[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Deciphering the output from tcpflow?



On Tue, Nov 02, 2004 at 07:11:43PM -0500, Robert Tilley wrote:
> To discover the identity of the process sending unknown traffic on eth0, it 
> was suggested that I run tcpflow.  The result and another question follows:
> 
> root@debian-rtg:/home/tilleyrw/tcpflow-dumps# ls -S
> 065.032.005.052.00110-192.168.001.103.33847
> 065.032.005.052.00110-192.168.001.103.33846
> 192.168.001.103.33846-065.032.005.052.00110
> 192.168.001.103.33847-065.032.005.052.00110
> 
> Now that I know the specifics of From and To about the traffic, how does that 
> help me in terms of identifying the offending process IDs?
> -- 
never used the program but it looks like:
IP 65.32.5.52 port 110 sending to -> 192.168.1.103 port 33847
...
port 110 is pop3 
HTH
-Kev
-- 
counter.li.org #238656 -- goto counter.li.org and be counted!

        (__)
        (oo)
  /------\/
 / |    ||
*  /\---/\
   ~~   ~~
...."Have you mooed today?"...

Attachment: signature.asc
Description: Digital signature


Reply to: