LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-21-2017, 07:09 AM   #1
platypo
Member
 
Registered: Sep 2015
Distribution: Debian, Archlinux
Posts: 140

Rep: Reputation: Disabled
Outgoing Traffic


Hello. I've routed my Internet connection through a gateway machine. Desktop-pc has Debian8, Router runs on a minimalistic archlinux distro.
I recently thought it would be interesting to view all outgoing traffic from my PC. After a fresh reboot of both machines i switched off the internet-inteface of the router and started tcpdump on the lan-interface.
Besides ntp and other connections there were dns-requests for pages i often visit and traffic to strange ip adresses without firefox or any other application running. Turned out they belong to facebook, amazon and some other weird networks (such as 1e100.net). So i wanted to find the Process/job/thread thats the origin of this traffic and ran 'netstat -wtp' as root on the debian machine with no special result except for example:
Code:
tcp        0      0 192.168.1.0:59440       a23-37-43-27.deplo:http TIME_WAIT   -
where '-' is where usually the process name/id should stand.
Any idea of how to make this visible?
I consider to configure the firewall to filter outgoing traffic as well and don't know what connections are vital for the system to work and what not, does anybody have experience with such issues?
Thanks.

Last edited by platypo; 01-21-2017 at 07:18 AM.
 
Old 01-22-2017, 04:25 PM   #2
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Quote:
Originally Posted by platypo View Post
Turned out they belong to facebook, amazon and some other weird networks (such as 1e100.net).
Red-herring IMO.
But
1e100.net is a Google-owned domain name used to identify the servers in our network.
 
Old 01-22-2017, 05:22 PM   #3
platypo
Member
 
Registered: Sep 2015
Distribution: Debian, Archlinux
Posts: 140

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Habitual View Post
Red-herring IMO.
Do you mean the figured speech or is this some sort of malware?
I can post the output if you want i saved it.

Edit: and is ther any way to make the origin of these requests visible?

Last edited by platypo; 01-22-2017 at 05:29 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Redirect outgoing traffic harish.golwilkar Solaris / OpenSolaris 6 04-07-2015 05:02 AM
Block Outgoing HTTP traffic joemon83 Linux - Security 7 05-21-2010 12:19 PM
filter outgoing traffic with tcpdump m4rtin Linux - Networking 3 05-14-2010 02:42 AM
Traffic shaping (limiting outgoing bandwidth of all TCP-traffic except FTP/HTTP) ffkodd Linux - Networking 3 10-25-2008 01:09 AM
Intercept outgoing traffic through a firewall???? macburton Linux - Security 1 10-17-2004 02:10 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration