Identifying and Stopping Unwanted Net Traffic
Krautkramer, John
John.Krautkramer at micrel.com
Wed Jun 24 17:38:16 UTC 2009
Hi,
I have a machine running RHEL5.0 that is clogging up my network
connection sporadically. Below is the output of "netstat -tn" while the
machine is acting up.
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State
tcp 0 1 192.168.1.41:55200 66.102.7.100:80
FIN_WAIT1
tcp 0 1 192.168.1.41:35291 66.102.7.101:80
FIN_WAIT1
tcp 0 0 192.168.1.41:46541 85.17.35.51:80
ESTABLISHED
tcp 0 1 192.168.1.41:42623 66.102.7.100:80
FIN_WAIT1
tcp 0 0 192.168.1.41:55673 66.102.7.97:443
ESTABLISHED
tcp 0 96876 ::ffff:192.168.1.41:80
::ffff:211.125.38.105:55594 ESTABLISHED
tcp 0 116532 ::ffff:192.168.1.41:80
::ffff:211.125.38.105:55628 ESTABLISHED
I believe it's the last 2 entries that are the problem. How do I
determine what these are and what on the system is generating the
traffic? I've also observed the Foreign Address is not always the same.
Today the problem addresses are different.
I know the solution is to find what is causing the traffic if I can, but
in the mean time, is there a way to block the traffic? I tried blocking
it at the DNS server with OpenDNS but they don't accept the IPV6
addresses.
Any ideas would be greatly appreciated!
John
More information about the redhat-list
mailing list