( But I hope to learn.
So I have been trying the various commands to see what I get. arp -n just
gave me my router from 2 computers currently active on the LAN.
The IPs of the two active computers are 192.168.0.2 and 192.168.0.3. The
router is 192.168.0.1.
I then tried the following (from 192.168.0.2):
Tux:/home/lisi# netstat -atn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:59782 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:1004 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:7741 0.0.0.0:* LISTEN
tcp 0 0 192.168.0.2:43311 92.122.211.37:1935
ESTABLISHED
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
Tux:/home/lisi# ps -ef | grep sshd
root 2341 1 0 06:38 ? 00:00:00 /usr/sbin/sshd
root 15602 15392 0 11:08 pts/1 00:00:00 grep sshd
Tux:/home/lisi#
If I have understood correctly, that is a bit worrying. (The ESTABLISHED
one.) So have I understood? I hope that I have not. ;-0.
If it _is_ ominous, I can block that IP. But I presumably need to close some
open ports as well?
Lisi
