On 12/2/20 9:11 PM, Ed Greshko wrote:
I think this would be easier for you to capture network traffic at
this
time......
With a quite system, open a terminal and as root use the following to
capture some packets....
tcpdump -c 500 port 22 -w cap.pcap
This will capture 500 packets and then exit. Post the cap.pcap file.
I done it. But after 35+ minutes, I terminated it. The resulting
cap.pcap is attached. If you want something else/more, let me know. I
don't understand much of what I see in wireshark. What I gather is:
* 3 packets were captured.
* the first was a tcp from 45.138.37.21 to 24.128.103.197. whois claims
it's from somewhere in the Netherlands to 24.128.103.197, whois claims
that's comcast.
* the second was a tcp from 81.161.63.253 to 24.128.103.197. whois
claims it's from Moscow, Russia to 24.128.103.197,
* the third was a tcp from 162.142.125.30 to 24.128.103.197. whois
claims it's from Ann Arbor, Michigan to 24.128.103.197,
Based on what I sent to Samuel a little while ago, the destination ip
address is actually me. The "info" column and the bottom part of the
display (hexadecimal) make no sense to me. Why is the first entry (from
the Netherlands) in the top part highlighted red?