Security and Intrusions

Ray Parrish crp at cmc.net
Thu Jan 15 19:37:14 UTC 2009 

NoOp wrote:
> On 01/14/2009 08:59 PM, Ray Parrish wrote:
>   
>> Chris Mohler wrote:
>>     
>
>   
>>> The 'etherape' program will show you a graphic real-time display of
>>> LAN usage.  Also, the 'mtr' command can help determine a bottleneck
>>> outside of your LAN.
>>>
>>> I think there's a bug int he etherape package - if you run it from the
>>> menu it cannot open any interaces.  You have to either run it via sudo
>>> in a terminal (sudo etherape), or edit the menu item and make the
>>> command 'gksudo etherape' instead of just 'etherape'.
>>>
>>> HTH,
>>> Chris
>>>
>>>   
>>>       
>> You guys rock! I'm now using etherape, and it has gone a long way 
>> towards relieving my mind on what is connected to my computer. I am also 
>> surprised at the number of servers one web page will use to serve up a 
>> page sometimes.
>>
>>     
>
> Keep in mind that etherape captures to memory, so the longer you run it
> the more memory it consumes. However, you can use tcpdump to dump the
> data to a file for a brief while, then replay the data in etherape. See:
>
> http://articles.techrepublic.com.com/5100-10878_11-5031581.html
> [Reading from files and remote networks]
>
> and
>
> http://openmaniak.com/tcpdump.php
>
> So, for example:
>
> sudo tcpdump -n -w test
>
> will write the dump file to 'test'. You can then open up etherape and
> File|Open and select the 'test' file & etherape will replay the events
> from that file.
>
> Side note: If you ssh into your kid's computer, run tcpdump (assuming
> you have an account there with sudo capability), copy the file & play it
> back for him/her in etherape and you can show them 'graphically' what
> they connected to over a period of time. Obviously more fun than just
> showing them router logs...
>
>
>
>
>
>   
Thanks again for the information. I've been monitoring with EtherApe for 
a couple of hours today and it doesn't seem to be causing any problems 
with memory so far. I've just installed tcpdump however.

One connection I saw today is the only one which worried me a bit. It 
resolved to simply "en" as a domain name. I doubl clicked it and got the 
ip address and saw that my machine had sent 239 kilobytes to this 
connection. A whois search on the ip address returned no data available, 
so I plugged the ip into my browser location bar and it took me to the 
following url -

<http://www.mozilla.com/en-US/>

This is the download page for the Linux version of Firefox. Why the heck 
is Mozilla grabbing over a quarter meg of data from me? I could see a 
few kb to check for upgrades, but 239K? That's quite a bit.

Later, Ray Parrish

-- 
http://www.rayslinks.com/ Web index of human reviewed links.
<http://www.rayslinks.com/Troubleshooting%20and%20fixing%20Windows.html>
Trouble shooting and Fixing Windows
http://www.writingsoftheschizophrenic.com My poetry in web pages

More information about the ubuntu-users mailing list