Ntop misterious traffic

ntop
network

(Hector Perez) #1

Hi there,

I’m trying Ntop as a network sniffer it works good; but I found traffic from strange sources from 172.16.1.20 to 172.16.1.255, is UDP and I’ have a pfsense firewall just allowing traffic to certain ports.

I don’t know from where this traffic comes, I checked the ARP entries but I can’t find 172.16.1.20 such host.

¿Any Ideas?


Samba is not working (SSSD accountsprovider error)
Samba is not working (SSSD accountsprovider error)
(Marc) #2

Don’t know the cause but maybe these two issues are related:


Can you describe your network? Do you use a VPN?


(Hector Perez) #3

I checked those links.

I have the following config:

FireWall pfsense.
SMEserver main server of the office, will be changed to Nethserver when new disks arrives.
Nethserver in probe.
50 clients machines.

here is the arp -na

[root@nethserver ~]# arp -na
? (192.168.3.124) at 00:1d:92:b4:c0:b3 [ether] on br0
? (192.168.3.113) at f8:b1:56:c9:53:b9 [ether] on br0
? (192.168.3.152) at 48:4d:7e:cf:d2:2f [ether] on br0
? (192.168.3.19) at 04:7d:7b:38:70:7a [ether] on br0
? (192.168.3.104) at f8:bc:12:9f:43:7b [ether] on br0
? (192.168.3.114) at d4:be:d9:9f:0f:6c [ether] on br0
? (192.168.3.132) at b0:83:fe:4e:34:e0 [ether] on br0
? (192.168.3.10) at d8:9e:f3:38:53:e7 [ether] on br0
? (192.168.3.20) at 48:4d:7e:cf:d2:2f [ether] on br0
? (192.168.3.115) at 90:b1:1c:93:8d:d6 [ether] on br0
? (192.168.3.21) at on br0
? (192.168.3.134) at 00:1b:b9:6c:33:2c [ether] on br0
? (192.168.3.1) at 00:1c:25:db:92:60 [ether] on br0
? (192.168.3.22) at 00:1a:4b:83:2f:77 [ether] on br0
? (192.168.3.107) at b0:83:fe:65:14:39 [ether] on br0
? (192.168.3.178) at b4:b5:2f:54:f6:f0 [ether] on br0
? (192.168.3.145) at 90:b1:1c:a0:1e:27 [ether] on br0
? (192.168.3.2) at b0:83:fe:d1:bc:70 [ether] on br0
? (192.168.3.23) at 64:00:6a:4b:ea:b6 [ether] on br0
? (192.168.3.108) at f8:bc:12:8f:08:d5 [ether] on br0
? (192.168.3.136) at f8:bc:12:8f:08:ff [ether] on br0
? (192.168.3.146) at 64:00:6a:4b:e9:ea [ether] on br0
? (192.168.3.24) at 64:00:6a:4b:e9:ea [ether] on br0
? (192.168.3.120) at 64:00:6a:78:44:b1 [ether] on br0
? (192.168.3.243) at 00:24:e8:19:4d:a0 [ether] on br0
? (192.168.3.139) at 18:03:73:31:09:7c [ether] on br0
? (192.168.3.121) at d8:9e:f3:16:77:31 [ether] on br0
? (192.168.3.222) at 00:19:d1:3b:d0:14 [ether] on br0
? (192.168.3.201) at e2:35:6c:5f:08:29 [ether] on br0
? (192.168.3.101) at 48:4d:7e:db:42:6a [ether] on br0
? (192.168.3.140) at 64:00:6a:78:99:21 [ether] on br0
? (192.168.3.17) at 00:23:24:0a:a8:8e [ether] on br0
? (169.254.169.254) at on br0
? (192.168.3.123) at 90:b1:1c:80:7c:c7 [ether] on br0
? (192.168.3.112) at b0:83:fe:85:67:42 [ether] on br0
? (192.168.3.151) at f8:bc:12:9b:db:dc [ether] on br0

I have UDP traffic for several machines, for the rest is blocked (youtube is allowed in several machines but not in all).


(bob) #4

My NethServer is set up with the OpenVPN package and is set to route all traffic through the VPN.
Bob


(Hector Perez) #5

Thanks, my tcpdump said this:

[root@nethserver ~]# tcpdump -nei br0 host 172.16.1.20
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br0, link-type EN10MB (Ethernet), capture size 262144 bytes
16:08:49.050057 24:be:05:1a:e6:ac > Broadcast, ethertype IPv4 (0x0800), length 202: 172.16.1.20.19299 > 172.16.1.255.19299: UDP, length 160
16:08:49.068028 24:be:05:1a:e6:ac > Broadcast, ethertype IPv4 (0x0800), length 202: 172.16.1.20.19299 > 172.16.1.255.19299: UDP, length 160
16:08:49.086062 24:be:05:1a:e6:ac > Broadcast, ethertype IPv4 (0x0800), length 202: 172.16.1.20.19299 > 172.16.1.255.19299: UDP, length 160

Sorry but don’t know what to do.


(Hector Perez) #6

Ok I blocked the traffic in the pfsense firewall, the Nethserver is serving a webpage for 4 clients, everything seems to be fine but the tcpdump keeps saying :

[root@nethserver ~]# tcpdump -nvei br0 host 172.16.1.255
tcpdump: listening on br0, link-type EN10MB (Ethernet), capture size 262144 bytes
16:32:29.808046 24:be:05:1a:e6:ac > Broadcast, ethertype IPv4 (0x0800), length 202: (tos 0x0, ttl 128, id 23075, offset 0, flags [none], proto UDP (17), length 188)
    172.16.1.20.19299 > 172.16.1.255.19299: UDP, length 160
16:32:29.825092 24:be:05:1a:e6:ac > Broadcast, ethertype IPv4 (0x0800), length 202: (tos 0x0, ttl 128, id 23076, offset 0, flags [none], proto UDP (17), length 188)
    172.16.1.20.19299 > 172.16.1.255.19299: UDP, length 160
16:32:29.842060 24:be:05:1a:e6:ac > Broadcast, ethertype IPv4 (0x0800), length 202: (tos 0x0, ttl 128, id 23077, offset 0, flags [none], proto UDP (17), length 188)
    172.16.1.20.19299 > 172.16.1.255.19299: UDP, length 160
16:32:29.859065 24:be:05:1a:e6:ac > Broadcast, ethertype IPv4 (0x0800), length 202: (tos 0x0, ttl 128, id 23078, offset 0, flags [none], proto UDP (17), length 188)
    172.16.1.20.19299 > 172.16.1.255.19299: UDP, length 160
16:32:29.877078 24:be:05:1a:e6:ac > Broadcast, ethertype IPv4 (0x0800), length 202: (tos 0x0, ttl 128, id 23095, offset 0, flags [none], proto UDP (17), length 188)

(Hector Perez) #7

Updating (malicious software) I think.


(Eddie Atherton) #8

Is it your VPN using those IPs, as they are part of the private, non-routeable range.

Cheers.


(bob) #9

@EddieA Sorry, I don’t understand the question.
My LAN network uses the 192.168.1.0 IP config.
The OpenVPN system uses the 10.x.x.x (can’t remember the exact numbers) IP config.

No VPN links were in use at the time of getting the martian packets.

Bob


(Eddie Atherton) #10

@bobtskutter Sorry, I got your comment about running a VPN confused with the OP’s rouge IP issue.

Cheers.


(Hector Perez) #11

Ok guys Until today I upgraded the server, everything is running but the estrange UPD traffic is running:

[root@nethserver ~]# tcpdump -nei br0 host 172.16.1.20
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br0, link-type EN10MB (Ethernet), capture size 262144 bytes
14:41:11.961050 24:be:05:1a:e6:ac > Broadcast, ethertype IPv4 (0x0800), length 202: 172.16.1.20.19299 > 172.16.1.255.19299: UDP, length 160
14:41:11.978086 24:be:05:1a:e6:ac > Broadcast, ethertype IPv4 (0x0800), length 202: 172.16.1.20.19299 > 172.16.1.255.19299: UDP, length 160
14:41:11.995072 24:be:05:1a:e6:ac > Broadcast, ethertype IPv4 (0x0800), length 202: 172.16.1.20.19299 > 172.16.1.255.19299: UDP, length 160
14:41:12.013045 24:be:05:1a:e6:ac > Broadcast, ethertype IPv4 (0x0800),

I made a netstat -aon : here is the result.

[root@nethserver ~]# netstat -aon
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State Timer
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:4190 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:9056 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:5280 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:10053 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:5222 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:5223 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:9001 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:6378 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:11211 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:9070 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:9071 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:9072 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:2000 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:8082 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:41620 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:3000 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:1433 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:8953 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:1434 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:5432 127.0.0.1:57566 ESTABLISHED keepalive (5813.81/0/0)
tcp 0 0 127.0.0.1:36220 127.0.0.1:6379 ESTABLISHED keepalive (5797.42/0/0)
tcp 0 0 192.168.3.200:36502 192.168.3.201:3268 ESTABLISHED keepalive (6731.31/0/0)
tcp 0 0 127.0.0.1:57581 127.0.0.1:1433 ESTABLISHED off (0.00/0/0)
tcp 0 0 127.0.0.1:6379 127.0.0.1:36220 ESTABLISHED keepalive (84.53/0/0)
tcp 0 0 127.0.0.1:5432 127.0.0.1:57558 ESTABLISHED keepalive (5813.81/0/0)
tcp 0 0 192.168.3.200:53700 192.168.3.201:636 ESTABLISHED keepalive (6698.54/0/0)
tcp 0 0 127.0.0.1:4369 127.0.0.1:52558 ESTABLISHED off (0.00/0/0)
tcp 0 0 127.0.0.1:5432 127.0.0.1:57568 ESTABLISHED keepalive (5813.81/0/0)
tcp 0 0 127.0.0.1:48822 127.0.0.1:5672 ESTABLISHED off (0.00/0/0)
tcp 0 0 127.0.0.1:5432 127.0.0.1:57556 ESTABLISHED keepalive (5813.81/0/0)
tcp 0 0 127.0.0.1:5432 127.0.0.1:57564 ESTABLISHED keepalive (5813.81/0/0)
tcp 0 0 127.0.0.1:59720 127.0.0.1:6378 ESTABLISHED off (0.00/0/0)
tcp 0 0 192.168.3.200:47844 192.168.3.201:389 ESTABLISHED keepalive (6731.31/0/0)
tcp 0 0 127.0.0.1:36288 127.0.0.1:6379 ESTABLISHED keepalive (5813.81/0/0)
tcp 0 0 127.0.0.1:59722 127.0.0.1:6378 ESTABLISHED off (0.00/0/0)
tcp 0 0 127.0.0.1:6378 127.0.0.1:59722 ESTABLISHED keepalive (82.48/0/0)
tcp 0 0 127.0.0.1:6379 127.0.0.1:36300 ESTABLISHED keepalive (89.65/0/0)
tcp 0 0 127.0.0.1:4369 127.0.0.1:42729 ESTABLISHED off (0.00/0/0)
tcp 0 0 127.0.0.1:52558 127.0.0.1:4369 ESTABLISHED off (0.00/0/0)
tcp 0 0 127.0.0.1:6379 127.0.0.1:36288 ESTABLISHED keepalive (66.09/0/0)
tcp 0 0 127.0.0.1:5432 127.0.0.1:57562 ESTABLISHED keepalive (5813.81/0/0)
tcp 0 0 127.0.0.1:6379 127.0.0.1:36218 ESTABLISHED keepalive (84.53/0/0)
tcp 0 1600 192.168.3.200:22 192.168.3.243:14793 ESTABLISHED on (0.07/0/0)
tcp 0 0 127.0.0.1:48806 127.0.0.1:5672 ESTABLISHED off (0.00/0/0)
tcp 0 0 127.0.0.1:1433 127.0.0.1:57581 ESTABLISHED keepalive (6534.70/0/0)
tcp 0 0 127.0.0.1:5432 127.0.0.1:57552 ESTABLISHED keepalive (5813.81/0/0)
tcp 0 0 127.0.0.1:36218 127.0.0.1:6379 ESTABLISHED keepalive (5797.42/0/0)
tcp 0 0 127.0.0.1:5432 127.0.0.1:57560 ESTABLISHED keepalive (5813.81/0/0)
tcp 0 0 127.0.0.1:48818 127.0.0.1:5672 ESTABLISHED off (0.00/0/0)
tcp 0 0 127.0.0.1:5432 127.0.0.1:57554 ESTABLISHED keepalive (5813.80/0/0)
tcp 0 0 127.0.0.1:42729 127.0.0.1:4369 ESTABLISHED off (0.00/0/0)
tcp 0 0 127.0.0.1:5432 127.0.0.1:57570 ESTABLISHED keepalive (5813.80/0/0)
tcp 0 0 127.0.0.1:6378 127.0.0.1:59720 ESTABLISHED keepalive (58.92/0/0)
tcp 0 0 127.0.0.1:36300 127.0.0.1:6379 ESTABLISHED keepalive (5813.80/0/0)
tcp6 0 0 :::443 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::445 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::8126 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::4190 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::8000 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::58080 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::993 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::995 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::5672 :::* LISTEN off (0.00/0/0)
tcp6 0 0 ::1:10024 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::587 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::11211 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::139 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::110 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::143 :::* LISTEN off (0.00/0/0)
tcp6 0 0 ::1:783 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::8080 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::80 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::2000 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::465 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::8082 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::980 :::* LISTEN off (0.00/0/0)
tcp6 0 0 127.0.0.1:58005 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::53 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::22 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::3128 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::58009 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::3129 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::25 :::* LISTEN off (0.00/0/0)
tcp6 0 0 ::1:8953 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::1433 :::* LISTEN off (0.00/0/0)
tcp6 0 0 ::1:1434 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::3130 :::* LISTEN off (0.00/0/0)
tcp6 0 0 127.0.0.1:57554 127.0.0.1:5432 ESTABLISHED off (0.00/0/0)
tcp6 0 0 127.0.0.1:57568 127.0.0.1:5432 ESTABLISHED off (0.00/0/0)
tcp6 0 0 127.0.0.1:57564 127.0.0.1:5432 ESTABLISHED off (0.00/0/0)
tcp6 0 0 127.0.0.1:57558 127.0.0.1:5432 ESTABLISHED off (0.00/0/0)
tcp6 0 0 127.0.0.1:5672 127.0.0.1:48806 ESTABLISHED off (0.00/0/0)
tcp6 0 0 127.0.0.1:57552 127.0.0.1:5432 ESTABLISHED off (0.00/0/0)
tcp6 0 0 127.0.0.1:5672 127.0.0.1:48818 ESTABLISHED off (0.00/0/0)
tcp6 0 0 127.0.0.1:5672 127.0.0.1:48822 ESTABLISHED off (0.00/0/0)
tcp6 0 0 127.0.0.1:57562 127.0.0.1:5432 ESTABLISHED off (0.00/0/0)
tcp6 0 0 127.0.0.1:57560 127.0.0.1:5432 ESTABLISHED off (0.00/0/0)
tcp6 0 0 127.0.0.1:57570 127.0.0.1:5432 ESTABLISHED off (0.00/0/0)
tcp6 0 0 127.0.0.1:57556 127.0.0.1:5432 ESTABLISHED off (0.00/0/0)
tcp6 0 0 127.0.0.1:57566 127.0.0.1:5432 ESTABLISHED off (0.00/0/0)
udp 0 0 127.0.0.1:323 0.0.0.0:* off (0.00/0/0)
udp 0 0 0.0.0.0:40524 0.0.0.0:* off (0.00/0/0)
udp 0 0 0.0.0.0:8125 0.0.0.0:* off (0.00/0/0)
udp 0 0 127.0.0.1:41809 127.0.0.1:41809 ESTABLISHED off (0.00/0/0)
udp 0 0 192.168.3.200:42614 0.0.0.0:* off (0.00/0/0)
udp 0 0 127.0.0.1:10053 0.0.0.0:* off (0.00/0/0)
udp 0 0 0.0.0.0:11211 0.0.0.0:* off (0.00/0/0)
udp 0 0 0.0.0.0:47765 0.0.0.0:* off (0.00/0/0)
udp 0 0 0.0.0.0:53 0.0.0.0:* off (0.00/0/0)
udp 0 0 0.0.0.0:69 0.0.0.0:* off (0.00/0/0)
udp 0 0 0.0.0.0:123 0.0.0.0:* off (0.00/0/0)
udp 0 0 192.168.3.255:137 0.0.0.0:* off (0.00/0/0)
udp 0 0 192.168.3.200:137 0.0.0.0:* off (0.00/0/0)
udp 0 0 0.0.0.0:137 0.0.0.0:* off (0.00/0/0)
udp 0 0 192.168.3.255:138 0.0.0.0:* off (0.00/0/0)
udp 0 0 192.168.3.200:138 0.0.0.0:* off (0.00/0/0)
udp 0 0 0.0.0.0:138 0.0.0.0:* off (0.00/0/0)
udp6 0 0 ::1:323 :::* off (0.00/0/0)
udp6 0 0 :::53665 :::* off (0.00/0/0)
udp6 0 0 :::11211 :::* off (0.00/0/0)
udp6 0 0 :::53 :::* off (0.00/0/0)
udp6 0 0 :::69 :::* off (0.00/0/0)
udp6 0 0 :::123 :::* off (0.00/0/0)

Don’t know what to do, is not so significant but is scary to to have a virus in Linux.


(Hector Perez) #12

Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 35359 /var/lib/samba/private/msg.sock/3294
unix 2 [ ACC ] STREAM LISTENING 30794 /var/spool/postfix/private/smtpauth
unix 2 [ ACC ] STREAM LISTENING 31053 private/bounce
unix 2 [ ACC ] STREAM LISTENING 31056 private/defer
unix 2 [ ACC ] STREAM LISTENING 29349 private/trace
unix 2 [ ACC ] STREAM LISTENING 29352 private/verify
unix 2 [ ACC ] STREAM LISTENING 32126 private/proxymap
unix 2 [ ACC ] STREAM LISTENING 32129 private/proxywrite
unix 2 [ ACC ] STREAM LISTENING 32132 private/smtp
unix 2 [ ACC ] STREAM LISTENING 32135 private/relay
unix 2 [ ACC ] STREAM LISTENING 32141 private/error
unix 2 [ ACC ] STREAM LISTENING 32144 private/retry
unix 2 [ ACC ] STREAM LISTENING 32147 private/discard
unix 2 [ ACC ] STREAM LISTENING 32150 private/local
unix 2 [ ACC ] STREAM LISTENING 32153 private/virtual
unix 2 [ ACC ] STREAM LISTENING 32156 private/lmtp
unix 2 [ ACC ] STREAM LISTENING 21553 /var/lib/gssproxy/default.sock
unix 2 [ ACC ] STREAM LISTENING 32159 private/anvil
unix 2 [ ACC ] STREAM LISTENING 32162 private/scache
unix 2 [ ACC ] STREAM LISTENING 31081 private/spamtrain
unix 2 [ ] DGRAM 34936 /var/lib/samba/private/msg.sock/3143
unix 2 [ ] DGRAM 10033 /run/systemd/shutdownd
unix 2 [ ACC ] STREAM LISTENING 21554 /run/gssproxy.sock
unix 2 [ ] DGRAM 18242 /var/run/chrony/chronyd.sock
unix 2 [ ACC ] STREAM LISTENING 26180 /var/run/postgresql/.s.PGSQL.5432
unix 2 [ ACC ] STREAM LISTENING 19137 @ISCSID_UIP_ABSTRACT_NAMESPACE
unix 2 [ ACC ] STREAM LISTENING 30795 /var/run/dovecot/auth-worker
unix 2 [ ACC ] STREAM LISTENING 10058 /run/lvm/lvmpolld.socket
unix 2 [ ACC ] STREAM LISTENING 31047 private/tlsmgr
unix 2 [ ACC ] STREAM LISTENING 31042 public/cleanup
unix 2 [ ACC ] STREAM LISTENING 30797 /var/run/dovecot/anvil
unix 2 [ ACC ] STREAM LISTENING 31050 private/rewrite
unix 2 [ ACC ] STREAM LISTENING 30799 /var/run/dovecot/anvil-auth-penalty
unix 2 [ ACC ] STREAM LISTENING 30801 /var/run/dovecot/imap-postlogin
unix 2 [ ACC ] STREAM LISTENING 30803 /var/run/dovecot/sieve-postlogin
unix 2 [ ACC ] STREAM LISTENING 30805 /var/run/dovecot/pop3-postlogin
unix 2 [ ACC ] STREAM LISTENING 27477 /var/run/dovecot/login/sieve
unix 2 [ ACC ] STREAM LISTENING 27479 /var/run/dovecot/stats
unix 2 [ ACC ] STREAM LISTENING 32344 /var/run/libvirt/libvirt-sock
unix 2 [ ACC ] STREAM LISTENING 32123 public/flush
unix 2 [ ACC ] STREAM LISTENING 32346 /var/run/libvirt/libvirt-sock-ro
unix 2 [ ACC ] STREAM LISTENING 27482 /var/run/dovecot/ssl-params
unix 2 [ ACC ] STREAM LISTENING 34396 /var/run/supervisor/supervisor.sock.2835
unix 2 [ ACC ] STREAM LISTENING 32348 /var/run/libvirt/libvirt-admin-sock
unix 2 [ ACC ] STREAM LISTENING 32138 public/showq
unix 2 [ ACC ] STREAM LISTENING 27484 /var/run/dovecot/login/ssl-params
unix 2 [ ACC ] STREAM LISTENING 27486 /var/run/dovecot/replicator
unix 2 [ ACC ] STREAM LISTENING 27488 /var/run/dovecot/replication-notify
unix 2 [ ACC ] STREAM LISTENING 14433 /run/lvm/lvmetad.socket
unix 2 [ ACC ] STREAM LISTENING 27491 /var/run/dovecot/login/pop3
unix 2 [ ] DGRAM 32199 /var/lib/samba/private/msg.sock/1718
unix 2 [ ACC ] STREAM LISTENING 27497 /var/run/dovecot/log-errors
unix 2 [ ACC ] STREAM LISTENING 27499 /var/run/dovecot/lmtp
unix 2 [ ACC ] STREAM LISTENING 9067 /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 27501 /var/run/dovecot/ipc
unix 2 [ ACC ] STREAM LISTENING 27503 /var/run/dovecot/login/ipc-proxy
unix 2 [ ] DGRAM 36130 /var/lib/samba/private/msg.sock/3142
unix 2 [ ACC ] STREAM LISTENING 27505 /var/run/dovecot/indexer-worker
unix 2 [ ACC ] STREAM LISTENING 27507 /var/run/dovecot/indexer
unix 3 [ ] DGRAM 1396 /run/systemd/notify
unix 2 [ ACC ] STREAM LISTENING 27509 /var/run/dovecot/login/imap
unix 2 [ ] DGRAM 1398 /run/systemd/cgroups-agent
unix 2 [ ACC ] STREAM LISTENING 27511 /var/run/dovecot/imap-urlauth-worker
unix 2 [ ACC ] STREAM LISTENING 27513 /var/run/dovecot/token-login/imap-urlauth
unix 2 [ ACC ] SEQPACKET LISTENING 14458 /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 27515 /var/run/dovecot/imap-urlauth
unix 2 [ ACC ] STREAM LISTENING 31016 /var/lib/sss/pipes/private/sbus-monitor
unix 2 [ ACC ] STREAM LISTENING 27517 /var/run/dovecot/imap-ipc
unix 2 [ ACC ] STREAM LISTENING 27523 /var/run/dovecot/doveadm-server
unix 2 [ ACC ] STREAM LISTENING 27525 /var/run/dovecot/dns-client
unix 2 [ ACC ] STREAM LISTENING 27527 /var/run/dovecot/director-admin
unix 2 [ ACC ] STREAM LISTENING 27529 /var/run/dovecot/dict
unix 2 [ ACC ] STREAM LISTENING 1416 /run/systemd/journal/stdout
unix 2 [ ACC ] STREAM LISTENING 27531 /var/run/dovecot/config
unix 6 [ ] DGRAM 1419 /run/systemd/journal/socket
unix 2 [ ACC ] STREAM LISTENING 27533 /var/run/dovecot/login/login
unix 30 [ ] DGRAM 1421 /dev/log
unix 2 [ ACC ] STREAM LISTENING 27535 /var/run/dovecot/token-login/tokenlogin
unix 2 [ ACC ] STREAM LISTENING 27537 /var/run/dovecot/auth-login
unix 2 [ ACC ] STREAM LISTENING 27539 /var/run/dovecot/auth-client
unix 2 [ ACC ] STREAM LISTENING 27541 /var/run/dovecot/auth-userdb
unix 2 [ ACC ] STREAM LISTENING 27543 /var/run/dovecot/auth-master
unix 2 [ ACC ] STREAM LISTENING 36052 /var/lib/mysql/mysql.sock
unix 2 [ ACC ] STREAM LISTENING 35497 /var/run/clamd.amavisd/clamd.sock
unix 2 [ ACC ] STREAM LISTENING 32383 /var/lib/sss/pipes/private/pam
unix 2 [ ACC ] STREAM LISTENING 27705 /tmp/.s.PGSQL.5432
unix 2 [ ACC ] STREAM LISTENING 19135 /var/run/rpcbind.sock
unix 2 [ ACC ] STREAM LISTENING 17635 @ISCSIADM_ABSTRACT_NAMESPACE
unix 2 [ ACC ] STREAM LISTENING 32382 /var/lib/sss/pipes/pam
unix 2 [ ACC ] STREAM LISTENING 30623 /var/lib/sss/pipes/nss
unix 2 [ ACC ] STREAM LISTENING 19138 /var/run/libvirt/virtlogd-sock
unix 2 [ ACC ] STREAM LISTENING 19141 /var/run/libvirt/virtlockd-sock
unix 2 [ ACC ] STREAM LISTENING 31429 /var/run/php56-php-fpm/sorteo-php56.sock
unix 2 [ ACC ] STREAM LISTENING 19143 /run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 30410 /run/samba/nmbd/unexpected
unix 2 [ ACC ] STREAM LISTENING 30288 /var/lib/sss/pipes/private/sbus-dp_info2.unicentrobogota.com.2679
unix 2 [ ] DGRAM 36066 /var/lib/samba/private/msg.sock/2791
unix 2 [ ACC ] STREAM LISTENING 19449 /var/run/smwingsd.sock
unix 3 [ ] STREAM CONNECTED 22684 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 32950
unix 3 [ ] STREAM CONNECTED 22803
unix 2 [ ] STREAM CONNECTED 44763
unix 3 [ ] STREAM CONNECTED 31052
unix 2 [ ] STREAM CONNECTED 34829
unix 2 [ ] DGRAM 44765
unix 3 [ ] STREAM CONNECTED 31051
unix 3 [ ] STREAM CONNECTED 26462 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 26455 /run/systemd/journal/stdout
unix 2 [ ] STREAM CONNECTED 33068
unix 3 [ ] STREAM CONNECTED 22192
unix 3 [ ] STREAM CONNECTED 29079
unix 3 [ ] STREAM CONNECTED 25364
unix 3 [ ] STREAM CONNECTED 34744
unix 3 [ ] STREAM CONNECTED 19419 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 31055
unix 2 [ ] DGRAM 30620
unix 3 [ ] STREAM CONNECTED 14847
unix 2 [ ] STREAM CONNECTED 29693
unix 3 [ ] STREAM CONNECTED 29607
unix 2 [ ] STREAM CONNECTED 35203
unix 3 [ ] STREAM CONNECTED 31054
unix 3 [ ] STREAM CONNECTED 26431 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 33023
unix 3 [ ] STREAM CONNECTED 30621
unix 3 [ ] STREAM CONNECTED 25365 /run/systemd/journal/stdout
unix 3 [ ] DGRAM 14862
unix 3 [ ] STREAM CONNECTED 15646 /run/systemd/journal/stdout
unix 2 [ ] DGRAM 36170
unix 3 [ ] STREAM CONNECTED 22802
unix 3 [ ] STREAM CONNECTED 31427
unix 3 [ ] STREAM CONNECTED 31079
unix 2 [ ] DGRAM 27462
unix 2 [ ] STREAM CONNECTED 32985
unix 2 [ ] DGRAM 26190
unix 2 [ ] DGRAM 32296
unix 3 [ ] STREAM CONNECTED 16512
unix 3 [ ] STREAM CONNECTED 21063 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 31058
unix 2 [ ] DGRAM 18221
unix 2 [ ] STREAM CONNECTED 34832
unix 3 [ ] STREAM CONNECTED 29609
unix 3 [ ] STREAM CONNECTED 31057
unix 3 [ ] STREAM CONNECTED 23024
unix 3 [ ] STREAM CONNECTED 32951
unix 2 [ ] DGRAM 13727
unix 3 [ ] STREAM CONNECTED 24486 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 13813 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 22812
unix 3 [ ] STREAM CONNECTED 20835
unix 3 [ ] STREAM CONNECTED 29610
unix 3 [ ] STREAM CONNECTED 22808
unix 2 [ ] DGRAM 32385
unix 3 [ ] STREAM CONNECTED 22811
unix 2 [ ] DGRAM 39889
unix 3 [ ] STREAM CONNECTED 29608
unix 3 [ ] STREAM CONNECTED 31062
unix 3 [ ] STREAM CONNECTED 24948
unix 2 [ ] STREAM CONNECTED 32775
unix 3 [ ] STREAM CONNECTED 22320
unix 2 [ ] STREAM CONNECTED 32986
unix 2 [ ] DGRAM 29570
unix 3 [ ] STREAM CONNECTED 34029
unix 3 [ ] STREAM CONNECTED 31061
unix 3 [ ] STREAM CONNECTED 22703 /run/systemd/journal/stdout
unix 2 [ ] STREAM CONNECTED 29683
unix 3 [ ] STREAM CONNECTED 22805
unix 3 [ ] STREAM CONNECTED 22705 /run/systemd/journal/stdout
unix 2 [ ] STREAM CONNECTED 34018
unix 2 [ ] STREAM CONNECTED 31433
unix 2 [ ] DGRAM 27187
unix 2 [ ] STREAM CONNECTED 29682
unix 3 [ ] STREAM CONNECTED 36210
unix 2 [ ] DGRAM 22391
unix 3 [ ] STREAM CONNECTED 34030
unix 3 [ ] STREAM CONNECTED 31428
unix 3 [ ] STREAM CONNECTED 31043
unix 3 [ ] STREAM CONNECTED 26952
unix 2 [ ] STREAM CONNECTED 32774
unix 3 [ ] STREAM CONNECTED 22453
unix 3 [ ] STREAM CONNECTED 19995
unix 2 [ ] DGRAM 35130
unix 3 [ ] STREAM CONNECTED 31325 /var/lib/sss/pipes/private/sbus-monitor
unix 3 [ ] STREAM CONNECTED 32386
unix 2 [ ] STREAM CONNECTED 34851
unix 2 [ ] STREAM CONNECTED 35394
unix 3 [ ] STREAM CONNECTED 36211
unix 2 [ ] STREAM CONNECTED 34467
unix 3 [ ] STREAM CONNECTED 29080 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 31041
unix 3 [ ] STREAM CONNECTED 31339 /var/lib/sss/pipes/private/sbus-dp_info2.unicentrobogota.com.2679
unix 3 [ ] STREAM CONNECTED 30468
unix 2 [ ] STREAM CONNECTED 34022
unix 2 [ ] STREAM CONNECTED 32772
unix 3 [ ] STREAM CONNECTED 31040
unix 3 [ ] STREAM CONNECTED 22121
unix 2 [ ] DGRAM 35192
unix 2 [ ] STREAM CONNECTED 35984
unix 3 [ ] STREAM CONNECTED 31046
unix 3 [ ] STREAM CONNECTED 18398 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 22806
unix 3 [ ] STREAM CONNECTED 31045
unix 2 [ ] DGRAM 16514
unix 3 [ ] STREAM CONNECTED 33022
unix 2 [ ] DGRAM 18088
unix 3 [ ] STREAM CONNECTED 22681
unix 3 [ ] STREAM CONNECTED 31044
unix 2 [ ] STREAM CONNECTED 35983
unix 3 [ ] STREAM CONNECTED 22127 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 31049
unix 3 [ ] STREAM CONNECTED 22454 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 18150
unix 3 [ ] STREAM CONNECTED 31048
unix 3 [ ] STREAM CONNECTED 27044
unix 3 [ ] STREAM CONNECTED 18149
unix 3 [ ] STREAM CONNECTED 22809
unix 3 [ ] STREAM CONNECTED 27132
unix 3 [ ] STREAM CONNECTED 30622
unix 3 [ ] DGRAM 14861
unix 2 [ ] STREAM CONNECTED 40854
unix 3 [ ] STREAM CONNECTED 34745
unix 2 [ ] STREAM CONNECTED 44807
unix 3 [ ] STREAM CONNECTED 31312
unix 3 [ ] STREAM CONNECTED 21402
unix 2 [ ] STREAM CONNECTED 32493
unix 3 [ ] STREAM CONNECTED 27469
unix 2 [ ] STREAM CONNECTED 31680
unix 2 [ ] STREAM CONNECTED 34058
unix 3 [ ] STREAM CONNECTED 32066 /var/lib/sss/pipes/private/sbus-monitor
unix 3 [ ] STREAM CONNECTED 22815
unix 3 [ ] STREAM CONNECTED 19416
unix 2 [ ] DGRAM 31121
unix 3 [ ] STREAM CONNECTED 32140
unix 2 [ ] DGRAM 24674
unix 2 [ ] STREAM CONNECTED 31679
unix 3 [ ] STREAM CONNECTED 32672
unix 3 [ ] STREAM CONNECTED 32128
unix 3 [ ] STREAM CONNECTED 33543
unix 2 [ ] STREAM CONNECTED 33941
unix 3 [ ] STREAM CONNECTED 19417 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 32134
unix 2 [ ] STREAM CONNECTED 31539
unix 2 [ ] DGRAM 44811
unix 2 [ ] STREAM CONNECTED 35205
unix 2 [ ] DGRAM 28982
unix 3 [ ] STREAM CONNECTED 18396 /run/systemd/journal/stdout
unix 2 [ ] DGRAM 14616
unix 3 [ ] STREAM CONNECTED 36024 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 29351
unix 3 [ ] STREAM CONNECTED 31083
unix 3 [ ] STREAM CONNECTED 32130
unix 2 [ ] STREAM CONNECTED 34037
unix 3 [ ] STREAM CONNECTED 20161 /run/dbus/system_bus_socket
unix 2 [ ] DGRAM 31013
unix 3 [ ] STREAM CONNECTED 18151 /run/dbus/system_bus_socket
unix 2 [ ] STREAM CONNECTED 44809
unix 2 [ ] STREAM CONNECTED 38277
unix 3 [ ] STREAM CONNECTED 32131
unix 3 [ ] STREAM CONNECTED 32139
unix 2 [ ] STREAM CONNECTED 38278
unix 3 [ ] STREAM CONNECTED 32127
unix 3 [ ] STREAM CONNECTED 30195
unix 2 [ ] DGRAM 26503
unix 3 [ ] STREAM CONNECTED 21460
unix 2 [ ] STREAM CONNECTED 42915
unix 3 [ ] STREAM CONNECTED 33274
unix 3 [ ] STREAM CONNECTED 34001
unix 2 [ ] STREAM CONNECTED 32489
unix 3 [ ] STREAM CONNECTED 32136
unix 2 [ ] STREAM CONNECTED 34947
unix 3 [ ] STREAM CONNECTED 18393 /run/systemd/journal/stdout
unix 2 [ ] STREAM CONNECTED 32483
unix 3 [ ] STREAM CONNECTED 30469
unix 3 [ ] STREAM CONNECTED 29347
unix 3 [ ] STREAM CONNECTED 27470
unix 3 [ ] STREAM CONNECTED 32137
unix 3 [ ] STREAM CONNECTED 17960
unix 3 [ ] STREAM CONNECTED 32133
unix 3 [ ] STREAM CONNECTED 29559
unix 3 [ ] STREAM CONNECTED 32157
unix 3 [ ] STREAM CONNECTED 32353 /run/dbus/system_bus_socket
unix 2 [ ] DGRAM 31108
unix 3 [ ] STREAM CONNECTED 29350
unix 3 [ ] STREAM CONNECTED 32158
unix 3 [ ] STREAM CONNECTED 23264
unix 2 [ ] DGRAM 31163
unix 3 [ ] STREAM CONNECTED 24488 /run/systemd/journal/stdout
unix 2 [ ] STREAM CONNECTED 32494
unix 3 [ ] STREAM CONNECTED 32124
unix 3 [ ] STREAM CONNECTED 29348
unix 3 [ ] STREAM CONNECTED 19046
unix 3 [ ] STREAM CONNECTED 33467 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 31444 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 31103
unix 2 [ ] DGRAM 30183
unix 2 [ ] STREAM CONNECTED 34002
unix 3 [ ] STREAM CONNECTED 31082
unix 3 [ ] STREAM CONNECTED 32154
unix 2 [ ] STREAM CONNECTED 31671
unix 2 [ ] DGRAM 32119
unix 3 [ ] STREAM CONNECTED 33995
unix 3 [ ] STREAM CONNECTED 21909
unix 3 [ ] STREAM CONNECTED 20151
unix 3 [ ] STREAM CONNECTED 32155
unix 3 [ ] STREAM CONNECTED 30635 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 31982
unix 2 [ ] STREAM CONNECTED 33379
unix 2 [ ] STREAM CONNECTED 32981
unix 2 [ ] DGRAM 29404
unix 3 [ ] STREAM CONNECTED 32146
unix 3 [ ] STREAM CONNECTED 18401
unix 3 [ ] STREAM CONNECTED 33542
unix 3 [ ] STREAM CONNECTED 33996
unix 2 [ ] STREAM CONNECTED 34882
unix 3 [ ] STREAM CONNECTED 50559 /var/lib/sss/pipes/nss
unix 3 [ ] STREAM CONNECTED 33997
unix 3 [ ] STREAM CONNECTED 19045
unix 3 [ ] STREAM CONNECTED 32160
unix 3 [ ] STREAM CONNECTED 28947 /run/systemd/journal/stdout
unix 2 [ ] DGRAM 19044
unix 2 [ ] STREAM CONNECTED 41012
unix 3 [ ] STREAM CONNECTED 32145
unix 3 [ ] STREAM CONNECTED 22126 /run/dbus/system_bus_socket
unix 2 [ ] STREAM CONNECTED 38231
unix 3 [ ] STREAM CONNECTED 31092
unix 3 [ ] STREAM CONNECTED 30190
unix 3 [ ] STREAM CONNECTED 33994
unix 3 [ ] STREAM CONNECTED 22814
unix 3 [ ] STREAM CONNECTED 32143
unix 2 [ ] STREAM CONNECTED 34879
unix 2 [ ] STREAM CONNECTED 32773
unix 2 [ ] STREAM CONNECTED 38232
unix 3 [ ] STREAM CONNECTED 32832
unix 2 [ ] STREAM CONNECTED 34036
unix 3 [ ] STREAM CONNECTED 21873
unix 2 [ ] DGRAM 21163
unix 3 [ ] STREAM CONNECTED 32161
unix 2 [ ] DGRAM 39900
unix 3 [ ] STREAM CONNECTED 31104
unix 3 [ ] STREAM CONNECTED 32142
unix 2 [ ] STREAM CONNECTED 34876
unix 3 [ ] STREAM CONNECTED 32122
unix 3 [ ] STREAM CONNECTED 30191
unix 3 [ ] STREAM CONNECTED 24388 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 34000
unix 3 [ ] STREAM CONNECTED 20150
unix 3 [ ] STREAM CONNECTED 32151
unix 2 [ ] STREAM CONNECTED 31496
unix 3 [ ] STREAM CONNECTED 31093
unix 2 [ ] DGRAM 30278
unix 3 [ ] STREAM CONNECTED 32152
unix 3 [ ] STREAM CONNECTED 31446 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 32121
unix 3 [ ] STREAM CONNECTED 30192
unix 3 [ ] STREAM CONNECTED 28915 /run/systemd/journal/stdout
unix 2 [ ] STREAM CONNECTED 42913
unix 3 [ ] STREAM CONNECTED 33998
unix 2 [ ] STREAM CONNECTED 32486
unix 3 [ ] STREAM CONNECTED 23363 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 21069 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 31326 /var/lib/sss/pipes/private/sbus-dp_info2.unicentrobogota.com.2679
unix 3 [ ] STREAM CONNECTED 30193
unix 3 [ ] STREAM CONNECTED 33999
unix 3 [ ] STREAM CONNECTED 23362
unix 3 [ ] STREAM CONNECTED 34679
unix 3 [ ] STREAM CONNECTED 30194
unix 3 [ ] STREAM CONNECTED 21558
unix 3 [ ] STREAM CONNECTED 33912
unix 3 [ ] STREAM CONNECTED 32148
unix 2 [ ] STREAM CONNECTED 31492
unix 3 [ ] STREAM CONNECTED 30188
unix 3 [ ] DGRAM 24460
unix 3 [ ] STREAM CONNECTED 47808
unix 3 [ ] STREAM CONNECTED 33911
unix 2 [ ] DGRAM 29373
unix 3 [ ] STREAM CONNECTED 30287
unix 2 [ ] DGRAM 19448
unix 3 [ ] STREAM CONNECTED 32149
unix 2 [ ] DGRAM 32945
unix 2 [ ] DGRAM 31207
unix 3 [ ] STREAM CONNECTED 30189
unix 3 [ ] STREAM CONNECTED 26688
unix 3 [ ] STREAM CONNECTED 21565 /run/gssproxy.sock
unix 3 [ ] STREAM CONNECTED 32125
unix 3 [ ] STREAM CONNECTED 28914
unix 3 [ ] DGRAM 24459
unix 3 [ ] STREAM CONNECTED 31080
unix 3 [ ] STREAM CONNECTED 32388 /var/lib/sss/pipes/private/sbus-monitor
unix 3 [ ] STREAM CONNECTED 32387


(Eddie Atherton) #13

What’s the output of “ifconfig”.

Cheers.


(Hector Perez) #14

[root@nethserver ~]# ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.3.200 netmask 255.255.255.0 broadcast 192.168.3.255
inet6 fe80::b283:feff:fed1:9917 prefixlen 64 scopeid 0x20
ether 4e:9f:43:67:79:84 txqueuelen 1000 (Ethernet)
RX packets 206788 bytes 67858706 (64.7 MiB)
RX errors 0 dropped 2 overruns 0 frame 0
TX packets 26356 bytes 4752405 (4.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

em1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::b283:feff:fed1:9917 prefixlen 64 scopeid 0x20
ether b0:83:fe:d1:99:17 txqueuelen 1000 (Ethernet)
RX packets 205888 bytes 71364803 (68.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 25540 bytes 4652845 (4.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 16

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 47579 bytes 8943429 (8.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 47579 bytes 8943429 (8.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

vb-nsdc: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::4c9f:43ff:fe67:7984 prefixlen 64 scopeid 0x20
ether 4e:9f:43:67:79:84 txqueuelen 1000 (Ethernet)
RX packets 867 bytes 206686 (201.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 171646 bytes 30750654 (29.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0


(Hector Perez) #15

Ok, guys I setup back in home, A VirtualBox distro and it is having estrange traffic but is such an small strange traffic, bit wierd but it seems to be “nomal” (is not a damage in the installation ) now is to setup all the services and discover who has the blamming from the bad behavior.


(Zimny) #16

Hi
The 172.16.0.0/12 is a private range address just like your 192.168.3.0 just for bigger network with bigger amount of host.
Fro your ntop screenshot we can see that you start this service exactly when you start your server.
If consider this like and attack or strange soft on your network then this is done locally in your LAN. Probably even without any ideas what he/she is doing.
The 172.16.1.255 is a broadcast for 172.168.1/24 network and host who is asking 172.168.1.0/24 network for a broadcast is 172.168.1.20. Probably one of your machines in the LAN is misconfigured in your network. This request are not from you NS only from machine in you LAN where NS is gate for it.
Hope this help.


(Hector Perez) #17

Ok zimny it’s outside the server (I was confused by tcpdump and Ntop) I installed WireShark to know where is originated, I though that was from the server (I had several SMEserver with viruses and Hijacks the easy way to solve such problem is formating), now WireShark said that the Misterious traffic, is using our network to outside 172.16.1.255 thanks very much for your attention your post was so helpful, is going to take a lot of time to debug this (old network a lot of swicthes).