[X-Unix] How to monitor inbound/outbound network traffic?

Rad Craig rad at inductionconcepts.com
Fri May 20 21:11:56 PDT 2005 

Ok, running tcpdump, I snipped the following from the terminal screen:

23:00:53.151272 IP 10.10.1.101.27005 >  
unknown33.1.157.204.defenderhosting.com.27015: UDP, length: 29
23:00:53.189091 IP unknown33.1.157.204.defenderhosting.com.27015 >  
10.10.1.101.27005: UDP, length: 60
23:00:53.208280 IP 10.10.1.101.27005 >  
unknown33.1.157.204.defenderhosting.com.27015: UDP, length: 31
23:00:53.248746 IP unknown33.1.157.204.defenderhosting.com.27015 >  
10.10.1.101.27005: UDP, length: 62
23:00:53.265826 IP 10.10.1.101.27005 >  
unknown33.1.157.204.defenderhosting.com.27015: UDP, length: 29
23:00:53.300955 IP unknown33.1.157.204.defenderhosting.com.27015 >  
10.10.1.101.27005: UDP, length: 62
23:00:53.324387 IP 10.10.1.101.27005 >  
unknown33.1.157.204.defenderhosting.com.27015: UDP, length: 29
23:00:53.361093 IP unknown33.1.157.204.defenderhosting.com.27015 >  
10.10.1.101.27005: UDP, length: 56
23:00:53.382936 IP 10.10.1.101.27005 >  
unknown33.1.157.204.defenderhosting.com.27015: UDP, length: 32
23:00:53.424902 IP unknown33.1.157.204.defenderhosting.com.27015 >  
10.10.1.101.27005: UDP, length: 58
23:00:53.440941 IP 10.10.1.101.27005 >  
unknown33.1.157.204.defenderhosting.com.27015: UDP, length: 34
23:00:53.487995 IP unknown33.1.157.204.defenderhosting.com.27015 >  
10.10.1.101.27005: UDP, length: 64
23:00:53.498511 IP 10.10.1.101.27005 >  
unknown33.1.157.204.defenderhosting.com.27015: UDP, length: 35

Now, what does that mean?  What kind of activity does that look  
like?  Little Snitch didn't prompt me for any of this, I just looked  
down and saw my transmit light on solid like it was doing this  
morning.  It wasn't doing this earlier tonight.  Any ideas or  
suggestions?  It is doing this continually, scrolls too fast to read  
it all.  How can I figure out what application or who this is and  
what/why I'm receiving.  it is mostly receiving.  I don't really have  
anything 'running' right now other than email.


Rad...

On May 20, 2005, at 12:03 PM, cheryl schneider wrote:

>
> On May 20, 2005, at 10:39 AM, Brent Baisley wrote:
>
>
>> Yo can try using tcpdump in your terminal. It's more of a  
>> technical tool, but at the very least you can find out what ip  
>> address you are talking to.
>>
>> sudo tcpdump
>>
>
> Read the man pages on tcpdump for additional syntax.
>
>
> to capture packets on en1 to/from a given host:
>
> sudo tcpdump -i en1 host <host name>
>
>
> if you want to narrow it down to packets being received on a given  
> port:
>
> sudo tcpdump -i en1 dst port <port number>
>
> Also take a look at Ethereal, an open source packet sniffer that'll  
> filter the information in a more human-readable format. It runs in  
> an X Windows environment, including X11.
>
> -------------------------------------
> Cheryl Schneider, ACSA
> cheryl at themacworks.com
>
>
>
>> On May 20, 2005, at 10:16 AM, Rad Craig wrote:
>>
>>
>>
>>> Right now, I'm watching the light (xfer) on my network card and  
>>> it's lit up almost solid, like I was downloading/uploading  
>>> something, something (data) is going in or out.  I want to know  
>>> what it is?  Which application is sending it and what its  
>>> sending.  I don't have anything running right now that should be  
>>> constantly transferring data like this.  Its as if someone is  
>>> sucking data off of my computer.  Is there a program/app/utility/ 
>>> script that will allow me to find out what is going on?
>>>
>>>
>>> Rad...
>>>
>>> _______________________________________________
>>> X-Unix mailing list
>>> X-Unix at listserver.themacintoshguy.com
>>> http://listserver.themacintoshguy.com/mailman/listinfo/x-unix
>>>
>>> Listmom is trying to clean out his closets! Vintage Mac and  
>>> random stuff:
>>>         http://search.ebay.com/_W0QQsassZmacguy1984
>>>
>>>
>>>
>>>
>> -- 
>> Brent Baisley
>> Systems Architect
>> Landover Associates, Inc.
>> Search & Advisory Services for Advanced Technology Environments
>> p: 212.759.6400/800.759.0577
>>
>
> _______________________________________________
> X-Unix mailing list
> X-Unix at listserver.themacintoshguy.com
> http://listserver.themacintoshguy.com/mailman/listinfo/x-unix
>
> Listmom is trying to clean out his closets! Vintage Mac and random  
> stuff:
>          http://search.ebay.com/_W0QQsassZmacguy1984

More information about the X-Unix mailing list