You are not logged in.
Heya,
I have some questions about some straneg behaviour:
I'm (almost) up-to-date with the testing repository.
When I launch "ggv" I see it tries to open my "/etc/passwd" read-only(saw it using strace). It spawns defunct ssh-connections.
When I do a "netstat -p" I have the following connections:
tcp 0 0 83-134-111-101.Has:1301 freedback.com:ftp ESTABLISHED 5679/ggv
tcp 0 0 83-134-111-101.Has:1338 213.244.183.199:www TIME_WAIT -
tcp 1 1 83-134-111-101.Has:1318 archlinux.org:www LAST_ACK -
tcp 0 0 83-134-111-101.Has:1327 213.52.215.131:www ESTABLISHED 5726/firefox-bin
tcp 0 0 83-134-111-101.Has:1293 66.102.11.99:www TIME_WAIT -
tcp 0 0 83-134-111-101.Has:1307 66.102.11.99:www TIME_WAIT -
tcp 0 0 83-134-111-101.Has:1326 66.102.11.99:www ESTABLISHED 5726/firefox-bin
tcp 0 0 83-134-111-101.Has:1325 66.102.11.99:www ESTABLISHED 5726/firefox-bin
tcp 0 0 83-134-111-101.Has:1296 lumumba.luc.ac.be:ftp ESTABLISHED 5679/ggv
tcp 0 468 83-134-111-101.Has:1311 lumumba.luc.ac.be:www LAST_ACK -
tcp 1 1 83-134-111-101.Has:1322 lumumba.luc.ac.be:www LAST_ACK -
Firefox is the only internet-program I have open. The lumumba-stuff is maybe from the gnome-desktop, although I used to use ftp, now I'm using sftp with gnome-destop or ssh.
Which worries me the most is the connection to "freedback.com".
Any thoughts on this?
Thanks,
Michel
Offline
Why do I have a ftp-connection to freedback.com for archlinux-stuff?
I did another "netstat -p":
tcp 0 0 83-134-111-101.Has:1353 freedback.com:ftp ESTABLISHED 5726/firefox-bin
tcp 15 0 83-134-111-101.Has:1301 freedback.com:ftp CLOSE_WAIT 5679/ggv
tcp 0 0 83-134-111-101.Has:1350 66.102.11.99:www ESTABLISHED 5726/firefox-bin
tcp 69 0 83-134-111-101.Has:1296 lumumba.luc.ac.be:ftp CLOSE_WAIT 5679/ggv
Why the connection from ggv to freedback.com?
The connection from firefox is normal: I checked to see what seems to be on the ftp/http-server on that address.
tx,
Michel
Offline
It's interesting to see somebody else with weird internet connections. I am running Arch behind a "dial-on-demand"-router and have sometimes noticed the router dialing, without any reason (like on startup).
It seemed to be DNS-requests, so I figured that my DNS/hosts setup was wrong, but I can't find any mistake. I will try netstat when I come home, though I don't use ggv.
Offline
OK, I have had a look with netstat and noticed a few strange connections, that Firefox requested, when I started it (without viewing any website):
udp 0 0 192.168.1.2:32775 192.168.1.1:domain ESTABLISHED 3736/firefox-bin
tcp 0 474 192.168.1.2:32831 reptile.mozilla.osu:www ESTABLISHED 3736/firefox-bin
tcp 0 1 192.168.1.2:32932 news.bbc.co.uk:www SYN_SENT 4071/firefox-bin
tcp 0 0 192.168.1.2:32932 news.bbc.co.uk:www ESTABLISHED 4071/firefox-bin
tcp 1 0 192.168.1.2:32831 reptile.mozilla.osu:www CLOSE_WAIT 3736/firefox-bin
tcp 0 1 192.168.1.2:32848 news.bbc.co.uk:www LAST_ACK -(192.168.1.2 is my PC, 192.168.1.1 is my router)
Why does Firefox connect to these sites?
Can anybody recommend a tool to monitor which processes request network connections (and to which addresses/ports)?
I am getting a little tired of all this network activity. I have the same problems with kprinter (the KDE print dialog) for example. It makes my router connect (DNS lookup?), although netstat only shows
tcp 0 0 frank:32945 frank:631 TIME_WAIT -
(frank is my localhost)
I have changed my /etc/hosts for many times, but nothing improved. Is anything wrong with the following /etc/hosts?
127.0.0.1 frank localhost.localdomain localhost This is something I had always hated under Windows... these network connections that you don't know where they come from. If anybody could help me with this, I would be very grateful.
Offline
The bbc connections are for the Newest Headlines live bookmark.
Im guessing for the reptile.mozilla.osu maybe the Firefox check for updates functionality?
Offline
Ahh... how silly of me. Of course, bbs.co.uk was the Latest-Headlines-Newsfeed. And the reptile.mozilla.osu disappeared as well when I deleted the "Latest Headlines"-Bookmark (automatic search for updates had been disabled already, so that can't be the cause). So firefox is fine now :-)
But for my understanding... should programs like kprinter (of course except firefox, mail program etc.) send DNS requests into my LAN or is this some misconfiguration of my system? And as above, is there some monitor tool to investigate that?
Thanks!
Offline
I would like to know why ggv spawns this connection:
tcp 0 0 83-134-111-101.Has:1301 freedback.com:ftp ESTABLISHED 5679/ggvand I think it also spawn defunct ssh-sessions,. The ssh-stuff may come from gnome-vfs, but the above I can't explain.
I think I never visited that website before I found it in the ggv-netstat-listing ...
tx,
Michel
Offline
About GGV:
I'm not sure why its connecting, but ftp://freedback.com seems to be an arch repository as I just ftp'd into that address and its got all the arch stuff there...
I checked the ggv PKGBUILD file and I didn't see anything mentioning freedback.com...
<edit>
When I launch GGV it does not connect to freedback. By any chance did you use freedback as a arch repository just before launching GGV? Connectinos linger around for a bit even after the application that you used to connect is no longer open...
</edit>
Seeing how it is a gnome app, some kind of check for updates would point to ftp.gnome.org I would guess...
Anyone else got any ideas?
As for kprinter, sorry, I use gnome...
Offline
I completely reinstalled arch a week or so ago and ggv doesn't seem to have the problem at the moment ... although it did have it last week or so (mayeb there was an update?) I believe since I tried it then and decided not to use it anymore ...
However, when the problem comes back I'll repost some results.
As far as I know I never went to freedback.com beofre seeing it in netstat. And if I viewed it using firefox, then it still puzzles me why ggv should open a connection to that location.
Michel
Offline