Re: Deciphering the output from tcpflow?

To: debian-user@lists.debian.org
Subject: Re: Deciphering the output from tcpflow?
From: Pigeon <jah.pigeon@ukonline.co.uk>
Date: Wed, 3 Nov 2004 02:00:00 +0000
Message-id: <[🔎] 20041103020000.GU608@schnellbox.pigeonloft>
In-reply-to: <[🔎] 200411021911.43457.tilleyrw@cfl.rr.com>
References: <[🔎] 200411021911.43457.tilleyrw@cfl.rr.com>

On Tue, Nov 02, 2004 at 07:11:43PM -0500, Robert Tilley wrote:
> To discover the identity of the process sending unknown traffic on eth0, it 
> was suggested that I run tcpflow.  The result and another question follows:
> 
> root@debian-rtg:/home/tilleyrw/tcpflow-dumps# ls -S
> 065.032.005.052.00110-192.168.001.103.33847
> 065.032.005.052.00110-192.168.001.103.33846
> 192.168.001.103.33846-065.032.005.052.00110
> 192.168.001.103.33847-065.032.005.052.00110
> 
> Now that I know the specifics of From and To about the traffic, how does that 
> help me in terms of identifying the offending process IDs?

You're talking to port 110 (POP3) on pop-server2.cfl.rr.com... look
for POP3 clients?

-- 
Pigeon

Be kind to pigeons
Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x21C61F7F

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Deciphering the output from tcpflow?
  - From: Robert Tilley <tilleyrw@cfl.rr.com>

Prev by Date: Re: Unidentified subject!
Next by Date: Re: raid
Previous by thread: Re: Deciphering the output from tcpflow?
Next by thread: Re: Deciphering the output from tcpflow?
Index(es):
- Date
- Thread