On Friday 14 May 2004 12:17, azeem ahmad wrote: > hi all > i m havingg a continous upload on port 25 but i m unable to know which ip > from my network is uploading on port 25. i saw on iptraf that some one is > continously uploading on 25. the hardware addresss that iptraf is showing > isnt really on my LAN but the traffic is coming from my LAN > how can i find out the real hardware address or ip of the machine uploading iptraf is a useful tool for some purposes, but here tcpdump would be more appropriate. Install it, and try tcpdump -n port 25 You may need to specify the eth device with "-i eth0" etc. It should be obvious very quickly which address on your LAN is generating the traffic (the machine will almost certainly be a Windows box with a virus).
