I noticed tonight as I was about to get off the computer and head for bed that the network meter on my taskbar was still showing a bit of activity. And while I did notice the Sarge upgrade has changed the way the network meter shows traffic, making it look like more than it is, the network switch agreed with this constant stream as well. Looking at the meter on the taskbar, we're only talking a little under 0.5kbp/s. But, looking at the output of netstat, I noticed the following entry: Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 jacob.6texans.net:42799 xenon.hscs.Virgi:telnet ESTABLISHED All the other entries list an ip address or FQDN. Furthermore, I don't have a Telnet server installed on this computer and I'm not connected to any other computers via telnet. This computer is on an internal network protected by a Debian Woody firewall box. A run of chkrootkit didn't turn up anything, but I can't think of any other reason to still be seeing traffic. Any thought, hints, tips? TIA, Jacob -- GnuPG Key: 1024D/16377135 Random .signature #15: "What you end up with, after running an operating system concept through these many marketing coffee filters, is something not unlike plain hot water." --Matt Welsh
Attachment:
pgpnKn7J2Flsu.pgp
Description: PGP signature