On Wed, 2007-12-12 at 10:50 -0500, Chris Knadle wrote: >
> > The short answer: not simple. I gave you a vague idea of the types of > tools used to try to figure that out to answer the questions: What ports are > open, what processes are associated with those ports, what network traffic is > passing through the box. Chris: Thanks very much for your continued participation in this thread. Thanks also to PorkChop and Mike Kershaw for their input. I did read what you wrote about TCPDUMP, packet sniffing, etc. I have at one time browsed the OReilly book, "Network Troubleshooting Tools". > > > Mike Kershaw mentioned that a reboot is unnecessary. When I restored my > > original resolv.conf,before rebooting I was still getting UDP port 137 > > packets being logged, so I *ass*umed that a reboot was necessary for the > > resolv.conf changes to take effect. > > Changes to /etc/resolv.conf are used right away. I'll accept what you say. But I can conceive of a scenario where the file is read at boot time, and used to fill out kernel data structures. The kernel might not be aware until reboot if the file is subsequently modified. > > > Hopefully, this doesn't matter, but I used kedit to make the changes to > > resolv.conf. This leaves around a backup file. > > Almost all text editors can be configured to leave a backup file, or > configured not to. "Bit Twister" from comp.os.linux.networking wanted me to remove all backup files. So I thought there might be side-effects from having them around. Yesterday Dec. 11 I ran for over 3 hours with my original resolv.conf. There was not a single UDP packet to port 137 logged by iptables. Today, I changed resolv.conf back to the contents that were previously associated with the UDP packets to port 137. nameserver 68.237.161.12 nameserver 71.250.0.12 I let the system run for 10 minutes. During that time, there were no "events" reported by Firestarter. I then rebooted. My system resumed the behavior I've previously described: every 30 seconds, Firestarter is reporting logging of UDP packets to port 137. According to Firestarter, there is a one-to-one correspondence between connection attempts to port 80, and the "Samba" packets. I now have a hardcopy of the script which implements "service network start/stop/restart". The networking scripts are easier to decipher from hardcopy than from the screen. (I own an inkjet printer, a gift from a friend, but I never bought cartridges for it.). "service network stop" invokes ifdown-eth. I have the hardcopy for ifdown-eth. I can understand the Bash, but I don't understand what the code is doing. > > -- Chris > > _______________________________________________ > Mid-Hudson Valley Linux Users Group http://mhvlug.org > > http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug > Upcoming Meetings (6pm - 8pm) MHVLS Auditorium > > Dec 5 - Open Source Show and Tell > Jan 2 - TBD > Feb 6 - DBUS > Mar 5 - Setting up a platform-independent home/small office network using > Linux _______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Dec 5 - Open Source Show and Tell Jan 2 - TBD Feb 6 - DBUS Mar 5 - Setting up a platform-independent home/small office network using Linux
