Re: Interesting netstat results
On Sun, Jul 04, 2004 at 01:15:22AM -0500, Jacob S. wrote:
> I noticed tonight as I was about to get off the computer and head for
> bed that the network meter on my taskbar was still showing a bit of
> activity. And while I did notice the Sarge upgrade has changed the
> way the network meter shows traffic, making it look like more than it
> is, the network switch agreed with this constant stream as well. Looking
> at the meter on the taskbar, we're only talking a little under 0.5kbp/s.
>
> But, looking at the output of netstat, I noticed the following entry:
>
> Active Internet connections (w/o servers)
> Proto Recv-Q Send-Q Local Address Foreign Address State
> tcp 0 0 jacob.6texans.net:42799 xenon.hscs.Virgi:telnet
> ESTABLISHED
Do you know that machine (xenon.hscs.Virgi)? I can't look it up, so I
guess the name is truncated. Try to run
sudo netstat --inet -np
You will see the IP address, instead of half the name, and you can look
that up with
host 192.168.0.1
where 192.168.0.1 should of course be replaced by the IP address. In the
last column of netstat, you will see the PID of the process running the
connection, as well as its name (possibly). Run
ps -ef
and look for you process. Which process is it? Which user is running
that process? Since when has it been running?
HTH,
David
--
Hi! I'm a .signature virus. Copy me into
your ~/.signature to help me spread!
Reply to: