Security Incidents mailing list archives
Re: RE: Bizarre traffic
From: "Ramez Hanna" <ramez.hanna () gmail com>
Date: Thu, 23 Feb 2006 20:56:17 +0200
you can use netstat -naptu | grep -i established this should show you all the connection going out and you will also see which process is causing them On 23 Feb 2006 13:44:16 -0000, selfinnoculation () yahoo com <selfinnoculation () yahoo com> wrote:
I am not too sure if I can agree with you at this moment, David. It is indeed weird that traffic is only heading towards the HTTPS port. Have you considered running a netmon service on that source machine to see which application is actually sending out requests for HTTPS? You might be able to nail the culprit there. Good luck.
Current thread:
- Bizarre traffic David Gillett (Feb 10)
- Re: Bizarre traffic Brian Rectanus (Feb 10)
- RE: Bizarre traffic David Gillett (Feb 13)
- RE: Bizarre traffic David Gillett (Feb 27)
- <Possible follow-ups>
- Re: RE: Bizarre traffic mosquitooth (Feb 17)
- Re: RE: Bizarre traffic selfinnoculation (Feb 23)
- Re: RE: Bizarre traffic Ramez Hanna (Feb 23)
- Re: RE: Bizarre traffic Ansgar -59cobalt- Wiechers (Feb 24)
- Re: RE: Bizarre traffic Dick St.Peters (Feb 24)
- Re: RE: Bizarre traffic Ramez Hanna (Feb 23)
- Re: Bizarre traffic Brian Rectanus (Feb 10)