Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: ESTABLISHED web process??
Special Forums IP Networking ESTABLISHED web process?? Post 302550897 by melodysneed on Sunday 28th of August 2011 12:51:57 PM
Old 08-28-2011
Data ESTABLISHED web process??
I put lsof -i -P -n into the terminal and this is the output. I believe i am being hacked??

Code:
lsof -i -P -n
COMMAND    PID        USER   FD   TYPE     DEVICE SIZE/OFF NODE NAME
SystemUIS 1578 melodysneed    9u  IPv4 0x07d608ec      0t0  UDP *:*
SystemUIS 1578 melodysneed   11u  IPv4 0x0ba68810      0t0  UDP *:*
WebProces 2141 melodysneed    7u  IPv4 0x0c550748      0t0  TCP 192.168.1.71:51015->74.125.67.17:443 (ESTABLISHED)
WebProces 2141 melodysneed   11u  IPv4 0x049f7ee8      0t0  TCP 192.168.1.71:50706->207.46.232.182:80 (ESTABLISHED)

Last edited by pludi; 08-28-2011 at 05:43 PM..
 

9 More Discussions You Might Find Interesting

1. Programming

C Prog to close a socket in established state

I have a SUN environment running an WebLogic that communicates w/a 3rd party running IIS. When the IIS site goes down (frequently), I am stuck with sockets in an ESTABLISHED state, and cannot seem to figure out how to avoid this. No exceptions are thrown as I can still open connections to the IIS... (1 Reply)
Discussion started by: teledelux
1 Replies

2. IP Networking

Sniffing an established port

Hi All, On a solaris box A port B in which port B is established and receiving data. My question is how do i listen on that established port , how can i get the data received at box A: port B through my application I had searched the forum for the same, but i am unable to retrieve the... (5 Replies)
Discussion started by: matrixmadhan
5 Replies

3. HP-UX

[HP-UX] Established ports although LAN is disconnected.

Hi, I have a few questions. There is a CORBA connection between 2 HP-UX 11.11i hosts. Then the LAN of the 2nd host is pulled. On the 1st host all connections disappear, as expected. But on the 2nd host all connections still are present, as established. With lsof one can see that the... (2 Replies)
Discussion started by: ejdv
2 Replies

4. Solaris

How to kill the TCP ESTABLISHED connection in netstat

Hello, Actually there are some bugs in application which does not close the TCP connection to other server though CORBA. We need to kill that ESTABLISHED connections as new connection are not happeneing as the allocated ports were used and showing as ESTABLISHED Is there any... (4 Replies)
Discussion started by: GIC1986
4 Replies

5. Solaris

Established connections causing lag?

I'm not to sure how to go about this questions, so I will just ask it and then get criticized. How many Established connections should a V440 be able to support? (4 Replies)
Discussion started by: adelsin
4 Replies

6. Shell Programming and Scripting

Function to kill the established rsh session

HI I know that it sounds crazy :eek: appreciated if any one provided me a solution for my below case , the below script is checking the Database availability on many servers by establishing rsh session ( one by one ) , sometime one of the servers goes down and while this the script taking... (0 Replies)
Discussion started by: bejo4ever
0 Replies

7. Red Hat

Help: Find established conn source

Hi Friends, On one of my server which having direct connection to internet without firewall ..am seeing a established connection with SSH .. am not getting how ..there no login but I can see this established connection . ## have hidden original IPs with below notations for security concerns .... (0 Replies)
Discussion started by: Shirishlnx
0 Replies

8. AIX

AIX firewall accept established connection

I'm trying to configure a firewall for AIX to accept incoming connections on ports 22 and 443 and deny everything else. All is ok; the server accepts connections only on 22 and 443, but after that I also need to accept all outgoing connections -- ssh and telnet, for example. So I started with ... (0 Replies)
Discussion started by: Michael1457
0 Replies

9. UNIX for Advanced & Expert Users

30 tcp connections Established for a while and after a few minutes are close

Good morning, I need your help please After Restarting Aps or connection, these are connections tcp 0 0 10.80.1.26.57597 10.81.248.79.53008 ESTABLISHED tcp 0 47 10.80.1.26.57607 10.81.248.79.53008 ESTABLISHED tcp 0 0 ... (4 Replies)
Discussion started by: alexcol
4 Replies

LEARN ABOUT POSIX

ip-tcp_metrics

IP-TCP_METRICS(8)						       Linux							 IP-TCP_METRICS(8)

NAME

       ip-tcp_metrics - management for TCP Metrics

SYNOPSIS

       ip [ OPTIONS ] tcp_metrics { COMMAND | help }

       ip tcp_metrics { show | flush } SELECTOR

       ip tcp_metrics delete [ address ] ADDRESS

       SELECTOR := [ [ address ] PREFIX ]

DESCRIPTION

       ip tcp_metrics is used to manipulate entries in the kernel that keep TCP information for IPv4 and IPv6 destinations. The entries are cre-
       ated when TCP sockets want to share information for destinations and are stored in a cache keyed by the destination address. The saved
       information may include values for metrics (initially obtained from routes), recent TSVAL for TIME-WAIT recycling purposes, state for the
       Fast Open feature, etc.	For performance reasons the cache can not grow above configured limit and the older entries are replaced with
       fresh information, sometimes reclaimed and used for new destinations. The kernel never removes entries, they can be flushed only with this
       tool.

   ip tcp_metrics show - show cached entries
       address PREFIX (default)
	      IPv4/IPv6 prefix or address. If no prefix is provided all entries are shown.

       The output may contain the following information:

       age <S.MMM>sec - time after the entry was created, reset or updated with metrics from sockets. The entry is reset and refreshed on use with
       metrics from route if the metrics are not updated in last hour. Not all cached values reset the age on update.

       cwnd <N> - CWND metric value

       fo_cookie <HEX-STRING> - Cookie value received in SYN-ACK to be used by Fast Open for next SYNs

       fo_mss <N> - MSS value received in SYN-ACK to be used by Fast Open for next SYNs

       fo_syn_drops <N>/<S.MMM>sec ago - Number of drops of initial outgoing Fast Open SYNs with data detected by monitoring the received SYN-ACK
       after SYN retransmission.  The seconds show the time after last SYN drop and together with the drop count can be used to disable Fast Open
       for some time.

       reordering <N> - Reordering metric value

       rtt <N>us - RTT metric value

       rttvar <N>us - RTTVAR metric value

       ssthresh <SSTHRESH> - SSTHRESH metric value

       tw_ts <TSVAL>/<SEC>sec ago - recent TSVAL and the seconds after saving it into TIME-WAIT socket

   ip tcp_metrics delete - delete single entry
       address ADDRESS (default)
	      IPv4/IPv6 address. The address is a required argument.

   ip tcp_metrics flush - flush entries
       This command flushes the entries selected by some criteria.

       This command has the same arguments as show.

EXAMPLES

       ip tcp_metrics show address 192.168.0.0/24
	   Shows the entries for destinations from subnet

       ip tcp_metrics show 192.168.0.0/24
	   The same but address keyword is optional

       ip tcp_metrics
	   Show all is the default action

       ip tcp_metrics delete 192.168.0.1
	   Removes the entry for 192.168.0.1 from cache.

       ip tcp_metrics flush 192.168.0.0/24
	   Removes entries for destinations from subnet

       ip tcp_metrics flush all
	   Removes all entries from cache

       ip -6 tcp_metrics flush all
	   Removes all IPv6 entries from cache keeping the IPv4 entries.

SEE ALSO

       ip(8)

AUTHOR

       Original Manpage by Julian Anastasov <ja@ssi.bg>

iproute2							    23 Aug 2012 						 IP-TCP_METRICS(8)
All times are GMT -4. The time now is 03:30 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy