[CLUE-Tech] whats my network doing?
Roger Frank
rfrank at rfrank.net
Thu May 9 05:23:01 MDT 2002
Another quiet morning, up at 4 to get some work done before school. I look
at the activity lights on the broadband modem connecting my web site server
to the internet and they are showing a lot of traffic. Some teacher
somewhere is downloading a lesson plan or a project.
Or maybe not. I go to the standalone machine that has the web site and
look at /var/log/http/access_log and I see two recent attempts with bad
headers from 217.225.223.158 and 211.195.113.201 along with the usual
plethora of attempts by windows viruses. The /var/log/http/error_log records
the bad headers. But what traffic is going now, I wonder, showing up in the
Tx and Rx leds? I look at `who` to see that nobody else is logged in. I
look at `ps -aux` to see nothing unusual that I can spot.
How do I see who is getting data from my website while it is happening?
`ifconfig` shows a lot is happening, but not in enough detail. I would like
to know (1) who is accessing me and (2) what they are getting. My concern is
that they are getting nothing from me but instead using my machine for
nefarious purposes.
Any clues, cluebies? What log should I check? What software tool should I
use? Thanks!
---
Roger Frank
More information about the clue-tech
mailing list