On Thu, 13 Sep 2001, Tam McLaughlin wrote:
> It's a network traffic analyser that displays info on a web browser.
> It's supposed to be similar but faste than ntop but I have never used
> ntop so I do not know.
Tried to use ntop once. It did nasty things to my gterm, so I stopped
using it. I'd try ethereal and/or etherape.
> > Are these the two NT servers? What type of communication? Have you done
> > DNS requests/traceroutes on the IP addresses?
>
> These were 2 linux boxes. I tried www.whois but could only find that the
> address range was assigned to some company that cannot remember. The data
> was
> running over udp port 1519 which I have now blocked at the firewall.
You can do something like:
netstat --tcp
to list open sockets (with a "-a" option for listening sockets too). Then
do:
lsof|grep IPv4|grep 1519
on the machine to see which process is responsable for the traffic.
> > If you get the chance, try doing a DNS lookup on the IP addresses
> > (nslookup <IP address>). If it doesn't resolve to something.microsoft.com
> > (or something equally obvious) then its probably bad. If it does resolve
> > to .microsoft.com then it could still be bad (e.g. via DNS poisoning), but
> > its less likely.
> >
> one of the IP addresses resolves to something like MICROSOFT-DS.MCAST.net.
Probably multicast, then.
Could be Network Time Protocol traffic from the ntpd program (aka xntp3)
> Well I have now rewritten it from advice from some of the developers who
> can also clearly see whats going on. In fact they have been kept in the dark
> about this when they are the ones who should be giving advice on how to
> integrate a unix/informix system with this new one.
Cool.
I think Colin's email had loads of good advice, esp. on how to structure
your comments ..
Cheers,
Paul.
------------------------------------------------------------------------------
Paul Millar yo-yo, n. :
Particle Physics Theory Group Something that is occasionally
Department of Physics and Astronomy up but normally down.
University of Glasgow, (see also Computer)
Glasgow G12 8QQ, [EMAIL PROTECTED]
Scotland +44 (0)141 330 4717
------------------------------------------------------------------------------
--------------------------------------------------------------------
http://www.lug.org.uk http://www.linuxportal.co.uk
http://www.linuxjob.co.uk http://www.linuxshop.co.uk
--------------------------------------------------------------------
