Identifying and Stopping Unwanted Net Traffic

Miner, Jonathan W (US SSA) jonathan.w.miner at baesystems.com
Wed Jun 24 19:34:44 UTC 2009


Add the -p option to netstat, and you'll see the program name.

Since your source port is "80", it sounds like you're running a webserver.  If you're not running a webserver... then something else is on that port!


-----Original Message-----
From:	redhat-list-bounces at redhat.com on behalf of Krautkramer, John
Sent:	Wed 6/24/2009 1:38 PM
To:	redhat-list at redhat.com
Cc:	
Subject:	Identifying and Stopping Unwanted Net Traffic

Hi,

 

I have a machine running RHEL5.0 that is clogging up my network
connection sporadically. Below is the output of "netstat -tn" while the
machine is acting up.

 

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address               Foreign Address
State      
tcp        0      1 192.168.1.41:55200          66.102.7.100:80
FIN_WAIT1   
tcp        0      1 192.168.1.41:35291          66.102.7.101:80
FIN_WAIT1   
tcp        0      0 192.168.1.41:46541          85.17.35.51:80
ESTABLISHED 
tcp        0      1 192.168.1.41:42623          66.102.7.100:80
FIN_WAIT1   
tcp        0      0 192.168.1.41:55673          66.102.7.97:443
ESTABLISHED 
tcp        0  96876 ::ffff:192.168.1.41:80
::ffff:211.125.38.105:55594 ESTABLISHED 
tcp        0 116532 ::ffff:192.168.1.41:80
::ffff:211.125.38.105:55628 ESTABLISHED 

 

I believe it's the last 2 entries that are the problem. How do I
determine what these are and what on the system is generating the
traffic? I've also observed the Foreign Address is not always the same.
Today the problem addresses are different.

 

I know the solution is to find what is causing the traffic if I can, but
in the mean time, is there a way to block the traffic? I tried blocking
it at the DNS server with OpenDNS but they don't accept the IPV6
addresses.

 

Any ideas would be greatly appreciated!

 

John 

 

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=subscribe
https://www.redhat.com/mailman/listinfo/redhat-list





More information about the redhat-list mailing list