hi,

i typed in netstat command, and the screen shows me the result like this

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 268 192.168.1.100:ssh cpc1-nott2-5-0-cus:1436 ESTABLISHED
tcp 0 0 192.168.1.100:http 12.119.251.194:15786 TIME_WAIT
tcp 0 0 192.168.1.100:http 12.119.251.194:16999 TIME_WAIT
tcp 0 0 192.168.1.100:http 12.119.251.194:21849 ESTABLISHED
tcp 0 83464 192.168.1.100:33008 hyper.physics.not:41930 ESTABLISHED
tcp 0 16616 192.168.1.100:http 12.119.251.194:19405 ESTABLISHED
tcp 0 0 192.168.1.100:33002 hyper.physics.nott:2121 ESTABLISHED

i'm not sure what "hyper.physics.not:41930" doing on my computer, have i been hacked? what is it doing on port 33008 and 33002, can anyone here please help me what it is???

Got any apps that use the net open at this time? Doubt that your getting hacked though..

only vsftp, telnet, ssh, and apache running for network
so i don't know why

Have you tried netstat -anp this should show you what is running on that port.

yeah, i tried that as well

does anyone know where is the log file which it keeps all the login details, i think i'd better check that file, see if there is any intruders

/var/log/messages or you can use the command last to see log info.

Then what was the ouput of "netstat -anp". Also "fuser -n tcp port#" will show you the pid that has this port open. It looks like you connected on port 2121 to them and then the other connection might be related. You can also run "tcpdump -i eth0 port port#" to watch the data flow or write it to a file so you can view it with ethereal. "tcpdump -i eth0 port port# -w file.out -s 1500"