On 07/06/2012 04:06 AM, Anne Wilson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Logwatch on my laptop tells me
>
> Listed by source hosts:
>   Dropped 30 packets on interface eth0
>     From 192.168.0.40 - 30 packets to tcp(38575)
>
> 192.168.0.40 is a mail/file/print server running SL.  It may also be
> relevant that the laptop has fstab mounts to data areas on the server.
>
> I feel that there must be some way I can trace what is actually
> sending those packets, so that I can make an assessment, but I've no
> idea how/where to look.  I see that it's an unallocated address, so
> I've no pointer at all.
>
> Where should I start looking?
>
> Anne
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk/2qpMACgkQj93fyh4cnBeQlQCggnN/Spo5TubvCrXtCogKVTiJ
> VWQAnReuFaQpTA9pJOFweO5K40tPBuUM
> =vRqk
> -----END PGP SIGNATURE-----

If the connection is still active, you can use a combination of 'netstat 
-na' and/or 'lsof -nP -i4' to find the process owning the connection. 
If it isn't, it will be difficult to track down without fancier 
logging/capturing tools.  You mentioned remote mounts, but not what 
method (CIFS, NFS, etc).  If it is NFS, pseudo-random ports are chosen 
for the client connections and may be your culprit.

-Mark

-- 
Mr. Mark V. Stodola
Senior Control Systems Engineer

National Electrostatics Corp.
P.O. Box 620310
Middleton, WI 53562-0310 USA
Phone: (608) 831-7600
Fax: (608) 831-9591