Security Incidents mailing list archives
Re: Bizarre traffic
From: Edy <email () edylie net>
Date: Fri, 03 Mar 2006 02:28:09 +0800
Also if it is *nix box you could install lsoft and do a lsoft -i Cheers, Edy Ramez Hanna wrote:
you can use netstat -naptu | grep -i established this should show you all the connection going out and you will also see which process is causing them On 23 Feb 2006 13:44:16 -0000, selfinnoculation () yahoo com <selfinnoculation () yahoo com> wrote:I am not too sure if I can agree with you at this moment, David. It is indeed weird that traffic is only heading towards the HTTPS port. Have you considered running a netmon service on that source machine to see which application is actually sending out requests for HTTPS? You might be able to nail the culprit there. Good luck.
Current thread:
- Re: Bizarre traffic Edy (Mar 03)