On Tue, 8 Aug 2000, Wayne Dyer wrote:
> my_machine.org for my machine's name. The traffic is NOT coming from my
> internal network. Where can I find a listing of the flags FP and R?
> Any ideas as to what's happening here?
>
> 08:21:38.088650 < 10.1.12.50.https > my_machine.org.3520: FP 1196603461:119
> 6603484(23) ack 3231268890 win 18980 (DF)
> 08:21:38.088774 > my_machine.org.3520 > 10.1.12.50.https: R 3231268890:3231
> 268890(0) win 0
Well, it looks an awful lot like you've got Netscape open, loading a page
over https : )
What does eth1 connect to?
If you want to know what has a connection open, you may need to do one of
two things:
1) If the connection looks like it's coming from your machine, and this
one does, try:
netstat -avnp | grep 3520
You may get more than one line, but look for a line that indicates that a
local interface has port 3520 open, like:
tcp 1 0 192.168.0.2:3520 10.1.12.50:443
CLOSE_WAIT 31639/netscape-comm
That line should include the name of the application, but will at least
give you the PID.
2) If it looks like a Masqueraded connection, in which case the local port
will be above 60000, then use:
ipchains -M -L
That will print out all of the open masquerading connections. You can use
that to figure out what machine has the connection open, but will have to
go there to figure out what program opened the connection.
MSG
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
