Identifying and Stopping Unwanted Net Traffic

[Krautkramer, John]

Hi,

 

I have a machine running RHEL5.0 that is clogging up my network
connection sporadically. Below is the output of "netstat -tn" while the
machine is acting up.

 

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address               Foreign Address
State      
tcp        0      1 192.168.1.41:55200          66.102.7.100:80
FIN_WAIT1   
tcp        0      1 192.168.1.41:35291          66.102.7.101:80
FIN_WAIT1   
tcp        0      0 192.168.1.41:46541          85.17.35.51:80
ESTABLISHED 
tcp        0      1 192.168.1.41:42623          66.102.7.100:80
FIN_WAIT1   
tcp        0      0 192.168.1.41:55673          66.102.7.97:443
ESTABLISHED 
tcp        0  96876 ::ffff:192.168.1.41:80
::ffff:211.125.38.105:55594 ESTABLISHED 
tcp        0 116532 ::ffff:192.168.1.41:80
::ffff:211.125.38.105:55628 ESTABLISHED 

 

I believe it's the last 2 entries that are the problem. How do I
determine what these are and what on the system is generating the
traffic? I've also observed the Foreign Address is not always the same.
Today the problem addresses are different.

 

I know the solution is to find what is causing the traffic if I can, but
in the mean time, is there a way to block the traffic? I tried blocking
it at the DNS server with OpenDNS but they don't accept the IPV6
addresses.

 

Any ideas would be greatly appreciated!

 

John