OK, now it sounds like you are trying to troubleshoot a problem regarding users who are logged into your FTP server. The users' packets are being forwarded through a router so you think you can do some troubleshooting at the router, which you can. Someone suggested using Net Flow. That's a great idea. Access lists with logging would work also. And on a router that is not too busy, try debug ip packet. Router# debug ip packet IP: s=172.69.13.44 (Fddi0), d=10.125.254.1 (Serial2), g=172.69.16.2, forward IP: s=172.69.1.57 (Ethernet4), d=10.36.125.2 (Serial2), g=172.69.16.2, forward So, that would give you the IP address. Then go to one of the many WHOIS servers and see if you can get a Domain Name System domain name. For example, try the WHOIS server at http://www.networksolutions.com/cgi-bin/whois/whois. Be sure to type host and the address so it knows you are doing a reverse lookup. Often you can't easily get a domain name, though, if it's just some home user of a huge ISP. If you're hoping to get the FTP login name, you have false hopes. The FTP login name only appeared in one of the first packets of the FTP session. Unless you happened to capture that packet with a protocol analyzer, you aren't going to get it. Have you considered that XP is just buggy and is incorrectly telling you someone is still logged in??? Priscilla At 11:57 PM 8/28/01, PHIMHONGKONG wrote: >hehehe > >Sorry it is not what i want to know > >Let me say > >I have a Router with 2 E > >I run a Ftp for 50 user download to my server >I use to shut down my computer ( server) at night > >when i going to shut it off > >The computer promt me a message some one connecting and it wont shut down > >The OS is Window XP Professional > >I check the Servu Ftp and all clear + i turn off the FTP > >At that time there is no more connection to my computer >But the Computer keep telling me ther is some one on computer and it wont >shut down .. > >My Computer run Os and didnot set any fancy thing except a Servu Ftp port 21 > >I knew some one on my computer and Xp wont shut down > >I have to press Turn off button to turn it off >:-0 > >ANy suggestion ? > >I want to know the command show who conn to your router when ever u want >to check how many conn from outside to your router... > > >any suggestion ?? > >Thanks > > > >""Donny Mateo"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I believe another command would also accomplish the same thing, correct me > > if I'm wrong : > > > > show users > > > > Donny > > > > > > >From: "Priscilla Oppenheimer" > > >Reply-To: "Priscilla Oppenheimer" > > >To: [EMAIL PROTECTED] > > >Subject: Re: I HAVE QUESTION How can i know who conn to my rout [7:17611] > > >Date: Tue, 28 Aug 2001 22:08:17 -0400 > > > > > >Oh, so you are considering connections TO the router, not connections > > >through the router. You must be asking about Telnet sessions (or HTTP on > > >some routers) used for configuring or managing the router. > > > > > >So, in that case, use the show tcp brief command, as John suggested. > > > > > >Here's an example courtesy of Leigh Anne: > > > > > >RouterD#show tcp brief > > >TCB Local Address Foreign Address (state) > > >81770CA8 172.16.1.110.23 172.16.1.1.1067 ESTAB > > > > > >Priscilla > > > > > >At 07:24 PM 8/28/01, PHIMHONGKONG wrote: > > > >MaizeHello > > > >Sorry I confuse all you guy > > > > > > > > > > > > > > > > > > > > > > > >Let say In Window xx You Put a command NETSTATS > > > > > > > >It will OUTPUT some thing like this > > > > > > > >Active Connections > > > > > > > > Proto Local Address Foreign Address State > > > > TCP cx541749-a:ftp-data bb-62-5-49-77.bb.tninet.se:4227 = > > > >TIME_WAIT > > > > TCP cx541749-a:ftp-data bb-62-5-49-77.bb.tninet.se:4228 = > > > >TIME_WAIT > > > > TCP cx541749-a:ftp-data bb-62-5-49-77.bb.tninet.se:4229 = > > > >TIME_WAIT > > > > TCP cx541749-a:ftp-data bb-62-5-49-77.bb.tninet.se:4230 = > > > >TIME_WAIT > > > > TCP cx541749-a:ftp-data bb-62-5-49-77.bb.tninet.se:4231 = > > > >TIME_WAIT > > > > TCP cx541749-a:ftp-data c1771000-a.stcla1.sfba.home.com:2815 >= > > > >ESTABLISHE > > > >D > > > > TCP cx541749-a:ftp bb-62-5-49-77.bb.tninet.se:4226 = > > > >ESTABLISHED > > > > TCP cx541749-a:ftp c1771000-a.stcla1.sfba.home.com:2810 >= > > > >ESTABLISHE > > > >D > > > > TCP cx541749-a:ftp h230n3fls21o906.telia.com:65002 = > > > >ESTABLISHED > > > > > > > > > > > > > > > >I would like to know !!!!!!1 is it possible i can do the same on router >= > > > >?????? > > > > > > > >If yes What command !! Thanks > > > > > > > >If no > > > > > > > >What the most closest command :-) > > > > > > > >Thanks > > > > > > > > > > > > > > > >IF some hacker log in to your rotuer and network ( he delete history >and > > >= > > > >log) > > > > > > > >How can you know your network hacked=20 > > > > > > > >Thanks > > > > > > > >[GroupStudy.com removed an attachment of type image/gif which had a >name > > >of > > > >amaizrul.gif] > > > > > > > >[GroupStudy.com removed an attachment of type image/jpeg which had a >name > > >of > > > >Maize Bkgrd.jpg] > > >________________________ > > > > > >Priscilla Oppenheimer > > >http://www.priscilla.com > > _________________________________________________________________ > > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp ________________________ Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17751&t=17751 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
