How I Use netstat and ss to Catch Suspicious Connections on Linux | by Faruk Ahmed | Jul, 2025
#netstat#connections#linux#catch
Faruk

Faruk @cyberwebpen

About: InfoSec Analyst | 10+ yrs in DLP, CrowdStrike, QRadar, Qualys, Linux Admin, WebLogic Admin | Python & Bash Enthusiast | Passionate about cybersecurity, automation, and continuous learning.

Joined:
Apr 27, 2025

How I Use netstat and ss to Catch Suspicious Connections on Linux | by Faruk Ahmed | Jul, 2025

Publish Date: Jul 8
0 0

Member-only story

How I Use netstat and ss to Catch Suspicious Connections on Linux

--

Share

Intro: Sometimes the biggest threats to your Linux server aren’t in the logs — they’re quietly hiding in plain sight, listening on open ports or making outbound connections you didn’t authorize. This post explains how I use netstat and ss to find those sneaky processes and shut them down before they become a real problem.

🔍 1. The Threat: Undetected Network Activity

Most malware and unauthorized scripts “call home” or open ports to accept commands. If you’re not checking for this regularly, you’re trusting every connection your server makes.

⚙️ 2. Install net-tools and Use netstat

On older systems or for familiarity:

# Debian/Ubuntu:sudo apt install net-tools
Enter fullscreen mode Exit fullscreen mode 
# Red Hat/CentOS:sudo yum install net-tools
Enter fullscreen mode Exit fullscreen mode

Check all listening ports:

sudo netstat -tulnp
Enter fullscreen mode Exit fullscreen mode

This lists:

  • Protocol (tcp, udp)
  • Local address/port
  • PID/Program name

🚀 3. Use ss for Faster and Modern Analysis

👉 Read Full Blog on Medium Here

Comments 0 total

    Add comment