James G. Sack (jim) wrote:
I've used iptraf to diagnose connection problems and network hogs
real-time (and to see when Windows and other things phone home or do
other stuff that they were trying to hide from me).
You run it on the gateway -- is that right?
How do you find call-home evidence? Outgoing on other than port 80, or
something like that?
I have monitored packets on either the gateway or a hub or some other
network device that the packets had to travel through (and that were
repeated to the monitoring system). iptraf has several different views
that can be used, and depending upon what you're looking for, you can
use different ones to sniff out what you want.
The first time I used it like this was with W2K at Akamai to watch my
company laptop contact M$ before it was even at the splash screen. I saw
the URL it connected to. In this particular case I connected both
computers (my desktop Linux box and the laptop) to a small hub on my desk.
PGA
--
Paul G. Allen, BSIT/SE
Owner, Sr. Engineer
Random Logic Consulting Services
www.randomlogic.com
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
