Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Yeah, I checked the XP machine and didn't find anything. I even wiped it and reloaded the machine just in case I happened to miss anything. The problem still occurs.
Wipe 'n restore ops may seem convenient but done w/o prior investigation just shows that it is not efficient.
How would you know exactly?
unSpawn, I did investigate the XP machine prior to wiping it. I didn't see anything on there scheduled to pull anything from that server. I wiped it and installed a base image used by hundreds of computers here to effectively say "if i did miss anything in my investigation, it is gone now". The motherboard and therefore on-board nic were even replaced as well.
I'm not sure how to identify the processes that could be doing this. I'm going to see if i can get wireshark going today, see if that tells me anything if i let it monitor overnight.
Some good, solid information coming out now; you've really been working on this. Just to complete the set, can you change the name of the workstation? Give another workstation the same name? It sounds as if you've already covered all the other variations on the workstation side.
Regards "I'm not sure how to identify the processes that could be doing this", that's not a problem; we can work through it. Are you on site when the transfers are happening? Meaning is this something we have to automate or will it be done interactively?
From the sound of it, this problem is important but not urgent so we can move steadily on it, no rush ... ?
Some good, solid information coming out now; you've really been working on this. Just to complete the set, can you change the name of the workstation? Give another workstation the same name? It sounds as if you've already covered all the other variations on the workstation side.
Regards "I'm not sure how to identify the processes that could be doing this", that's not a problem; we can work through it. Are you on site when the transfers are happening? Meaning is this something we have to automate or will it be done interactively?
From the sound of it, this problem is important but not urgent so we can move steadily on it, no rush ... ?
Yeah, I tried troubleshooting with everything I knew before I posted here. I read a lot of posts on here where someone doesn't even try before posting, I know how that's irritating on some windows forums I help out on.
I think I might give Wireshark a go tonight since I didn't set it up right on Friday, then after looking at that info, will try renaming it to see what happens. I'd love to know what kind of traffic is going and I'm afraid if i rename it now i won't capture that tonight.
The transfers are happening when i'm offsite, and hopefully sleeping, its on a computer the late crew uses. You are right, important but not urgent, its been happening for over a year, which was before I started working here, so they can live with it for a while longer haha.
UsersName pts/0 ComputerName. Sun Feb 28 21:31 - 21:38 (00:07)
but that username isn't who uses that workstation, its someone who uses another xp workstation, but they also have an ssh account on the server as well. I'm not sure what that file is for or what it shows.
and also, i just noticed the date, its from over a month ago.
Also, because its showing the ComputerName in there of that workstation, does that mean it was the actual computer name at that time, or just whatever the IP is resolving to now? I'm wondering if that other user really made an SSH connection from this problem workstation, or if he did it from an IP that's changed because of DHCP but is now resolving to the IP of that problem machine by coincidence?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.