checking active connections - netstat

Discussion in 'macOS' started by Theoyster, Jul 24, 2010.

  1. Theoyster macrumors member

    Joined:
    Apr 21, 2010
    #1
    Hello,

    Not sure if I am posting this in the right place but I am relatively new to the mac world and want to make sure my computer is secure. Using netstat output, what exactly would one look for to see if there are any intruders on the system? Here is the current output:

    PHP:
    Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
    tcp4       0      0  192.168.1.100.49235    173.194.8.27.http      ESTABLISHED
    tcp4       0      0  192.168.1.100.49231    iw
    -in-f139.1e100.http  ESTABLISHED
    tcp4       0      0  localhost
    .ipp          *.*                    LISTEN
    tcp4       0      0  localhost
    .netinfo-loca localhost.1017         ESTABLISHED
    tcp4       0      0  localhost.1017         localhost
    .netinfo-loca ESTABLISHED
    tcp4       0      0  localhost
    .netinfo-loca localhost.1021         ESTABLISHED
    tcp4       0      0  localhost.1021         localhost
    .netinfo-loca ESTABLISHED
    tcp4       0      0  localhost
    .netinfo-loca *.*                    LISTEN
    udp4       0      0  
    *.ipp                  *.*                    
    udp4       0      0  localhost.49156        localhost.1022         
    udp4       0      0  localhost.49155        localhost.1022         
    udp4       0      0  localhost.1022         
    *.*                    
    udp4       0      0  localhost.49154        localhost.1023         
    udp4       0      0  localhost.1023         
    *.*                    
    udp4       0      0  192.168.1.100.ntp      *.*                    
    udp4       0      0  localhost.ntp          *.*                    
    udp4       0      0  *.ntp                  *.*                    
    udp4       0      0  *.*                    *.*                    
    udp4       0      0  localhost.netinfo-loca *.*                    
    Active LOCAL (UNIXdomain sockets
    Address  Type   Recv
    -Q Send-Q    Inode     Conn     Refs  Nextref Addr
     1ffc3b8 stream      0      0  24aff78        0        0        0 
    /private/var/run/cupsd
     1ffc770 stream      0      0  23496b4        0        0        0 
    /var/run/pppconfd
     1ffce58 stream      0      0        0  1ffcdd0        0        0 
    /var/run/asl_input
     1ffcdd0 stream      0      0        0  1ffce58        0        0
     1ffca18 stream      0      0  226b630        0        0        0 
    /var/run/asl_input
     1ffcee0 stream      0      0  226bbdc        0        0        0 
    /var/run/portmap.socket
     1ffcf68 stream      0      0  1ff1420        0        0        0 
    /var/launchd/0/sock
     1ffc5d8 dgram       0      0        0  1ffc2a8  1ffc2a8        0
     1ffc2a8 dgram       0      0        0  1ffc5d8  1ffc5d8        0
     1ffc440 dgram       0      0        0  1ffc990        0  1ffc4c8
     1ffc4c8 dgram       0      0        0  1ffc990        0  1ffc550
     1ffc550 dgram       0      0        0  1ffc990        0  1ffc660
     1ffc660 dgram       0      0        0  1ffc990        0  1ffc6e8
     1ffc6e8 dgram       0      0        0  1ffc990        0  1ffc7f8
     1ffc7f8 dgram       0      0        0  1ffc990        0  1ffcbb0
     1ffcbb0 dgram       0      0        0  1ffc990        0  1ffc880
     1ffc880 dgram       0      0        0  1ffc990        0  1ffcc38
     1ffc908 dgram       0      0        0  1ffcaa0  1ffcaa0        0
     1ffcaa0 dgram       0      0        0  1ffc908  1ffc908        0
     1ffcc38 dgram       0      0        0  1ffc990        0  1ffccc0
     1ffccc0 dgram       0      0        0  1ffc990        0  1ffcb28
     1ffcb28 dgram       0      0        0  1ffc990        0  1ffcd48
     1ffcd48 dgram       0      0        0  1ffc990        0        0
     1ffc990 dgram       0      0  226b528        0  1ffc440        0 
    /var/run/syslog

    I have taken all the normal precautions, firewall on stealth mode, all services off etc. Do you see anything that is not supposed to be there?

    I am primarily concerned with security against remote attacks.

    Thanks
     
  2. mac2x macrumors 65816

    Joined:
    Sep 19, 2009
    #2
    https://www.grc.com/x/ne.dll?bh0bkyd2

    Works better if you are on a public IP; not so well if you are behind a router. It will tell you what ports you have open.

    I configured ipfw (the stock BSD Unix firewall), but it's a rather advanced task that requires a lot of command line use as well as tinkering with system folders, and some knowledge about firewalls.
     
  3. satcomer macrumors 603

    satcomer

    Joined:
    Feb 19, 2008
    Location:
    The Finger Lakes Region
    #3
    When put roaming with my Mac Book pro I forgo the OS X GUI firewall for the ipfw using NoobProof while using OpenDNS.

    Lastly I use iStat Menus to keep a graphic point in my menu bar for network monitoring and processor monitoring.
     

Share This Page