Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
This package seems to be a remote video search engine, and a quick google seems to indicate other people also complaining about unwanted network connections. I'm not sure what TCP packets without a previous SYN could be, though. What does "netstat -atulpen" show for this process?
What's a 'remote video search engine' ? Is it some kind of software that searches additional information about the video that is being played ? In that case, which video player is it bound to ? I did that netstat command but it [edit:its output] raised too many suspicions so I uninstalled it [edit:the unity-scope-video-remote package] in the meantime. But I remember that the IP to which it was connected belonged to canonical (port 80), and that it was not in a established state (something like 'CLOSE_WAIT' maybe, I'm not sure anymore, sorry), which is something my firewall picked up too, and why it raised the alert.
If you don't like this, you can uninstall it with:
Code:
sudo apt-get remove unity-scope-video-remote
Regarding netstat, what do you mean by "it raised too many suspicions"? It is a standard tool on all Unix installations, and I'd strongly recommend against uninstalling it in most cases. See https://en.wikipedia.org/wiki/Netstat for more information on it.
On the TCP connection, CLOSE_WAIT represents waiting for a connection termination request acknowledgment from the remote TCP, i.e. your machine has requested that the connection be closed, and is waiting for the remote server (Canonical) to acknowledge this. A SYN flag must have been set on earlier packets to establish the connection first.
What I meant is that the output of that netstat command were suspicious (unknown and unwanted connection to canonical, phone home or whatever) and made me remove the package, which is what I did using the command line you just gave. A SYN flag was not sent, this is what iptables warned me about: The firewall allows all outgoing traffic as long as it was initiated before. This was not the case, hence the packet was dropped and raised the alert.
Thank you for the description link of that unity feature. Upon Reading it, I still don't understand why it would require a continuous TCP connection to canonical servers, rather than just one when the query is made. In any case, this is not a feature I want, if I want to go to youtube, I'd rather use my web browser than a commercial built in search engine that doesn't even display real youtube.
So I had uninstalled that package, and I won't reinstall it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
