-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/07/12 15:55, Tom H wrote: > On Fri, Jul 6, 2012 at 10:29 AM, Anne Wilson > <[log in to unmask]> wrote: >> On 06/07/12 14:08, Mark Stodola wrote: >>> On 07/06/2012 04:06 AM, Anne Wilson wrote: Logwatch on my >>> laptop tells me >>> >>> Listed by source hosts: Dropped 30 packets on interface eth0 >>> From 192.168.0.40 - 30 packets to tcp(38575) >>> >>> 192.168.0.40 is a mail/file/print server running SL. It may >>> also be relevant that the laptop has fstab mounts to data areas >>> on the server. >>> >>> I feel that there must be some way I can trace what is >>> actually sending those packets, so that I can make an >>> assessment, but I've no idea how/where to look. I see that >>> it's an unallocated address, so I've no pointer at all. >>> >>> Where should I start looking? >>> >>> Anne >>> >>> If the connection is still active, you can use a combination >>> of 'netstat -na' and/or 'lsof -nP -i4' to find the process >>> owning the connection. If it isn't, it will be difficult to >>> track down without fancier logging/capturing tools. You >>> mentioned remote mounts, but not what method (CIFS, NFS, etc). >>> If it is NFS, pseudo-random ports are chosen for the client >>> connections and may be your culprit. >>> >> It is indeed NFS. The logs show ~6 of these high-number >> allocated ports listening, so you could well be right. Is there >> any way to confirm that? I have several nfs mounts in fstab. >> One for each mount probably explains it. > > If it's ifs, you can set the ports to known values through > "/etc/sysconfig/nfs" and then see whether it's one of these ports > that's used. OK - I had left the defaults, which it does say is random for the outgoing port. I've restarted nfs, now I have to wait until Saturday morning, to see whether tomorrow's log is clean :-) Thanks for all the help - I'll report back. Anne -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/3Aw4ACgkQj93fyh4cnBd24QCfcr4cqyR3CLP0X4y/1SWBZMyh yJ8An1qHrywE2rjfTYQ2OOEISGJmh/Xt =QdqM -----END PGP SIGNATURE-----