On 01/22/2012 12:54 PM, Grant wrote:
`watch` isn't going to help too much unless you're looking at it. Append the
output to some log file instead. I chose netstat because its output looked
easier to parse with a stupid regexp.
while true; do
netstat -antp | grep ':993 '>> mystery.log;
sleep 1;
done;
You'll want to change the port -- I tested to make sure that was really
logging my Thunderbird connections.
I'm still getting the blocked outbound requests to port 3680 on my
firewall and I'm running the above script (changed 993 to 3680) on the
local system indicated by SRC in the firewall log, but mystery.log
remains empty. I tested the script with other ports and it seems to
be working fine.
Also the MAC indicated in the firewall log is 14 blocks long and the
local system in question has a MAC address 6 blocks long according to
ifconfig, but the 6 blocks from ifconfig do match 6 of the blocks
reported by the firewall.
Does this make sense to anyone?
Are you running it as root? If not, you could be missing some connections.
I also typed the 't' in netstat out of habit -- that limits the output
to tcp connections. You can remove it to catch the UDP ones.
