[CentOS] log outbound port 80 connections
Bill Campbell
centos at celestial.com
Tue Feb 5 17:31:49 UTC 2008
On Tue, Feb 05, 2008, Tony Schreiner wrote:
>
>On Feb 5, 2008, at 12:15 PM, John R Pierce wrote:
>
>>Tony Schreiner wrote:
>>>Is there a way to log outbound connections to a specific port (80)?
>>>CentOS 4.6.
>>
>>
>>assuming you want to log user web browsing traffic, configuring a
>>Squid transparent proxy at your network border would be the best
>>way. its logfiles are quite similar to those of a webserver, so
>>you can use a wide range of log analysis tools.
>>
>
>To get more specific about what's going on. My network services have
>informed me that the machine is probing other systems at a high rate.
>An infection of some sort. And I'm trying to track down what's going on.
In that case, you might want to use ``lsof -i :80'' to see
processes using port 80. Once one has an interesting PID, then
using ``lsof -p PID'' will show everything that process is using
including the full path to the executing program.
Bill
--
INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
The only logical reason to take guns away from responsible people is to
give irresponsible people an edge in the perpetration of their crimes
against us. -- The Idaho Observer, Vol. 1, No. 2 February 1997
More information about the CentOS
mailing list