Re: Deciphering the output from tcpflow?

To: debian-user@lists.debian.org
Subject: Re: Deciphering the output from tcpflow?
From: Kevin Mark <kmark+debian-user@pipeline.com>
Date: Tue, 2 Nov 2004 19:56:30 -0500
Message-id: <[🔎] 20041103005630.GA7249@debian.potter>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 200411021911.43457.tilleyrw@cfl.rr.com>
References: <[🔎] 200411021911.43457.tilleyrw@cfl.rr.com>

On Tue, Nov 02, 2004 at 07:11:43PM -0500, Robert Tilley wrote:
> To discover the identity of the process sending unknown traffic on eth0, it 
> was suggested that I run tcpflow.  The result and another question follows:
> 
> root@debian-rtg:/home/tilleyrw/tcpflow-dumps# ls -S
> 065.032.005.052.00110-192.168.001.103.33847
> 065.032.005.052.00110-192.168.001.103.33846
> 192.168.001.103.33846-065.032.005.052.00110
> 192.168.001.103.33847-065.032.005.052.00110
> 
> Now that I know the specifics of From and To about the traffic, how does that 
> help me in terms of identifying the offending process IDs?
> -- 
never used the program but it looks like:
IP 65.32.5.52 port 110 sending to -> 192.168.1.103 port 33847
...
port 110 is pop3 
HTH
-Kev
-- 
counter.li.org #238656 -- goto counter.li.org and be counted!

        (__)
        (oo)
  /------\/
 / |    ||
*  /\---/\
   ~~   ~~
...."Have you mooed today?"...

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Deciphering the output from tcpflow?
  - From: Robert Tilley <tilleyrw@cfl.rr.com>

Prev by Date: Re: raid
Next by Date: Re: cdrecord & cdwriter
Previous by thread: Deciphering the output from tcpflow?
Next by thread: Re: Deciphering the output from tcpflow?
Index(es):
- Date
- Thread