Wireshark mailing list archives

Re: Yum install centos 5.2

From: Mike Brandonisio <mbrando () jikometrix net>
Date: Tue, 13 Oct 2009 08:00:17 -0500

Hi Guy,

I'm getting closer. In using tshark to record all the SMTP traffic I wasable to grep 'helo' and 'ehlo'. I got a hit on 'helo' where my serverwas saying it was a well known ISP. It is not. I then was able to crossreference the destination IP with the netstat log that showed that iswas in fact php script. Now to find out which one. I have the PID but ofcourse the script is not currently running.


Ant thoughts on how to track down the script?

Sincerely,
Mike
--
Mike Brandonisio          *    Web Hosting / Development
Tech One Illustration     *    Internet Marketing
tel (630) 759-9283 x1001  *    e-Commerce
mbrando () jikometrix net    *    www.jikometrix.net

   JIKOmetrix - Reliable web hosting



Guy Harris wrote:

On Oct 12, 2009, at 6:33 AM, Mike Brandonisio wrote:
Is it possible to include netstat as part of the trace with tshark?
TShark doesn't include any code to fetch any "what process has asocket bound to or connected to a given endpoint" information, so, no,netstat information isn't part of a Wireshark/TShark trace (not thatthere's any provision in pcap file format to store that anyway,although pcap-NG could do that).
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Attachment: mbrando.vcf
Description:

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Re: Yum install centos 5.2, (continued)
- - - Re: Yum install centos 5.2 Mike Brandonisio (Oct 11)
    - Re: Yum install centos 5.2 Mike Brandonisio (Oct 11)
    - Re: Yum install centos 5.2 Guy Harris (Oct 11)
    - Re: Yum install centos 5.2 Mike Brandonisio (Oct 11)
    - Re: Yum install centos 5.2 Guy Harris (Oct 11)
    - Re: Yum install centos 5.2 Mike Brandonisio (Oct 11)
    - Re: Yum install centos 5.2 Mike Brandonisio (Oct 11)
    - Re: Yum install centos 5.2 Mike Brandonisio (Oct 12)
    - Re: Yum install centos 5.2 Guy Harris (Oct 12)
    - Re: Yum install centos 5.2 Mike Brandonisio (Oct 12)
    - Re: Yum install centos 5.2 Mike Brandonisio (Oct 14)
    - Re: Yum install centos 5.2 Jeffrey Walton (Oct 14)
    - Re: Yum install centos 5.2 Mike Brandonisio (Oct 14)
    - Re: Yum install centos 5.2 Mike Brandonisio (Oct 11)
    - Re: Yum install centos 5.2 Guy Harris (Oct 11)
    - Re: Yum install centos 5.2 Mike Brandonisio (Oct 11)
    - Re: Yum install centos 5.2 Mike Brandonisio (Oct 11)