[NTLUG:Discuss] Denial of service attack?
MadHat
madhat at unspecific.com
Mon Nov 18 10:59:29 CST 2002
On Mon, 2002-11-18 at 10:46, Rick Matthews wrote:
> At various times over the past two days, I've been seeing (virtually)
> streaming data on my nick that connects to the outside world. I
> can't account for that activity. During those periods web browsing
> is slowed to a crawl.
>
> What commands can I use to determine what is going on?
>
netstat to see what network traffic is happening.
as root, you can do a
netstat -pa
you will get a list of all the connections and the process using them.
Keep in mind this will also show local connections (not internet
connections). To see just those add a --inet
it wraps bad here, but you might get the idea
netstat -pa --inet
$ sudo netstat -pa --inet
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
tcp 0 0 *:ssh *:*
LISTEN 676/sshd
tcp 0 0 madhat-laptop.dal:smtp *:*
LISTEN 713/sendmail: accep
tcp 0 0 172.21.142.171:43892 madhat-1.august.net:ssh
ESTABLISHED 1128/ssh
tcp 0 0 172.21.142.171:44097 cs16.msg.sc5.yahoo:5050
ESTABLISHED 1507/ymessenger.bin
> Thanks!
>
> Rick Matthews
>
>
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss
--
MadHat at Unspecific.com
"Anyone who understands Linux/Unix, really understands the universe.
Anyone who understands Windows, really understands Windows."
- Richard Thieme, DefCon 10, 2002
More information about the Discuss
mailing list