On Tue, Nov 02, 2004 at 07:11:43PM -0500, Robert Tilley wrote: > To discover the identity of the process sending unknown traffic on eth0, it > was suggested that I run tcpflow. The result and another question follows: > > root@debian-rtg:/home/tilleyrw/tcpflow-dumps# ls -S > 065.032.005.052.00110-192.168.001.103.33847 > 065.032.005.052.00110-192.168.001.103.33846 > 192.168.001.103.33846-065.032.005.052.00110 > 192.168.001.103.33847-065.032.005.052.00110 > > Now that I know the specifics of From and To about the traffic, how does that > help me in terms of identifying the offending process IDs? You're talking to port 110 (POP3) on pop-server2.cfl.rr.com... look for POP3 clients? -- Pigeon Be kind to pigeons Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x21C61F7F
Attachment:
signature.asc
Description: Digital signature