[CLUE-Tech] whats my network doing?
Brandon N
bneill at yahoo.com
Thu May 9 10:55:51 MDT 2002
I use a tool called iptraf
It shows all current connections, in real time, in a ncurses console.
You can apply filters so that you don't see connections like DNS
requests, etc.
Brandon
--- Roger Frank <rfrank at rfrank.net> wrote:
> Another quiet morning, up at 4 to get some work done before school.
> I look
> at the activity lights on the broadband modem connecting my web site
> server
> to the internet and they are showing a lot of traffic. Some teacher
> somewhere is downloading a lesson plan or a project.
>
> Or maybe not. I go to the standalone machine that has the web site
> and
> look at /var/log/http/access_log and I see two recent attempts with
> bad
> headers from 217.225.223.158 and 211.195.113.201 along with the usual
>
> plethora of attempts by windows viruses. The /var/log/http/error_log
> records
> the bad headers. But what traffic is going now, I wonder, showing up
> in the
> Tx and Rx leds? I look at `who` to see that nobody else is logged
> in. I
> look at `ps -aux` to see nothing unusual that I can spot.
>
> How do I see who is getting data from my website while it is
> happening?
> `ifconfig` shows a lot is happening, but not in enough detail. I
> would like
> to know (1) who is accessing me and (2) what they are getting. My
> concern is
> that they are getting nothing from me but instead using my machine
> for
> nefarious purposes.
>
> Any clues, cluebies? What log should I check? What software tool
> should I
> use? Thanks!
>
> ---
> Roger Frank
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Mother's Day is May 12th!
http://shopping.yahoo.com
More information about the clue-tech
mailing list