On 07/06/2012 04:06 AM, Anne Wilson wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1Logwatch on my laptop tells me Listed by source hosts: Dropped 30 packets on interface eth0 From 192.168.0.40 - 30 packets to tcp(38575) 192.168.0.40 is a mail/file/print server running SL. It may also be relevant that the laptop has fstab mounts to data areas on the server. I feel that there must be some way I can trace what is actually sending those packets, so that I can make an assessment, but I've no idea how/where to look. I see that it's an unallocated address, so I've no pointer at all. Where should I start looking? Anne -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/2qpMACgkQj93fyh4cnBeQlQCggnN/Spo5TubvCrXtCogKVTiJ VWQAnReuFaQpTA9pJOFweO5K40tPBuUM =vRqk -----END PGP SIGNATURE-----
If the connection is still active, you can use a combination of 'netstat -na' and/or 'lsof -nP -i4' to find the process owning the connection. If it isn't, it will be difficult to track down without fancier logging/capturing tools. You mentioned remote mounts, but not what method (CIFS, NFS, etc). If it is NFS, pseudo-random ports are chosen for the client connections and may be your culprit.
-Mark -- Mr. Mark V. Stodola Senior Control Systems Engineer National Electrostatics Corp. P.O. Box 620310 Middleton, WI 53562-0310 USA Phone: (608) 831-7600 Fax: (608) 831-9591
