-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/07/12 15:55, Tom H wrote:
> On Fri, Jul 6, 2012 at 10:29 AM, Anne Wilson
> <[log in to unmask]> wrote:
>> On 06/07/12 14:08, Mark Stodola wrote:
>>> On 07/06/2012 04:06 AM, Anne Wilson wrote: Logwatch on my
>>> laptop tells me
>>>
>>> Listed by source hosts: Dropped 30 packets on interface eth0
>>> From 192.168.0.40 - 30 packets to tcp(38575)
>>>
>>> 192.168.0.40 is a mail/file/print server running SL. It may
>>> also be relevant that the laptop has fstab mounts to data areas
>>> on the server.
>>>
>>> I feel that there must be some way I can trace what is
>>> actually sending those packets, so that I can make an
>>> assessment, but I've no idea how/where to look. I see that
>>> it's an unallocated address, so I've no pointer at all.
>>>
>>> Where should I start looking?
>>>
>>> Anne
>>>
>>> If the connection is still active, you can use a combination
>>> of 'netstat -na' and/or 'lsof -nP -i4' to find the process
>>> owning the connection. If it isn't, it will be difficult to
>>> track down without fancier logging/capturing tools. You
>>> mentioned remote mounts, but not what method (CIFS, NFS, etc).
>>> If it is NFS, pseudo-random ports are chosen for the client
>>> connections and may be your culprit.
>>>
>> It is indeed NFS. The logs show ~6 of these high-number
>> allocated ports listening, so you could well be right. Is there
>> any way to confirm that? I have several nfs mounts in fstab.
>> One for each mount probably explains it.
>
> If it's ifs, you can set the ports to known values through
> "/etc/sysconfig/nfs" and then see whether it's one of these ports
> that's used.
OK - I had left the defaults, which it does say is random for the
outgoing port. I've restarted nfs, now I have to wait until Saturday
morning, to see whether tomorrow's log is clean :-)
Thanks for all the help - I'll report back.
Anne
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk/3Aw4ACgkQj93fyh4cnBd24QCfcr4cqyR3CLP0X4y/1SWBZMyh
yJ8An1qHrywE2rjfTYQ2OOEISGJmh/Xt
=QdqM
-----END PGP SIGNATURE-----
|