August 13, 2004
iftop
So I'm reading TaoSecurity blog, and he's got a cool little entry about hooking into a hotel's wireless network. In the entry, he talks about iftop, which is a simple application that does for network traffic that top does for CPU usage. So I install the port and run it, and of course now I'm freaking out. Probably a case of too much information, with too little knowledge, but there's all kinds of ports (446, 2460, 2490) that have some (a very little) traffic on them that I just don't know what they are doing. Perhaps just pings to see if there is anything interesting on my machine, but still, worrisome. My weekend project - install a firewall! Port description for net-mgmt/iftopdel.icio.us | Digg it | Furl | Yahoo MyWeb | Create Social Bookmark Links
Posted by jdarnold at 12:23 PM | TrackBack
Track with co.mments
Track with co.mments If you run sockstat as root, it'll show you what programs are listening on which sockets. It's always interesting (and by interesting I mean frightening) to see what's talking.
Posted by: Saint Aardvark the Carpeted on August 13, 2004 04:22 PMThanks for the reminder! I posted about sockstat before:
http://freebsd.amazingdev.com/blog/archives/000040.html
I also talked about the netstat command.
I still have one mysterious connection that iftop is showing. Oddly enough, it isn't giving me a port number, either source or destination. But I do have a destination IP address - some place in Germany, which scares me. There isn't much going across, but it has been hanging around since I started iftop yesterday. And it doesn't seem to show up in either sockstat or netstat. Not sure where to look next.
Posted by: Jonathan Arnold on August 14, 2004 09:10 AM
