[X-Unix] How to monitor inbound/outbound network traffic?
Christoph Hammann
chammann at mac.com
Fri May 20 21:33:59 PDT 2005
am 21.05.2005 6:11 Uhr schrieb Rad Craig unter rad at inductionconcepts.com:
> Ok, running tcpdump, I snipped the following from the terminal screen:
>
> 23:00:53.151272 IP 10.10.1.101.27005 >
> unknown33.1.157.204.defenderhosting.com.27015: UDP, length: 29
> 23:00:53.189091 IP unknown33.1.157.204.defenderhosting.com.27015 >
> 10.10.1.101.27005: UDP, length: 60
>
> Now, what does that mean? What kind of activity does that look
> like?
Well, watch and learn, grasshopper ;-)
First step (in Terminal):
wintermute:~ chammann$ whois 33.1.157.204
OrgName: DoD Network Information Center
OrgID: DNIC
Address: 7990 Science Applications Ct
Address: M/S CV 50
City: Vienna
StateProv: VA
PostalCode: 22183-7000
Country: US
NetRange: 33.0.0.0 - 33.255.255.255
CIDR: 33.0.0.0/8
NetName: DCMC-1
NetHandle: NET-33-0-0-0-1
Parent:
NetType: Direct Allocation
NameServer: AAA-VIENNA.NIPR.MIL
NameServer: AAA-KELLY.NIPR.MIL
NameServer: AAA-VAIHINGEN.NIPR.MIL
NameServer: AAA-WHEELER.NIPR.MIL
Comment: DOD Network Information Center
Comment: 7990 Science Applications Court
Comment: Vienna, VA 22183-7000 US
RegDate:
Updated: 2001-10-12
TechHandle: ZD41-ARIN
TechName: DOD Network Information Center
TechPhone: +1-800-365-3642
TechEmail: HOSTMASTER at nic.mil
OrgTechHandle: MIL-HSTMST-ARIN
OrgTechName: Network DoD
OrgTechPhone: +1-703-676-1051
OrgTechEmail: HOSTMASTER at nic.mil
# ARIN WHOIS database, last updated 2005-05-20 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Second step ( from http://www.iana.org/assignments/port-numbers ):
flex-lm 27000-27009 FLEX LM (1-10)
# Daniel Birns <daniel at globes.com>
# 27010-27344 Unassigned
Third step (from
http://www.mathworks.com/support/tech-notes/1300/1303.html#what_is_FLEXlm
via Google):
Section 1: What Is FLEXlm? Who Makes FLEXlm?
FLEXlm is the most popular license management tool on the market today. It
allows software to "float" on a network and not be tied to one particular
machine. This involves a server-client relationship that requires a client
machine to first successfully check out a license from the server in order
for an application to be used on that client machine. The criteria for
checking out a license can vary according to how the license management is
configured.
Macrovision Corporation makes FLEXlm. For more detailed information about
FLEXlm, visit the Macrovision Corporation Web site.
Section 2: How Does FLEXlm Work?
There are four main components to FLEXlm:
License manager daemon (lmgrd) - makes initial contact with client
application (e.g., MATLAB) and starts and restarts vendor daemons
Vendor daemon (MLM) - keeps track of the number of licenses checked out and
who has each license by accessing memory and granting or denying license
checkouts
License file (license.dat) - contains licensing data within a text file. It
is created by the software vendor (e.g., The MathWorks) and edited during
installation
Application program (e.g., MATLAB) - communicates with the vendor daemon to
request a license for check out
Conclusion (AKA wild guess):
You have a MATLAB version "on loan" from the Department of Defense in
Vienna, VA that phones home. Or their license server is malconfigured.
Funny what you can find out with the right tools.
Christoph
More information about the X-Unix
mailing list