Subject: | |
From: | |
Reply To: | |
Date: | Fri, 6 Jul 2012 08:08:57 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
On 07/06/2012 04:06 AM, Anne Wilson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Logwatch on my laptop tells me
>
> Listed by source hosts:
> Dropped 30 packets on interface eth0
> From 192.168.0.40 - 30 packets to tcp(38575)
>
> 192.168.0.40 is a mail/file/print server running SL. It may also be
> relevant that the laptop has fstab mounts to data areas on the server.
>
> I feel that there must be some way I can trace what is actually
> sending those packets, so that I can make an assessment, but I've no
> idea how/where to look. I see that it's an unallocated address, so
> I've no pointer at all.
>
> Where should I start looking?
>
> Anne
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk/2qpMACgkQj93fyh4cnBeQlQCggnN/Spo5TubvCrXtCogKVTiJ
> VWQAnReuFaQpTA9pJOFweO5K40tPBuUM
> =vRqk
> -----END PGP SIGNATURE-----
If the connection is still active, you can use a combination of 'netstat
-na' and/or 'lsof -nP -i4' to find the process owning the connection.
If it isn't, it will be difficult to track down without fancier
logging/capturing tools. You mentioned remote mounts, but not what
method (CIFS, NFS, etc). If it is NFS, pseudo-random ports are chosen
for the client connections and may be your culprit.
-Mark
--
Mr. Mark V. Stodola
Senior Control Systems Engineer
National Electrostatics Corp.
P.O. Box 620310
Middleton, WI 53562-0310 USA
Phone: (608) 831-7600
Fax: (608) 831-9591
|
|
|