Answer the question
In order to leave comments, you need to log in
V
V
Vadim Timoshenko2019-05-07 14:41:34
Vadim Timoshenko, 2019-05-07 14:41:34
How to read tcpdump log in Wireshark?
There is a bastard sitting on the server =)
I want to find her. Dispatches all sorts of requests. The host is complaining.
Write tcpdump to a file. Opened the file in Wireshark.
Found requests outgoing from my ip GET it is not clear where.
What parameters to look for to dig out the source of requests?
Port? process pid? How to proceed?
Writes that source port: 33616, dst port 80. If I understand correctly, a GET request was sent from port 33616 of my server to port 80.
Further along the port, I need to find the process. I write: fuser 33616/tcp, but there is nothing. I am doing something or thinking something wrong. Tell?
And what does highlighting mean in Wireshark? Does it help me or just show "broken" packages?
1 answer(s)
@MechanID
V
Vladimir, 2019-05-07 @MechanID
tcpdump will tell you nothing about who is the traffic source.
better try the command netstat -antp |grep :80
to see if there are outgoing connections from your ip to others
example how telnet looks like on google.com port 80:
tcp 0 0 192.168.0.12:54428 172.217.5.78:80 ESTABLISHED 16839/telnet
where 168339 PID (number) of the process that created this connection.
further with the ps -fc command the process number - see what it is and who is running it.
Similar questions
V
vrmzar2016-04-04 01:28:52
Are cloud storages insurance against infection by encoders (ransomware)?
4Reply
M
B
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question