Identifying and Stopping Unwanted Net Traffic
Miner, Jonathan W (US SSA)
jonathan.w.miner at baesystems.com
Wed Jun 24 19:34:44 UTC 2009
Add the -p option to netstat, and you'll see the program name.
Since your source port is "80", it sounds like you're running a webserver. If you're not running a webserver... then something else is on that port!
-----Original Message-----
From: redhat-list-bounces at redhat.com on behalf of Krautkramer, John
Sent: Wed 6/24/2009 1:38 PM
To: redhat-list at redhat.com
Cc:
Subject: Identifying and Stopping Unwanted Net Traffic
Hi,
I have a machine running RHEL5.0 that is clogging up my network
connection sporadically. Below is the output of "netstat -tn" while the
machine is acting up.
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State
tcp 0 1 192.168.1.41:55200 66.102.7.100:80
FIN_WAIT1
tcp 0 1 192.168.1.41:35291 66.102.7.101:80
FIN_WAIT1
tcp 0 0 192.168.1.41:46541 85.17.35.51:80
ESTABLISHED
tcp 0 1 192.168.1.41:42623 66.102.7.100:80
FIN_WAIT1
tcp 0 0 192.168.1.41:55673 66.102.7.97:443
ESTABLISHED
tcp 0 96876 ::ffff:192.168.1.41:80
::ffff:211.125.38.105:55594 ESTABLISHED
tcp 0 116532 ::ffff:192.168.1.41:80
::ffff:211.125.38.105:55628 ESTABLISHED
I believe it's the last 2 entries that are the problem. How do I
determine what these are and what on the system is generating the
traffic? I've also observed the Foreign Address is not always the same.
Today the problem addresses are different.
I know the solution is to find what is causing the traffic if I can, but
in the mean time, is there a way to block the traffic? I tried blocking
it at the DNS server with OpenDNS but they don't accept the IPV6
addresses.
Any ideas would be greatly appreciated!
John
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=subscribe
https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list