On 03/12/2020 00:02, home user wrote:
(I sent this to the list three times in the past two days; it apparently never
arrived, and it did not bounce.)
I rebooted, and did a few netstat's and an iftop while the workstation was
"quiet". I pasted output from 2 netstat runs into a text file.
I paused the iftop display many times to grab line pairs of interest, and
pasted those into the text file that has the netstat runs.
The text file is attached.
Most of the entries in the iftop display involve comcast, my internet service
provider. Quite a few unexpected addresses also show up in iftop. A few
questions come to mind...
A few years ago, I saw in the system journal numerous log-in attempts by
outsiders from all over the world, and opened a thread about that. Now such
attempts are blocked by the firewall. If an outsider tries to communicate with
my workstation, and the firewall blocks the attempt, will the attempt show up
in the network activity panel of ksysguard? Will that attempt show up in the
iftop display?
Well, it is really difficult to determine the source of those small packets.
You may want to run iftop with -Pn to make sure the port numbers are listed.
Thing suchs as
c-98-245-12-4.hsd1.co.comcast.net => no-mans-land.m247.com 0b 54b 14b
are meaningless without a port. Also, if one does a lookup they would see...
[egreshko@meimei etc]$ host no-mans-land.m247.com
Host no-mans-land.m247.com not found: 3(NXDOMAIN)
So, what is the real IP address of that hostname? And how did your system come
up with that name....
The best tool for this is "wireshark" and capturing network activity with
filters on maybe one IP address which
appears most often.
Also, go back and run "lastb" to make sure your firewall is actually blocking
incoming logins.
It also makes things difficult for others to diagnose without a clear
understanding of your network
topology. Is the host directly connected to the Internet with public IP
addresses? Running IPv4 and IPv6?
Is the host behind a router and using NAT? etc....
---
The key to getting good answers is to ask good questions.
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
