Hello All,
I am back to using Etch-Kde and while the machine is idle, it shows occasional net activity. Netstat shows the following entries posted below. Why are bbc, rocky-mountain, steffani and such sites being contacted? How do I disable this?
Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 debian.local:60323 rocky-mountain.cs:27644 ESTABLISHED tcp 1 0 debian.local:50722 steffani.debian.org:www CLOSE_WAIT tcp 1 0 debian.local:54730 ns24102.ovh.net:www CLOSE_WAIT tcp 15 0 debian.local:54256 rocky-mountain.csai:ftp CLOSE_WAIT tcp 1 0 debian.local:34230 ftp.de.debian.org:www CLOSE_WAIT tcp 0 0 debian.local:34116 linux.csie.nctu.edu:www ESTABLISHED
tcp 0 0 debian.local:60323 rocky-mountain.cs:27644 ESTABLISHED tcp 1 0 debian.local:50722 steffani.debian.org:www CLOSE_WAIT tcp 1 1 debian.local:36845 hk-in-f104.google.c:www LAST_ACK tcp 1 1 debian.local:32853 newslb306.telhc.bbc:www LAST_ACK tcp 1 0 debian.local:54730 ns24102.ovh.net:www CLOSE_WAIT tcp 15 0 debian.local:54256 rocky-mountain.csai:ftp CLOSE_WAIT tcp 1 0 debian.local:34230 ftp.de.debian.org:www CLOSE_WAIT tcp 0 0 debian.local:34116 linux.csie.nctu.edu:www ESTABLISHED
On Feb 1, 2008 1:54 PM, Rony wrote:
Hello All,
I am back to using Etch-Kde and while the machine is idle, it shows occasional net activity. Netstat shows the following entries posted below. Why are bbc, rocky-mountain, steffani and such sites being contacted? How do I disable this?
<snip>
-- Regards,
Rony.
Try netstat --program to list the PID & name of the process owning the connection
On Feb 1, 2008 11:49 PM, osric fernandes osric.fernandes@gmail.com wrote:
On Feb 1, 2008 1:54 PM, Rony wrote:
Hello All,
I am back to using Etch-Kde and while the machine is idle, it shows occasional net activity. Netstat shows the following entries posted below. Why are bbc, rocky-mountain, steffani and such sites being contacted? How do I disable this?
<snip> > -- > Regards, > > Rony.
Try netstat --program to list the PID & name of the process owning the connection
And how do you tear down a connection? I see this from netstat --program.
frodo@ZION:~$ sudo netstat --program Password: Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 1 ZION.local:51051 www.flickr.vip.mud.:www LAST_ACK - tcp 0 0 ZION.local:34757 wr-in-f19.google.co:www ESTABLISHED3246/firefox-bin ...
The connection to www.flickr.vip.mud.:www looks suspicious. How do I remove it?
Regards, Mohan S N
Sorry for the top post. (blackberry again.)
Kill the offending program, ofcourse. --
This too shall pass.
-----Original Message----- From: Mohan Nayaka mohansn@gmail.com
Date: Sat, 02 Feb 2008 18:21:35 To:"GNU/Linux Users Group, Mumbai, India" linuxers@mm.glug-bom.org Subject: Re: [ILUG-BOM] Unwanted Connections
On Feb 1, 2008 11:49 PM, osric fernandes osric.fernandes@gmail.com wrote:
On Feb 1, 2008 1:54 PM, Rony wrote:
Hello All,
I am back to using Etch-Kde and while the machine is idle, it shows occasional net activity. Netstat shows the following entries posted below. Why are bbc, rocky-mountain, steffani and such sites being contacted? How do I disable this?
<snip> > -- > Regards, > > Rony.
Try netstat --program to list the PID & name of the process owning the connection
And how do you tear down a connection? I see this from netstat --program.
frodo@ZION:~$ sudo netstat --program Password: Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 1 ZION.local:51051 www.flickr.vip.mud.:www LAST_ACK - tcp 0 0 ZION.local:34757 wr-in-f19.google.co:www ESTABLISHED3246/firefox-bin ...
The connection to www.flickr.vip.mud.:www looks suspicious. How do I remove it?
Regards, Mohan S N
On Feb 2, 2008 6:21 PM, Mohan Nayaka wrote:
And how do you tear down a connection? I see this from netstat --program.
frodo@ZION:~$ sudo netstat --program Password: Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 1 ZION.local:51051 www.flickr.vip.mud.:www LAST_ACK - tcp 0 0 ZION.local:34757 wr-in-f19.google.co:www ESTABLISHED3246/firefox-bin ...
The connection to www.flickr.vip.mud.:www looks suspicious. How do I remove it?
Regards, Mohan S N
In case of the connection to www.flickr.vip.mud.:www, the state is LAST_ACK which means "The remote end has shut down, and the socket is closed. Waiting for acknowledgement." Since the socket is already closed, you don't have the PID listed.
osric fernandes wrote:
On Feb 1, 2008 1:54 PM, Rony wrote:
Hello All,
I am back to using Etch-Kde and while the machine is idle, it shows occasional net activity. Netstat shows the following entries posted below. Why are bbc, rocky-mountain, steffani and such sites being contacted? How do I disable this?
Try netstat --program to list the PID & name of the process owning the connection
An update to the query. I removed all extra themes that I had put in Iceweasel ( Firefox ) and Icedove ( Thunderbird ) and now the situation is better.
tcp 15 0 debian.local:58466 rocky-mountain.csai:ftp CLOSE_WAIT 4064/ftp tcp 0 0 debian.local:40620 linux.csie.nctu.edu:www ESTABLISHED4068/http tcp 0 0 debian.local:49865 rocky-mountain.cs:36253 ESTABLISHED4064/ftp tcp 1 0 debian.local:37232 steffani.debian.org:www CLOSE_WAIT 4067/http tcp 1 0 debian.local:34737 ftp.de.debian.org:www CLOSE_WAIT 4065/http tcp 1 0 debian.local:34737 ftp.de.debian.org:www CLOSE_WAIT 4065/http tcp 1 0 debian.local:39468 ns24102.ovh.net:www CLOSE_WAIT 4066/http
Why are programs like http and ftp accessing websites on their own?
On Feb 3, 2008 2:00 PM, Rony wrote:
An update to the query. I removed all extra themes that I had put in Iceweasel ( Firefox ) and Icedove ( Thunderbird ) and now the situation is better.
tcp 15 0 debian.local:58466 rocky-mountain.csai:ftp CLOSE_WAIT 4064/ftp tcp 0 0 debian.local:40620 linux.csie.nctu.edu:www ESTABLISHED4068/http tcp 0 0 debian.local:49865 rocky-mountain.cs:36253 ESTABLISHED4064/ftp tcp 1 0 debian.local:37232 steffani.debian.org:www CLOSE_WAIT 4067/http tcp 1 0 debian.local:34737 ftp.de.debian.org:www CLOSE_WAIT 4065/http tcp 1 0 debian.local:34737 ftp.de.debian.org:www CLOSE_WAIT 4065/http tcp 1 0 debian.local:39468 ns24102.ovh.net:www CLOSE_WAIT 4066/http
Why are programs like http and ftp accessing websites on their own?
Try ps --pid 4064 4065 4066 4067 4068
osric fernandes wrote:
On Feb 3, 2008 2:00 PM, Rony wrote:
An update to the query. I removed all extra themes that I had put in Iceweasel ( Firefox ) and Icedove ( Thunderbird ) and now the situation is better.
tcp 15 0 debian.local:58466 rocky-mountain.csai:ftp CLOSE_WAIT 4064/ftp tcp 0 0 debian.local:40620 linux.csie.nctu.edu:www ESTABLISHED4068/http tcp 0 0 debian.local:49865 rocky-mountain.cs:36253 ESTABLISHED4064/ftp tcp 1 0 debian.local:37232 steffani.debian.org:www CLOSE_WAIT 4067/http tcp 1 0 debian.local:34737 ftp.de.debian.org:www CLOSE_WAIT 4065/http tcp 1 0 debian.local:34737 ftp.de.debian.org:www CLOSE_WAIT 4065/http tcp 1 0 debian.local:39468 ns24102.ovh.net:www CLOSE_WAIT 4066/http
Why are programs like http and ftp accessing websites on their own?
Try ps --pid 4064 4065 4066 4067 4068
At that time itself, the processes had finished so no entry was available.
On Feb 4, 2008 1:37 PM, Rony gnulinuxist@gmail.com wrote:
osric fernandes wrote:
On Feb 3, 2008 2:00 PM, Rony wrote:
An update to the query. I removed all extra themes that I had put in Iceweasel ( Firefox ) and Icedove ( Thunderbird ) and now the situation is better.
tcp 15 0 debian.local:58466 rocky-mountain.csai:ftp CLOSE_WAIT 4064/ftp tcp 0 0 debian.local:40620 linux.csie.nctu.edu:www ESTABLISHED4068/http tcp 0 0 debian.local:49865 rocky-mountain.cs:36253 ESTABLISHED4064/ftp tcp 1 0 debian.local:37232 steffani.debian.org:www CLOSE_WAIT 4067/http tcp 1 0 debian.local:34737 ftp.de.debian.org:www CLOSE_WAIT 4065/http tcp 1 0 debian.local:34737 ftp.de.debian.org:www CLOSE_WAIT 4065/http tcp 1 0 debian.local:39468 ns24102.ovh.net:www CLOSE_WAIT 4066/http
Why are programs like http and ftp accessing websites on their own?
Try ps --pid 4064 4065 4066 4067 4068
At that time itself, the processes had finished so no entry was available.
--
I have to ask at this point. Have you considered the possibility of an debian update program trying to contact and download the package update catalog from the mirrors ?
regards, C
Chetan S wrote:
Why are programs like http and ftp accessing websites on their own?
Try ps --pid 4064 4065 4066 4067 4068
At that time itself, the processes had finished so no entry was available.
--
I have to ask at this point. Have you considered the possibility of an debian update program trying to contact and download the package update catalog from the mirrors ?
regards, C
I did have the auto update checker running. I removed it from startup and now things look ok. I feel the BBC and other stuff came from the browser and email themes.
-
Chetan S -
Gabin Kattukaran -
Mohan Nayaka -
osric fernandes -
Rony