On 03/12/2020 12:16, Samuel Sieb wrote:
On 12/2/20 8:11 PM, Ed Greshko wrote:
> On 03/12/2020 00:09, home user wrote:
>> (I sent this to the list three times in the past two days; it apparently never
arrived, and it did not bounce.)
>>
>> I rebooted, and did a few netstat's and an iftop while the workstation was
"quiet". I pasted output from 2 netstat runs into a text file.
>
> I think this would be easier for you to capture network traffic at this time......
>
> With a quite system, open a terminal and as root use the following to capture some
packets....
>
> tcpdump -c 500 port 22 -w cap.pcap
>
> This will capture 500 packets and then exit. Post the cap.pcap file.
That will only capture ssh traffic. What if it's not that? Also, the capture file
could contain some information that shouldn't be publicly shared.
I specifically chose to capture only ssh at this point. Sensitive info such as passwords
would not appear.
I picked ssh due to some of the output he already provided and the info he gave about
those types
of brute force attacks being stopped by the firewall and my suspicion that may not be
always the case.
I suppose if one is paranoid about posting their ip addresses they may be concerned.
Feel free to give your own suggestion.
---
The key to getting good answers is to ask good questions.