On 02/18/2010 09:52 AM, Wendell Nichols wrote: > I would like to monitor network connections on my servers. Users run > all sorts of stuff and I want to know when some chat client starts > shipping data to a system in china etc. Snort is probably the best (and complicated) network sniffer out there. It can do some serious analysis. It also eats up CPU cycles like crazy. You've been warned. If you try to use something like "netstat" and such, you can't be sure which application is using which port without finding the port being used and analyzing the output of something like "lsof -i :port". Example: port 22 is ssh, but you can tell ssh to listen on a completely different port. This is true of many applications. You should also keep in mind that if the connection is being originated at your end, the source port could be on any one. You'd need to look at the destination port to see what it's talking to and even then it could be completely bogus. All you know for sure is that if the destination port is 22, it's talking to a port that was reserved for ssh by the IETF. It doesn't mean that what's actually at the other end is an sshd instance. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer ricks@xxxxxxxx - - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 - - - - We have enough youth, how about a fountain of SMART? - ---------------------------------------------------------------------- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
