On 03/12/2020 00:02, home user wrote:
(I sent this to the list three times in the past two days; it apparently never arrived, and it did not bounce.) I rebooted, and did a few netstat's and an iftop while the workstation was "quiet". I pasted output from 2 netstat runs into a text file. I paused the iftop display many times to grab line pairs of interest, and pasted those into the text file that has the netstat runs. The text file is attached. Most of the entries in the iftop display involve comcast, my internet service provider. Quite a few unexpected addresses also show up in iftop. A few questions come to mind... A few years ago, I saw in the system journal numerous log-in attempts by outsiders from all over the world, and opened a thread about that. Now such attempts are blocked by the firewall. If an outsider tries to communicate with my workstation, and the firewall blocks the attempt, will the attempt show up in the network activity panel of ksysguard? Will that attempt show up in the iftop display?
Well, it is really difficult to determine the source of those small packets. You may want to run iftop with -Pn to make sure the port numbers are listed. Thing suchs as c-98-245-12-4.hsd1.co.comcast.net => no-mans-land.m247.com 0b 54b 14b are meaningless without a port. Also, if one does a lookup they would see... [egreshko@meimei etc]$ host no-mans-land.m247.com Host no-mans-land.m247.com not found: 3(NXDOMAIN) So, what is the real IP address of that hostname? And how did your system come up with that name.... The best tool for this is "wireshark" and capturing network activity with filters on maybe one IP address which appears most often. Also, go back and run "lastb" to make sure your firewall is actually blocking incoming logins. It also makes things difficult for others to diagnose without a clear understanding of your network topology. Is the host directly connected to the Internet with public IP addresses? Running IPv4 and IPv6? Is the host behind a router and using NAT? etc.... --- The key to getting good answers is to ask good questions. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
