netstat -ntplu :) On Wed, Jun 24, 2009 at 4:34 PM, Miner, Jonathan W (US SSA)<jonathan.w.miner@xxxxxxxxxxxxxx> wrote: > Add the -p option to netstat, and you'll see the program name. > > Since your source port is "80", it sounds like you're running a webserver. If you're not running a webserver... then something else is on that port! > > > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx on behalf of Krautkramer, John > Sent: Wed 6/24/2009 1:38 PM > To: redhat-list@xxxxxxxxxx > Cc: > Subject: Identifying and Stopping Unwanted Net Traffic > > Hi, > > > > I have a machine running RHEL5.0 that is clogging up my network > connection sporadically. Below is the output of "netstat -tn" while the > machine is acting up. > > > > Active Internet connections (w/o servers) > Proto Recv-Q Send-Q Local Address Foreign Address > State > tcp 0 1 192.168.1.41:55200 66.102.7.100:80 > FIN_WAIT1 > tcp 0 1 192.168.1.41:35291 66.102.7.101:80 > FIN_WAIT1 > tcp 0 0 192.168.1.41:46541 85.17.35.51:80 > ESTABLISHED > tcp 0 1 192.168.1.41:42623 66.102.7.100:80 > FIN_WAIT1 > tcp 0 0 192.168.1.41:55673 66.102.7.97:443 > ESTABLISHED > tcp 0 96876 ::ffff:192.168.1.41:80 > ::ffff:211.125.38.105:55594 ESTABLISHED > tcp 0 116532 ::ffff:192.168.1.41:80 > ::ffff:211.125.38.105:55628 ESTABLISHED > > > > I believe it's the last 2 entries that are the problem. How do I > determine what these are and what on the system is generating the > traffic? I've also observed the Foreign Address is not always the same. > Today the problem addresses are different. > > > > I know the solution is to find what is causing the traffic if I can, but > in the mean time, is there a way to block the traffic? I tried blocking > it at the DNS server with OpenDNS but they don't accept the IPV6 > addresses. > > > > Any ideas would be greatly appreciated! > > > > John > > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=subscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
