Re: log outbound port 80 connections

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, Feb 05, 2008, Tony Schreiner wrote:
>
>On Feb 5, 2008, at 12:15 PM, John R Pierce wrote:
>
>>Tony Schreiner wrote:
>>>Is there a way to log outbound connections to a specific port (80)?
>>>CentOS 4.6.
>>
>>
>>assuming you want to log user web browsing traffic, configuring a  
>>Squid transparent proxy at your network border would be the best  
>>way.  its logfiles are quite similar to those of a webserver, so  
>>you can use a wide range of log analysis tools.
>>
>
>To get more specific about what's going on.  My network services have  
>informed me that the machine is probing other systems at a high rate.  
>An infection of some sort. And I'm trying to track down what's going on.

In that case, you might want to use ``lsof -i :80'' to see
processes using port 80.  Once one has an interesting PID, then
using ``lsof -p PID'' will show everything that process is using
including the full path to the executing program.

Bill
--
INTERNET:   bill@xxxxxxxxxxxxx  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
FAX:            (206) 232-9186  Mercer Island, WA 98040-0820; (206) 236-1676

The only logical reason to take guns away from responsible people is to
give irresponsible people an edge in the perpetration of their crimes
against us. -- The Idaho Observer, Vol. 1, No. 2 February 1997
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux