Is it possible to have netstat show the date/time the connection was established? Is this information even stored anywhere in Linux?
-
No I checked at the man page of netstat and there is no way of knowing the time of an established connection using netstat.
And I don't think it is stored anywhere because connection are so dynamic.
From Gopoi -
I have never seen any network structures for holding time a connection was established. The information can be logged by stateful firewalls. However, they only track when the last activity occurred.
In some cases, it is roughly derivable from when the process to servicing the connection was created.
From BillThor -
The
-poption ofnetstatallows to get the process ID of the process that initiated the connection.
Used in conjunction with the-a(all) and-n(numeric) optionsnetstat -anpThe list of sockets is displayed along with useful information
unix 3 [ ] STREAM CONNECTED 60670 7392/firefox-binUsing
ps -ef(orpsgrep) get the information associated to the 7392 process, likeSTIMEps -ef | grep 7392 UID PID PPID C STIME TTY TIME CMD me 7392 7388 2 09:37 ? 00:01:34 /usr/lib/firefox-3.6.10/firefox-binThe process was started at 09:37.
Gopoi : This only state that the process has started at a certain time it does not provide any information about a specific connection time. Firefox that you give in example, he will establish a lot of connection for the many pages that you open the time of firefox runing has no related information of what time took a connection.ring0 : @Gopoi Of course, this is just an example. I assume the author knows the difference between a process and a connection. This will be relevant if the process starts the connection at first, and dies with it.From ring0 -
You can do it with ipclog & constat
From Casual Coder
0 comments:
Post a Comment