How to track unexpected network activity?
in [UK Mac]
|
From: Mark Bestley on 5 Dec 2009 20:02 Chris Ridd <chrisridd(a)mac.com> wrote: > On 2009-12-05 20:46:14 +0000, R said: > > > On Sat, 5 Dec 2009 19:34:09 +0000, Chris Ridd <chrisridd(a)mac.com> > > wrote: > > > >> The first hit for port 5204 was for some windows worm. MyDoom? No VMs > >> running? Run "lsof -i4:5204" to see what processes are doing the > >> talking. (The "4" is for IPv4.) > > > > My money's on iStatLocalDeamon :P > > That's 5109, but it is worth checking :-) Chris are you sure sudo lsof -i -P | grep 5204 output includes iStatLoca 44 root 4u IPv4 0x082b5740 0t0 TCP *:5204 (LISTEN) iStatLoca 44 root 7u IPv6 0x082b0bb0 0t0 TCP *:5204 (LISTEN) iStatLoca 44 root 8u IPv4 0x0b2fb6b0 0t0 TCP localhost:5204->localhost:50669 (ESTABLISHED) iStatLoca 44 root 9u IPv4 0x0d068b4c 0t0 TCP localhost:5204->localhost:50670 (ESTABLISHED) iStatLoca 44 root 10u IPv4 0x082b1a8c 0t0 TCP localhost:5204->localhost:50671 (ESTABLISHED) SystemUIS 228 mark 15u IPv4 0x0b2fd710 0t0 TCP localhost:50669->localhost:5204 (ESTABLISHED) SystemUIS 228 mark 16u IPv4 0x0b2fa274 0t0 TCP localhost:50670->localhost:5204 (ESTABLISHED) SystemUIS 228 mark 17u IPv4 0x082b2ec8 0t0 TCP localhost:50671->localhost:5204 (ESTABLISHED) So I think iStat as well plus from system.lg in bootup sequence Dec 5 10:10:48 localhost iStatLocalDaemon[44]: Waiting for connections on port 5204. -- Mark
From: Chris Ridd on 6 Dec 2009 03:40 On 2009-12-06 01:02:47 +0000, Mark Bestley said: > Chris Ridd <chrisridd(a)mac.com> wrote: > >> On 2009-12-05 20:46:14 +0000, R said: >> >>> On Sat, 5 Dec 2009 19:34:09 +0000, Chris Ridd <chrisridd(a)mac.com> >>> wrote: >>> >>>> The first hit for port 5204 was for some windows worm. MyDoom? No VMs >>>> running? Run "lsof -i4:5204" to see what processes are doing the >>>> talking. (The "4" is for IPv4.) >>> >>> My money's on iStatLocalDeamon :P >> >> That's 5109, but it is worth checking :-) > > Chris are you sure > > sudo lsof -i -P | grep 5204 > > output includes > iStatLoca 44 root 4u IPv4 0x082b5740 0t0 TCP > *:5204 (LISTEN) No, I just did a google for istatdaemon port and it suggested 5109. That's what the istatd source suggests is the default too: <http://code.google.com/p/istatd/source/browse/trunk/main.cpp> Is there another version of istatd? -- Chris
From: Mark Bestley on 6 Dec 2009 08:20 Chris Ridd <chrisridd(a)mac.com> wrote: > On 2009-12-06 01:02:47 +0000, Mark Bestley said: > > > Chris Ridd <chrisridd(a)mac.com> wrote: > > > >> On 2009-12-05 20:46:14 +0000, R said: > >> > >>> On Sat, 5 Dec 2009 19:34:09 +0000, Chris Ridd <chrisridd(a)mac.com> > >>> wrote: > >>> > >>>> The first hit for port 5204 was for some windows worm. MyDoom? No VMs > >>>> running? Run "lsof -i4:5204" to see what processes are doing the > >>>> talking. (The "4" is for IPv4.) > >>> > >>> My money's on iStatLocalDeamon :P > >> > >> That's 5109, but it is worth checking :-) > > > > Chris are you sure > > > > sudo lsof -i -P | grep 5204 > > > > output includes > > iStatLoca 44 root 4u IPv4 0x082b5740 0t0 TCP > > *:5204 (LISTEN) > > No, I just did a google for istatdaemon port and it suggested 5109. > That's what the istatd source suggests is the default too: > > <http://code.google.com/p/istatd/source/browse/trunk/main.cpp> > > Is there another version of istatd? Looks like it the one you give in the link is for "Serving statistics to the iStat iPhone application". The iStatLocalDaemon I have is from iStat Menus. -- Mark
From: Chris Ridd on 6 Dec 2009 08:27 On 2009-12-06 13:20:18 +0000, Mark Bestley said: >> No, I just did a google for istatdaemon port and it suggested 5109. >> That's what the istatd source suggests is the default too: >> >> <http://code.google.com/p/istatd/source/browse/trunk/main.cpp> >> >> Is there another version of istatd? > > Looks like it the one you give in the link is for "Serving statistics to > the iStat iPhone application". The iStatLocalDaemon I have is from iStat > Menus. Ah, so that mystery is solved. As is Jim's, I think! -- Chris
From: Jim on 8 Dec 2009 01:54 Jim <jim(a)magrathea.plus.com> wrote: > With no apps open, I'm still geting a small trickle of network activity > (as viewed by iStat Menus). This isn't normal. > > How can I find out what's causing this? The only new software recently > has been Transmission, which isn't running. > > netstat -p tcp isn't showing anything I'd personally get concerned by, > but for reference: > > uther:~ jim$ netstat -p tcp > Active Internet connections > Proto Recv-Q Send-Q Local Address Foreign Address > (state) > tcp4 0 0 localhost.5204 localhost.49359 > ESTABLISHED > tcp4 0 0 localhost.49359 localhost.5204 > ESTABLISHED > tcp4 0 0 localhost.5204 localhost.49358 > ESTABLISHED > tcp4 0 0 localhost.49358 localhost.5204 > ESTABLISHED > tcp4 0 0 localhost.5204 localhost.49357 > ESTABLISHED > tcp4 0 0 localhost.49357 localhost.5204 > ESTABLISHED Thanks for all the replies. The exact problem (at the time) was that not only was there a trickle of activity on iStat's menu, but there was also activity on the ADSL router as well. The Mac is on a 192.168.1.x network, and the ADSL router is on a 192.168.2.x one. There's a FreeBSD machine that acts as a gateway between the two. However, a reboot cured all. I suspect that some part of Transmission hadn't fully died. Jim -- http://www.ursaMinorBeta.co.uk http://twitter.com/GreyAreaUK Please help save Bletchley Park - sign the petition for Government funding at: (open to UK residents and ex.pats) http://petitions.number10.gov.uk/BletchleyPark/ Thank you.
First
|
Prev
|
Pages: 1 2 3 Prev: sneakemail no longer free :( Next: apple '' one to one'' is a rip-off??? |