On Tue, Nov 02, 2004 at 07:11:43PM -0500, Robert Tilley wrote: > To discover the identity of the process sending unknown traffic on eth0, it > was suggested that I run tcpflow. The result and another question follows: > > [EMAIL PROTECTED]:/home/tilleyrw/tcpflow-dumps# ls -S > 065.032.005.052.00110-192.168.001.103.33847 > 065.032.005.052.00110-192.168.001.103.33846 > 192.168.001.103.33846-065.032.005.052.00110 > 192.168.001.103.33847-065.032.005.052.00110 > > Now that I know the specifics of From and To about the traffic, how does that > help me in terms of identifying the offending process IDs? > -- never used the program but it looks like: IP 65.32.5.52 port 110 sending to -> 192.168.1.103 port 33847 ... port 110 is pop3 HTH -Kev -- counter.li.org #238656 -- goto counter.li.org and be counted!
(__)
(oo)
/------\/
/ | ||
* /\---/\
~~ ~~
...."Have you mooed today?"...
signature.asc
Description: Digital signature
