You are not logged in.
Recently in the last few days I have been noticing on my Conky's Port monitor that a Roger's address (something like o1287YI.rogers.com), a Virgin mobile address, and a shaw address have been making active connections to my box on the most obscure port (in the range between like 25000-27000). These appear even when I am not running a web browser.
Would they be doing any harm? If so how do I kick them off?
I would post screenshots, but the image functions require that they be uploaded somewhere on the web.
Edit: Note that conky lists them as an "Outgoing connection". What the...?
Scott
Last edited by Scotty (2010-10-04 03:25:45)
Offline
Can/t you copy/paste some output e.g. netstat instead of a screenshot? It's just text.
lsof can help here - read the man page for details.
Offline
When conky is showing the connection, run this as root:
netstat -tp | egrep '(rogers|virgin|shaw)
This will show you which process is making the connection.
Are you torrent'ing by any chance?
Last edited by fukawi2 (2010-10-02 08:28:57)
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
When conky is showing the connection, run this as root:
netstat -tp | egrep '(rogers|virgin|shaw)
This will show you which process is making the connection.
Are you torrent'ing by any chance?
Not torrenting, and I had to install netstat (pacman -S netstat-nat)
When I try to run the netstat command, all I get is this:
~$nestat -tp | egrep '(rogers|virgin|shaw)'
>(presses enter because nothing is happening)
>
ctrl^C
~$
Last edited by Scotty (2010-10-03 17:07:25)
Offline
It could take a while to run because it will need to resolve the hostnames of all the IP addresses. If there are alot of connections, the longer it will take.
You can use the -n option to avoid this, but then the grep wont work because there will only be IP addresses.
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
Without grep:
[root@Scott-Desktop scott]# netstat -tp
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.1.96:51985 checkip-ams.dy:www-http TIME_WAIT -
tcp 0 116 192.168.1.96:52000 checkip-ams.dy:www-http ESTABLISHED 24360/wget
tcp 0 0 192.168.1.96:59166 checkip-ewr.dy:www-http TIME_WAIT -
tcp 0 0 192.168.1.96:46176 checkip-pao.dy:www-http TIME_WAIT -
tcp 0 0 192.168.1.96:51975 checkip-ams.dy:www-http TIME_WAIT -
tcp 0 0 192.168.1.96:46122 checkip-pao.dy:www-http TIME_WAIT -
tcp 0 0 192.168.1.96:59173 checkip-ewr.dy:www-http TIME_WAIT -
tcp 0 0 192.168.1.96:46141 checkip-pao.dy:www-http TIME_WAIT -
tcp 0 0 192.168.1.96:51947 checkip-ams.dy:www-http TIME_WAIT -
tcp 0 0 192.168.1.96:44781 bas1-montreal48-1:46472 ESTABLISHED 21967/skype
tcp 0 0 192.168.1.96:59163 checkip-ewr.dy:www-http TIME_WAIT -
tcp 0 0 192.168.1.96:46165 checkip-pao.dy:www-http TIME_WAIT -
tcp 181 0 ::ffff:192.168.1.:54783 ::ffff:142.33.96.:https CLOSE_WAIT 22538/java
tcp 181 0 ::ffff:192.168.1.:54868 ::ffff:142.33.96.:https CLOSE_WAIT 22538/java
tcp 181 0 ::ffff:192.168.1.:54685 ::ffff:142.33.96.:https CLOSE_WAIT 22538/java
tcp 181 0 ::ffff:192.168.1.:54872 ::ffff:142.33.96.:https CLOSE_WAIT 22538/java
tcp 181 0 ::ffff:192.168.1.:54871 ::ffff:142.33.96.:https CLOSE_WAIT 22538/java
tcp 181 0 ::ffff:192.168.1.:54869 ::ffff:142.33.96.:https CLOSE_WAIT 22538/java
tcp 181 0 ::ffff:192.168.1.:54676 ::ffff:142.33.96.:https CLOSE_WAIT 22538/java
tcp 181 0 ::ffff:192.168.1.:54857 ::ffff:142.33.96.:https CLOSE_WAIT 22538/java
tcp 181 0 ::ffff:192.168.1.:54675 ::ffff:142.33.96.:https CLOSE_WAIT 22538/java
[root@Scott-Desktop scott]# killall skype
[root@Scott-Desktop scott]# netstat -tp
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.1.96:52012 checkip-ams.dy:www-http TIME_WAIT -
tcp 0 0 192.168.1.96:52014 checkip-ams.dy:www-http TIME_WAIT -
tcp 1 0 192.168.1.96:38824 192.168.1.254:www-http CLOSE_WAIT 12680/chromium
tcp 0 0 192.168.1.96:44781 bas1-montreal48-1:46472 TIME_WAIT -
tcp 0 116 192.168.1.96:52032 checkip-ams.dy:www-http ESTABLISHED 24456/wget
tcp 181 0 ::ffff:192.168.1.:54783 ::ffff:142.33.96.:https CLOSE_WAIT 22538/java
tcp 181 0 ::ffff:192.168.1.:54868 ::ffff:142.33.96.:https CLOSE_WAIT 22538/java
tcp 181 0 ::ffff:192.168.1.:54685 ::ffff:142.33.96.:https CLOSE_WAIT 22538/java
tcp 181 0 ::ffff:192.168.1.:54872 ::ffff:142.33.96.:https CLOSE_WAIT 22538/java
tcp 181 0 ::ffff:192.168.1.:54871 ::ffff:142.33.96.:https CLOSE_WAIT 22538/java
tcp 181 0 ::ffff:192.168.1.:54869 ::ffff:142.33.96.:https CLOSE_WAIT 22538/java
tcp 181 0 ::ffff:192.168.1.:54676 ::ffff:142.33.96.:https CLOSE_WAIT 22538/java
tcp 181 0 ::ffff:192.168.1.:54857 ::ffff:142.33.96.:https CLOSE_WAIT 22538/java
tcp 181 0 ::ffff:192.168.1.:54675 ::ffff:142.33.96.:https CLOSE_WAIT 22538/java
[root@Scott-Desktop scott]# netstat -tp
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.1.96:44781 bas1-montreal48-1:46472 TIME_WAIT -
tcp 0 116 192.168.1.96:52032 checkip-ams.dy:www-http ESTABLISHED 24456/wget
tcp 181 0 ::ffff:192.168.1.:54783 ::ffff:142.33.96.:https CLOSE_WAIT 22538/java
tcp 181 0 ::ffff:192.168.1.:54868 ::ffff:142.33.96.:https CLOSE_WAIT 22538/java
tcp 181 0 ::ffff:192.168.1.:54685 ::ffff:142.33.96.:https CLOSE_WAIT 22538/java
tcp 181 0 ::ffff:192.168.1.:54872 ::ffff:142.33.96.:https CLOSE_WAIT 22538/java
tcp 181 0 ::ffff:192.168.1.:54871 ::ffff:142.33.96.:https CLOSE_WAIT 22538/java
tcp 181 0 ::ffff:192.168.1.:54869 ::ffff:142.33.96.:https CLOSE_WAIT 22538/java
tcp 181 0 ::ffff:192.168.1.:54676 ::ffff:142.33.96.:https CLOSE_WAIT 22538/java
tcp 181 0 ::ffff:192.168.1.:54857 ::ffff:142.33.96.:https CLOSE_WAIT 22538/java
tcp 181 0 ::ffff:192.168.1.:54675 ::ffff:142.33.96.:https CLOSE_WAIT 22538/java
It appears the offender was Skype. Killing it has made the connection go away now.
But why the heck was Skype doing that?
Last edited by Scotty (2010-10-04 00:38:20)
Offline
I think skype uses some sketchy P2P stuff
Offline
I think skype uses some sketchy P2P stuff
Damn it...as long as it is not putting anything on my box or sucking up my CPU resources...
Edit: Having a look here:
http://www.skype.com/intl/en-us/support … explained/
makes me understand. Good, problem solved
Last edited by Scotty (2010-10-04 03:25:01)
Offline