Re: what network monitor will display which applications are using which connections?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On 02/18/2010 09:52 AM, Wendell Nichols wrote:
> I would like to monitor network connections on my servers.  Users run
> all sorts of stuff and I want to know when some chat client starts
> shipping data to a system in china etc.

Snort is probably the best (and complicated) network sniffer out
there.  It can do some serious analysis.  It also eats up CPU cycles
like crazy.  You've been warned.

If you try to use something like "netstat" and such, you can't be sure
which application is using which port without finding the port being
used and analyzing the output of something like "lsof -i :port".
Example: port 22 is ssh, but you can tell ssh to listen on a completely
different port.  This is true of many applications.

You should also keep in mind that if the connection is being originated
at your end, the source port could be on any one.  You'd need to look
at the destination port to see what it's talking to and even then it
could be completely bogus.  All you know for sure is that if the
destination port is 22, it's talking to a port that was reserved for
ssh by the IETF.  It doesn't mean that what's actually at the other end
is an sshd instance.
- Rick Stevens, Systems Engineer                      [email protected] -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-         We have enough youth, how about a fountain of SMART?       -
users mailing list
[email protected]
To unsubscribe or change subscription options:

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux