Been getting hacked and 3rd time i caught hacker in nmap but im novice

So I am new here I am running linux mint with standard protection like decent passwords,
using firewall in wifi 6 router, GUWF, rkhunter ( it always shows large mem segments on scan or warning in lwp request ).

Anyways first time I got hacked I had my computer act like it was under control and new programs kept getting installed till it was too slow, 2 accounts were stolen with a hacker pretending to be me, he also had a bluetooth hacking tool to hack my cell phone and brick it.

2nd time it happened again and i believe he is hacking through a chat room as I suspect I know who it is. I am guessing he attacks the browser first ( i got a error from brave on the day my account was stolen saying brave is asking cpu for unsigned code ). So I had to see how he is doing this and I forgot the command I used.

3rd time I used a 2006 laptop. Its junk but I installed Linux mint, the firewall and a few basic security features to use the laptop as bait, fishing for this clown. I ran Nmap or netstat maybe something else but the command showed the sockets of the computers including mine in this websites chat room. I was just a lurker and I believe he is hacking more. So I see the sockets like a cartoon his computer leaves a socket and enters the socket my computer is on pretty quick. I was stunned that it was done just like that im maybe thinking its a reverse shell ? I am not a hacker and a long time ago I was only hacking my own wifi keys or ppl who gave permission when backtrack was around. Anyways I caught him, he saw what I was running and went stupid in the laptop. A average user like me got him the rest are clueless. Anyways I forgot what I used. do you guys know if its nmap, netstat or another program that shows these active socket connections ? Thanks. I forgot it after some time also the command had nmap showing all these exploits being added like it was a old video game. Any help i would appreciate.

Right now im just avoiding that site and added some more secure features.