Re: netstat

Thanks! On Friday, September 21, 2018 02:10:40 PM Reco wrote: > On Fri, Sep 21, 2018 at 01:52:00PM -0400, rhkra...@gmail.com wrote: > > What is that telling me

Re: netstat

Hi. On Fri, Sep 21, 2018 at 01:52:00PM -0400, rhkra...@gmail.com wrote: > On Friday, September 21, 2018 08:55:21 AM Henning Follmann wrote: > > Run a netstat -t -l and you will see there is nothing listening. So what is > > the point of running a firewall? > >

netstat (was: Re: Why does Debian allow all incoming traffic by default)

On Friday, September 21, 2018 08:55:21 AM Henning Follmann wrote: > Run a netstat -t -l and you will see there is nothing listening. So what is > the point of running a firewall? I'm not the OP, but I decided to play along and run: root@s19:~# netstat -t -l Active Internet connec

Re: w, who, finger, last, and netstat and ipv6

Hi Michael, On Sun, Jul 24, 2016 at 12:08:34AM +0100, Michael Grant wrote: > > > % who > > > mgrant pts/12016-07-18 06:15 (2a00:S.1) > > > > I type "who" on Debian jessie and I do get the full IPv6 address: > > > > $ who > > andy pts/62016-07-23 01:42 (2001:ba8:1f1:f019::2)

Re: w, who, finger, last, and netstat and ipv6

I just figured out what is going on. The problem is gnu screen. It's screen that's truncating the address. When login and don't reattach to my screen, I get the full address and "PROCPS_FROMLEN=40 w" prints the expected full address.

Re: w, who, finger, last, and netstat and ipv6

uot; option to put the hostname/IP at the end does allow > it to be of arbitrary length: > > $ last -a > andy pts/6Sat Jul 23 01:42 still logged in > 2001:ba8:1f1:f019::2 last -a and netstat --wide do help, thanks for that!

Re: w, who, finger, last, and netstat and ipv6

On Sat, Jul 23, 2016 at 01:53:07AM +, Andy Smith wrote: > On Fri, Jul 22, 2016 at 11:57:32PM +0100, Michael Grant wrote: > > netstat does a little better still but not much: > > > > tcp6 0 2640 2600:3c00:::9:22 2a00:23c4:6d10:4d:36663 > > EST

Re: w, who, finger, last, and netstat and ipv6

e "-a" option to put the hostname/IP at the end does allow it to be of arbitrary length: $ last -a andy pts/6Sat Jul 23 01:42 still logged in2001:ba8:1f1:f019::2 > > netstat does a little better still but not much: > > tcp6 0 2640 2600:3c00:::

w, who, finger, last, and netstat and ipv6

better, it truncates at 16 characters: mgrant pts/02a00:23c4:6d10:4 Fri Jul 22 18:04:00 2016 still logged in netstat does a little better still but not much: tcp6 0 2640 2600:3c00:::9:22 2a00:23c4:6d10:4d:36663 ESTABLISHED 12345/sshd: mgrant It seems near impossible to find ou

Re: netstat performance

On Ma, 05 iul 11, 18:13:06, William Hopkins wrote: > > The primary reasons are 1) reliability separate from your ISP and 2) verified > correct results without NXDOMAIN spam and other such things. [...] > Please believe point 2 is based in verified and somewhat commonly-known fact, > and not pa

Re: netstat performance

On Tue 05 Jul 2011 at 18:13:06 -0400, William Hopkins wrote: > The primary reasons are 1) reliability separate from your ISP and 2) verified > correct results without NXDOMAIN spam and other such things. For 1, although > your ISPs routers may be up their DNS may go down or become incorrectly > co

Re: netstat performance

On 07/05/11 at 11:18pm, Brian wrote: > On Tue 05 Jul 2011 at 22:09:38 +0300, Andrei POPESCU wrote: > > > [snip recursive explanation] > > It was a really good explanation, wasn't it? > > > > Thanks a lot for this explanation, DNS is still a bit like dark magic to > > me :) > > I suspect you ma

Re: netstat performance

On Tue 05 Jul 2011 at 22:09:38 +0300, Andrei POPESCU wrote: > [snip recursive explanation] It was a really good explanation, wasn't it? > > Thanks a lot for this explanation, DNS is still a bit like dark magic to > me :) I suspect you may be doing yourself an injustice. :) > My understanding

Re: netstat performance

On 07/05/11 at 10:09pm, Andrei POPESCU wrote: > On Sb, 02 iul 11, 12:23:39, William Hopkins wrote: > > On 07/02/11 at 02:06pm, Andrei POPESCU wrote: > > > On Sb, 02 iul 11, 09:35:35, Erwan David wrote: > > > > > > > > That's what I do : I have unbound locally for recursive, and it caches > > > > f

Re: netstat performance

On Sb, 02 iul 11, 12:23:39, William Hopkins wrote: > On 07/02/11 at 02:06pm, Andrei POPESCU wrote: > > On Sb, 02 iul 11, 09:35:35, Erwan David wrote: > > > > > > That's what I do : I have unbound locally for recursive, and it caches > > > for the local network + bind for authoritative. > > > > No

Re: netstat performance

On 07/02/11 at 02:06pm, Andrei POPESCU wrote: > On Sb, 02 iul 11, 09:35:35, Erwan David wrote: > > > > That's what I do : I have unbound locally for recursive, and it caches > > for the local network + bind for authoritative. > > Not sure what "recursive" means [...] Recursive queries are what a

Re: netstat performance

On Sb, 02 iul 11, 09:35:35, Erwan David wrote: > > That's what I do : I have unbound locally for recursive, and it caches > for the local network + bind for authoritative. Not sure what "recursive" means, but dnsmasq shines on your gateway, where it can provide DHCP too and make sure your local

Re: netstat performance

On 01/07/11 23:21, William Hopkins wrote: > On 07/02/11 at 12:01am, Andrei POPESCU wrote: >> On Mi, 29 iun 11, 20:08:16, Brian wrote: >>> On Wed 29 Jun 2011 at 12:22:26 -0600, Glenn English wrote: >>> For a good time, 'apt-get install bind' :-) >>> >>> For an even better time (and to escape

Re: netstat performance

On Sat 02 Jul 2011 at 00:01:29 +0300, Andrei POPESCU wrote: > If caching is all you need then > > apt-get install dnsmasq I quite like unbound's DNSSEC aspect. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@li

Re: netstat performance

On 07/02/11 at 12:01am, Andrei POPESCU wrote: > On Mi, 29 iun 11, 20:08:16, Brian wrote: > > On Wed 29 Jun 2011 at 12:22:26 -0600, Glenn English wrote: > > > > > For a good time, 'apt-get install bind' :-) > > > > For an even better time (and to escape the monoculture) > > > >apt-get install

Re: netstat performance

On Mi, 29 iun 11, 20:08:16, Brian wrote: > On Wed 29 Jun 2011 at 12:22:26 -0600, Glenn English wrote: > > > For a good time, 'apt-get install bind' :-) > > For an even better time (and to escape the monoculture) > >apt-get install unbound If caching is all you need then apt-get install

Re: netstat performance

On Wed 29 Jun 2011 at 16:36:51 -0400, William Hopkins wrote: > Agreed, I was just replying to your monoculture comment.. running a local > recursive server is still a great idea (and thread contribution). Sorry if I > implied otherwise! I didn't take it that way. You made a fair technical point a

Re: netstat performance

On 06/29/11 at 08:44pm, Brian wrote: > On Wed 29 Jun 2011 at 15:27:53 -0400, William Hopkins wrote: > > > Monoculture is one thing, but that is not a comparable product. Unbound is > > for > > recursive-only, so you can't have your own zone. > > Within the context of the thread I thought it a go

Re: netstat performance

On Jun 29, 2011, at 1:27 PM, William Hopkins wrote: > Also, the Debian package name for ISC BIND is bind9. Good point, well taken. Oops... -- Glenn English -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.d

Re: netstat performance

On Wed 29 Jun 2011 at 15:27:53 -0400, William Hopkins wrote: > Monoculture is one thing, but that is not a comparable product. Unbound is for > recursive-only, so you can't have your own zone. Within the context of the thread I thought it a good fit and worth a mention. -- To UNSUBSCRIBE, ema

Re: netstat performance

On 06/29/11 at 08:08pm, Brian wrote: > On Wed 29 Jun 2011 at 12:22:26 -0600, Glenn English wrote: > > > For a good time, 'apt-get install bind' :-) > > For an even better time (and to escape the monoculture) > >apt-get install unbound Monoculture is one thing, but that is not a comparable p

Re: netstat performance

On Wed 29 Jun 2011 at 12:22:26 -0600, Glenn English wrote: > For a good time, 'apt-get install bind' :-) For an even better time (and to escape the monoculture) apt-get install unbound :-) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". T

Re: netstat performance

On Jun 29, 2011, at 11:51 AM, William Hopkins wrote: > On 06/29/11 at 10:15am, ChadDavis wrote: >> Not a big deal, but just made me think. Surely the name resolution >> isn't that costly is it? > > Depends on latency and distance to your DNS server, how long it takes the DNS > server to perform

Re: netstat performance

On 06/29/11 at 10:15am, ChadDavis wrote: > I notice that the following two invocations of netstat have > drastically different execution times: > > netstat > > netstat -n > > > When you just use numerical addresses, it executes almost instantly, > but with the

Re: netstat performance

On Wed, 29 Jun 2011 10:15:58 -0600, ChadDavis wrote: > I notice that the following two invocations of netstat have drastically > different execution times: > > netstat > > netstat -n > > > When you just use numerical addresses, it executes almost instantly, but

netstat performance

I notice that the following two invocations of netstat have drastically different execution times: netstat netstat -n When you just use numerical addresses, it executes almost instantly, but with the domain names and whatever you call those logical names for the port numbers, such as 'www

Re: 'netstat -tu' shows unexpected outbound connection

Yuelin Li wrote: > "netstat -tu" shows a connection to 172.22.202:microsoft-ds. 172.22 is part of rfc1918 address space, and therefore cannot be anywhere other than on your own network (or, I suppose, your ISP's network). > Proto Recv-Q Send-Q Local AddressForeign

Re: 'netstat -tu' shows unexpected outbound connection

I found out why. The outbound IP address belongs to a Windows NT machine for a shared drive. My paranoia. Yuelin. -- Yuelin Li wrote --|Mon (Nov/15/2010)[04:42]|--: "netstat -tu" shows a connection to 172.22.202:microsoft-ds. This connection is there all the time, even af

'netstat -tu' shows unexpected outbound connection

"netstat -tu" shows a connection to 172.22.202:microsoft-ds. This connection is there all the time, even after I have closed all web browers and network connections I know of. I still can't think of any reason why I am connected to 172.22.202.*. My firestarter GUI shows the full I

Re: netstat (was Re: Torrents killing my conection)

On 06/20/2010 08:07 PM, Huang, Tao wrote: On Mon, Jun 21, 2010 at 2:56 AM, Ron Johnson wrote: [snip] Nope, since that also returns tcp6 packets. This does it simplest: $ netstat -ant4 so you are not taking use of ipv6 p2p. Should I be? After all, my ISP only uses IPv4 for consumer HSI

Re: netstat (was Re: Torrents killing my conection)

On Mon, Jun 21, 2010 at 2:56 AM, Ron Johnson wrote: [snip] > Nope, since that also returns tcp6 packets.  This does it simplest: > $ netstat -ant4 so you are not taking use of ipv6 p2p. Tao -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "

netstat (was Re: Torrents killing my conection)

On 06/20/2010 10:27 AM, Huang, Tao wrote: On Sun, Jun 20, 2010 at 6:32 PM, Stan Hoeppner wrote: Ron Johnson put forth on 6/20/2010 1:58 AM: $ netstat -an | grep ^tcp\ | grep -v LISTEN | wc -l 111 You might get a more accurate count of BitTorrent connections with: netstat -an | grep ^tcp

Re: netstat ?

On Wed, Feb 24, 2010 at 12:48:32PM +0100, Javier Barroso wrote: > 2010/2/24 Hadi Motamedi : > > > > > >> Date: Wed, 24 Feb 2010 10:14:33 + > >> From: j...@debian.org > >> To: debian-user@lists.debian.org > >> Subject: Re: netstat ? >

Re: netstat ?

[Please reply only to the list, as per the CoC.] On Wed, 24 Feb 2010 14:56:48 -0500 Jordan Metzmeier wrote: > On Wed, Feb 24, 2010 at 2:26 PM, Celejar wrote: ... > > In Debian, Wireshark should probably never be run as root, even when > > capturing packets.  See the README.Debian: ... > I a

Re: netstat ?

On Wed, Feb 24, 2010 at 2:26 PM, Celejar wrote: > On Wed, 24 Feb 2010 12:55:31 -0500 > Jordan Metzmeier wrote: > >> On Wed, Feb 24, 2010 at 12:35 PM, Eduardo M KALINOWSKI >> wrote: >> > On Qua, 24 Fev 2010, Jon Dowland wrote: >> >> >> >> What is the actual protocol you are trying to read?  You >

Re: netstat ?

On Wed, 24 Feb 2010 12:55:31 -0500 Jordan Metzmeier wrote: > On Wed, Feb 24, 2010 at 12:35 PM, Eduardo M KALINOWSKI > wrote: > > On Qua, 24 Fev 2010, Jon Dowland wrote: > >> > >> What is the actual protocol you are trying to read?  You > >> probably need to use a friendly protocol dissector to r

Re: netstat ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John Hasler wrote: > Jordan Metzmeier writes: >> Etch security support ended 2010-02-15: >> http://wiki.debian.org/DebianEtch > > A huge slug of Etch security updates came out yesterday. Look at > debian-changes. - From one respective security annou

Re: netstat ?

On Wed, Feb 24, 2010 at 12:35 PM, Eduardo M KALINOWSKI wrote: > On Qua, 24 Fev 2010, Jon Dowland wrote: >> >> What is the actual protocol you are trying to read?  You >> probably need to use a friendly protocol dissector to read >> and interpret your packet capture. Wireshark can do this. >> >>  

Re: netstat ?

On Qua, 24 Fev 2010, Jon Dowland wrote: What is the actual protocol you are trying to read? You probably need to use a friendly protocol dissector to read and interpret your packet capture. Wireshark can do this. # tcpdump src 172.16.4.1 -w output-file $ sudo wireshark output-file Sin

Re: netstat ?

Jordan Metzmeier writes: > Etch security support ended 2010-02-15: > http://wiki.debian.org/DebianEtch A huge slug of Etch security updates came out yesterday. Look at debian-changes. -- John Hasler -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscri

Re: netstat ?

Etch security support ended 2010-02-15: http://wiki.debian.org/DebianEtch On Wed, Feb 24, 2010 at 11:09 AM, John Hasler wrote: > Boyd Stephen Smith Jr. writes: >> I'm not sure if Etch is even supported any more. > > Etch is supported.  It is the current Oldstable. >

Re: netstat ?

Boyd Stephen Smith Jr. writes: > I'm not sure if Etch is even supported any more. Etch is supported. It is the current Oldstable. -- John Hasler -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble?

Re: netstat ?

On Wednesday 24 February 2010 15:41:09 Boyd Stephen Smith Jr. wrote: > Sarge is no longer supported. He hasn't got a security repository, so he probably realises that! Please find below my Debian repository : deb http://archive.debian.org/debian sarge main contrib non-free Lisi -- To UNSUB

Re: netstat ?

In , Hadi Motamedi wrote: >deb http://archive.debian.org/debian sarge main contrib non-free Sarge is no longer supported. I'm not sure if Etch is even supported any more. You need to upgrade to Lenny. -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net

Re: netstat ?

2010/2/24 Hadi Motamedi : > > >> Date: Wed, 24 Feb 2010 10:14:33 + >> From: j...@debian.org >> To: debian-user@lists.debian.org >> Subject: Re: netstat ? >> >> On Wed, Feb 24, 2010 at 08:12:57AM +, Hadi Motamedi >> wrote: >> >

RE: netstat ?

> Date: Wed, 24 Feb 2010 10:14:33 + > From: j...@debian.org > To: debian-user@lists.debian.org > Subject: Re: netstat ? > > On Wed, Feb 24, 2010 at 08:12:57AM +, Hadi Motamedi > wrote: > > But I cannot see any human readable text being captured . > >

Re: netstat ?

On Wed, Feb 24, 2010 at 08:12:57AM +, Hadi Motamedi wrote: > But I cannot see any human readable text being captured . > Can you please correct me what I am doing wrong here ? What is the actual protocol you are trying to read? You probably need to use a friendly protocol dissector to read an

RE: netstat ?

> Date: Wed, 24 Feb 2010 18:44:12 +1100 > Subject: RE: netstat ? > From: t...@clewlow.org > To: debian-user@lists.debian.org > > >> > >> tcpdump host 172.16.4.1 -XX > >> > >> if you want to save the data in a file for later analysi

RE: netstat ?

>> >> tcpdump host 172.16.4.1 -XX >> >> if you want to save the data in a file for later analysis >> >> tcpdump host 172.16.4.1 -XX >> somefile >> >> ** >> >> if you want to know why you are doing this >> >> man tcpdump >> >> Regards, Tim. >> >> >> > > Thank you for your reply . Sorry , Is this

RE: netstat ?

> Date: Wed, 24 Feb 2010 18:17:11 +1100 > Subject: RE: netstat ? > From: t...@clewlow.org > To: debian-user@lists.debian.org > > >> > >> In , Hadi Motamedi > >> wrote: > >> >My Debian server is at @172.16.128.1 and the remote network >

RE: netstat ?

>> >> In , Hadi Motamedi >> wrote: >> >My Debian server is at @172.16.128.1 and the remote network >> element is at >> > @172.16.4.1 , > > Thank you for your reply . Sorry , you mean the tcpdump can be used > to monitor the exchanged packets toward an spesific ip address ? I > thought that it can j

RE: netstat ?

> From: b...@iguanasuicide.net > To: debian-user@lists.debian.org > Subject: Re: netstat ? > Date: Tue, 23 Feb 2010 23:59:41 -0600 > > In , Hadi Motamedi wrote: > >My Debian server is at @172.16.128.1 and the remote network element is at > > @172.16.4.1 , but t

Re: netstat ?

In , Hadi Motamedi wrote: >My Debian server is at @172.16.128.1 and the remote network element is at > @172.16.4.1 , but the 'netstat' does not show the ip address and the > assigned port from my Debian . It just shows many dedicated ports , > assigned with '0.0.0.0:xx&#

netstat ?

Dear All My Debian server is at @172.16.128.1 and the remote network element is at @172.16.4.1 , but the 'netstat' does not show the ip address and the assigned port from my Debian . It just shows many dedicated ports , assigned with '0.0.0.0:xx' format . Can you please l

Re: netstat output

Israel Garcia > wrote: >> server:~# netstat -tulp >> Active Internet connections (only servers) >> Proto Recv-Q Send-Q Local Address Foreign Address State >> PID/Program name >> tcp 0 0 *:mysql *:* LISTEN

Re: netstat output

On Sat, Sep 19, 2009 at 3:50 AM, Israel Garcia wrote: > netstat output: > > server:~# netstat  -tulp > Active Internet connections (only servers) > Proto Recv-Q Send-Q Local Address           Foreign Address > State       PID/Program name > tcp        0      0 *:mysql        

netstat output

netstat output: server:~# netstat -tulp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 *:mysql *:* LISTEN 14399/mysqld tcp0 0 server.domain.:www

Re: netstat output evidence of a cracker?

Hi, On Sun, Nov 11, 2007 at 06:34:12AM -0600, Hugo Vanwoerkom wrote: > John Hasler wrote: >> Robert Hodgins writes: >>> Gibosn's site scans the first 1056 ports. >> >> By default. It will scan them all if you tell it to. > > That's a good hint! > I get: > You are from Oaxaca De Juárez, 20, in th

Re: netstat output evidence of a cracker?

Adam Hardy wrote: One routine check that I do on my webserver to check it's OK is netstat, and this time it looks like I was under attack from some muppet out there via what seems to be a brute force attempt to crack my ssh login. (We're all seeing this all the time.) Trying to

Re: netstat output evidence of a cracker?

Hugo writes: > You are from Oaxaca De Juárez, 20, in the MX, with an ip of > xxx.xx.xxx.xxx Do I care that that is public info? If you do you better get off the Net. He's guessing the location from the IP, which is in every packet you send. -- John Hasler

Re: netstat output evidence of a cracker?

John Hasler wrote: Robert Hodgins writes: Gibosn's site scans the first 1056 ports. By default. It will scan them all if you tell it to. That's a good hint! I get: You are from Oaxaca De Juárez, 20, in the MX, with an ip of xxx.xx.xxx.xxx Do I care that that is public info? Hugo -- To UN

Re: netstat output evidence of a cracker?

Robert Hodgins writes: > Gibosn's site scans the first 1056 ports. By default. It will scan them all if you tell it to. -- John Hasler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: netstat output evidence of a cracker?

> That would be Steve Gibsons's site, that I've often used. > http://www.grc.com Gibosn's site scans the first 1056 ports. This site (http://www.auditmypc.com/firewall-test.asp) scans up to 65535. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact

Re: netstat output evidence of a cracker?

Nigel writes: > That would be Steve Gibsons's site, that I've often used. > http://www.grc.com That's a convenient way to run nmap remotely but don't pay attention to his advice about security. -- John Hasler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Troub

Re: netstat output evidence of a cracker?

On Saturday 10 November 2007 22:40, Gabriel Parrondo wrote: > El sáb, 10-11-2007 a las 12:46 +, Adam Hardy escribió: > [...] > > > I can't see anything running on the server now that might be using those > > ports, but then if it's rootkitted, I wouldn't would I? Is there a > > website out ther

Re: netstat output evidence of a cracker?

On 11/10/2007 04:40 PM, Gabriel Parrondo wrote: > El sáb, 10-11-2007 a las 12:46 +, Adam Hardy escribió: > [...] >> I can't see anything running on the server now that might be using those >> ports, but then if it's rootkitted, I wouldn't would I? Is there a >> website out there that I can us

Re: netstat output evidence of a cracker?

El sáb, 10-11-2007 a las 12:46 +, Adam Hardy escribió: [...] > > I can't see anything running on the server now that might be using those > ports, but then if it's rootkitted, I wouldn't would I? Is there a > website out there that I can use from outside my firewall which I can > get a good

Re: netstat output evidence of a cracker?

On Saturday 10 November 2007 04:46, Adam Hardy wrote: > One routine check that I do on my webserver to check it's OK is netstat, > and this time it looks like I was under attack from some muppet out > there via what seems to be a brute force attempt to crack my ssh login. > >

netstat output evidence of a cracker?

One routine check that I do on my webserver to check it's OK is netstat, and this time it looks like I was under attack from some muppet out there via what seems to be a brute force attempt to crack my ssh login. Trying to understand the info, what is the foreign address - is tha

Re: netstat

Mankuthimma on 18/02/06 02:19, wrote: On 2/18/06, *Adam Hardy* <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote: I use netstat to check what's going on with the ports on my hosted server each night, and I have got this entry (see below, last on the list).

netstat

I use netstat to check what's going on with the ports on my hosted server each night, and I have got this entry (see below, last on the list). This has occurred 3 days in a row now. This is not a user, and I have jakarta-tomcat running a java appserver on that HTTPS port. I can'

Re: netstat output

Adam Hardy wrote: Is this some brute force dictionary attack in progress on my webserver? The full foreign address is zns551-ga01a.us.yokogawa.com. Those nasty people in Yokogawa! Original Message Date: Thu, 22 Dec 2005 05:00:07 + (GMT) Active Internet connections (serve

netstat output

Is this some brute force dictionary attack in progress on my webserver? The full foreign address is zns551-ga01a.us.yokogawa.com. Those nasty people in Yokogawa! Original Message Date: Thu, 22 Dec 2005 05:00:07 + (GMT) Active Internet connections (servers and established)

Re: Interesting netstat results

On Sun, Jul 04, 2004 at 01:40:37AM -0500, Jacob S. wrote: > On Sun, 4 Jul 2004 08:29:07 +0200 > David Fokkema <[EMAIL PROTECTED]> wrote: > > > On Sun, Jul 04, 2004 at 01:15:22AM -0500, Jacob S. wrote: > > > > But, looking at the output of netstat, I

Re: Interesting netstat results

On Sun, 4 Jul 2004 02:37:50 -0400 Chris Metzler <[EMAIL PROTECTED]> wrote: > On Sun, 4 Jul 2004 01:15:22 -0500 > "Jacob S." <[EMAIL PROTECTED]> wrote: > > But, looking at the output of netstat, I noticed the following > > entry: > > > > Active

Re: Interesting netstat results

On Sun, 4 Jul 2004 08:29:07 +0200 David Fokkema <[EMAIL PROTECTED]> wrote: > On Sun, Jul 04, 2004 at 01:15:22AM -0500, Jacob S. wrote: > > But, looking at the output of netstat, I noticed the following > > entry: > > > > Active Internet connections (w/o serve

Re: Interesting netstat results

de has changed the > way the network meter shows traffic, making it look like more than it > is, the network switch agreed with this constant stream as well. Looking > at the meter on the taskbar, we're only talking a little under 0.5kbp/s. > > But, looking at the output of net

Re: Interesting netstat results

meter shows traffic, making it look like more than it > is, the network switch agreed with this constant stream as well. Looking > at the meter on the taskbar, we're only talking a little under 0.5kbp/s. > > But, looking at the output of netstat, I noticed the following entry: >

Interesting netstat results

agreed with this constant stream as well. Looking at the meter on the taskbar, we're only talking a little under 0.5kbp/s. But, looking at the output of netstat, I noticed the following entry: Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address Stat

netstat: how to reset protocol statistics

Hi, all. I want to reset protocol statistics displayed by netestat -s. netstat seem to have no option that reset protocol statistics information shown by netstat -s. (*BSD does(-z option), though) According to netstat(8), netstat, when invoked with -s option, uses /proc/net/snmp as the source

Re: netstat -nr shows all interfaces but lo... is this normal ?

On Fri, Apr 02, 2004 at 07:38:35AM -0700, John Kennedy wrote: > I just dual booted a Redhat 9.0 machine with Knoppix/Debian > and when doing netstat -nr > I can see all interfaces represented except lo/127.0.0.0 > Is this normal in Debian? > should I add lo with the route comma

Re: netstat -nr shows all interfaces but lo... is this normal ?

John Kennedy wrote: > I just dual booted a Redhat 9.0 machine with Knoppix/Debian > and when doing netstat -nr > I can see all interfaces represented except lo/127.0.0.0 Mine's the same way. > Is this normal in Debian? So it would seem. Adam -- To UNSUBSCRIBE

netstat -nr shows all interfaces but lo... is this normal ?

I just dual booted a Redhat 9.0 machine with Knoppix/Debian and when doing netstat -nr I can see all interfaces represented except lo/127.0.0.0 Is this normal in Debian? should I add lo with the route command? Thanks in adavance John Kennedy -- To UNSUBSCRIBE, email to [EMAIL PROTECTED

Re: netstat / masquerading

> > iptables -t nat -A POSTROUTING -o $BADIF -j MASQUERADE > > > > What do I have to do to see the masqueraded connections? > Try this: http://cv.intellos.net > > Yndy Wow! It addresses the problem exactly and the output seems nice. I'll try that out at home asap, many, many thanks! David -- T

Re: netstat / masquerading

> > iptables -t nat -A POSTROUTING -o $BADIF -j MASQUERADE > > What do I have to do to see the masqueraded connections? Try this: http://cv.intellos.net Yndy -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: netstat / masquerading

> >Hi group, > > > >I was used to display masqueraded connections with > > > >netstat -M > > > >but now, under Woody, I get > > > >no support for 'ip_masquerade' on this system. > > > >I set up masquerading with > >

Re: netstat / masquerading

> Try iptstate - works great for me. > I'll look that up in testing, thanks. David -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: netstat / masquerading

Fokkema wrote: > Hi group, > > I was used to display masqueraded connections with > > netstat -M > > but now, under Woody, I get > > no support for 'ip_masquerade' on this system. > > I set up masquerading with > > iptables -t nat -A POSTROUTING -o

Re: netstat / masquerading

David Fokkema, 2003-Apr-03 16:08 +0200: > Hi group, > > I was used to display masqueraded connections with > > netstat -M > > but now, under Woody, I get > > no support for 'ip_masquerade' on this system. > > I set up masquerading with >

Re: netstat / masquerading

David Fokkema wrote: Hi group, I was used to display masqueraded connections with netstat -M but now, under Woody, I get no support for 'ip_masquerade' on this system. I set up masquerading with iptables -t nat -A POSTROUTING -o $BADIF -j MASQUERADE What do I have to do

netstat / masquerading

Hi group, I was used to display masqueraded connections with netstat -M but now, under Woody, I get no support for 'ip_masquerade' on this system. I set up masquerading with iptables -t nat -A POSTROUTING -o $BADIF -j MASQUERADE What do I have to do to see the masqueraded c

Netstat command doesn't work in continuous mode

Hello all, It seems that the netstat command doesn't work correctly in continuous mode it just continues to display the header. Try this command: "netstat -c -i eth0" Any fixes for this or other ways to easily grab this info? Thanks, ---Dean. -- Dean Roman ([EMAIL PRO

Re: $netstat -a

Hello Again thanks again for all the suggestions. I haven't quite found out what the processes generating those lines in netstat were but I have I think got closer to an answer. I looked in the netstat manpage and it mentionned the file /proc/net/raw. I looked at this file and foun

Re: $netstat -a

begin [EMAIL PROTECTED] quotation: > > Do an "lsof | grep raw" and post what you find. > > tried that and no joy. You'll have to be root; sorry, should have mentioned that. -- Shawn McMahon| McMahon's Laws of Linux support: http://www.eiv.com | 1) There's mo

Re: $netstat -a

gt; machine. > > I found the following and wonder whether if it is of any help: > > *Re: raw socket *:6 > * > *David S. Miller ([EMAIL PROTECTED]) > *Sat, 16 May 1998 13:12:44 -0700 > * > * > *about the mid 2.1.90's of linux-kernel > *raw socket with local

  1   2   >