On Mon, 8 Apr 2002, Benjamin Stocker wrote: > On a webserver I maintain, there is a process trying to connect to another > external address from time to time. The process must be started by a > customer's web script but I cannot find it. The communication looks like this: > > 194.125.250.21:xxxx --> 192.168.10.94:80 Benjamin, Try using ethereal http://www.ethereal.com/ with the appropriate filter Also, you could try something like tcpdump -l -w - -s1500 -i eth[n] tcp port xxxx \ and src host 194.125.250.21 \ and dst host 192.168.10.94 | tee tcpdump.log | strings & come back later and check tcpdump.log hope this helps : ) David Correa Public Key http://www.linux-tech.com/linuxtech.asc Key fingerprint 7F2C E072 479D 71B4 008B 373E A284 8CDE 7659 F5D8 ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
