Re: [TCLUG:5610] Am I being hacked now? (netstat stuff)

To: tclug-list@listserv.real-time.com
Subject: Re: [TCLUG:5610] Am I being hacked now? (netstat stuff)
From: rtp <rtp@iaxs.net>
Date: Thu, 29 Apr 1999 04:10:32 -0500
Organization: mi-recordz.com
References: <Pine.LNX.4.04.9904282121410.9865-100000@pclueyb>
Sender: rtp@iaxs.net

A network tool that I recently began running on my machine is
trafshow-1.3-5.rpm. "Trafshow will continuously display an ncurses-based
graphic representation of packet traffic on network
interfaces...periodically sort and update the traffic information, and
may be useful for monitoring suspicious traffic on your
network."--Description from Linux Power Tools Guide

I am running trafshow on my local interfaces and over a remote interface
via ssh.

I don't know if anyone else is using this particular application but it
seems very cool. I imagine their are other apps that accomplish the same
reports.

ron parker

Ben Luey wrote:
> 
> I just ran netstat (for the first time) and I see this connection to
> ppp-asfm-balh.sirius.net via nterm. What is this and what does it mean. I
> see no mention of this ip address in any logs, nor any icq people from
> this ip. I ran nmap and it says no port are open and so I can't find out
> who this is. What does this mean
> 
> [lueyb@pclueyb lueyb]$ netstat
> Active Internet connections (w/o servers)
> Proto Recv-Q Send-Q Local Address           Foreign Address         State
> tcp        0      1 pclueyb:1575            ppp-asfm04--199.sir:www
> SYN_SENT
> tcp       87      0 pclueyb:nterm           ppp-asfm05--027.si:1083
> ESTABLISHED
> tcp        0      0 localhost:7100          localhost:3444          CLOSE
> tcp        0      0 localhost:7100          localhost:3443          CLOSE
> tcp        0      0 pclueyb:nterm           ppp-asfm04--199.si:1076
> ESTABLISHED
> tcp        0      0 localhost:7100          localhost:listen
> ESTABLISHED
> tcp        0      0 localhost:listen        localhost:7100
> ESTABLISHED
> udp        0      0 pclueyb:1073            icq.icq.com:4000
> ESTABLISHED
> 
> Ben Luey
> lueyb@carleton.edu
> ICQ: 19144397
> 
> I didn't realize that jobs and trade and what makes America work would become
> a big issue.  --  Bob Dole
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@listserv.real-time.com
> For additional commands, e-mail: tclug-list-help@listserv.real-time.com
> Try our website: http://tclug.real-time.com

Follow-Ups:
- Re: [TCLUG:5610] Am I being hacked now? (netstat stuff)
  - From: Peter Lukas <peter@math.umn.edu>

References:
- Am I being hacked now? (netstat stuff)
  - From: Ben Luey <lueyb@carleton.edu>

Prev by Date: Digital Cameras + Linux
Next by Date: Re: [TCLUG:5623] Digital Cameras + Linux
Prev by thread: Am I being hacked now? (netstat stuff)
Next by thread: Re: [TCLUG:5610] Am I being hacked now? (netstat stuff)
Index(es):
- Date
- Thread