check remote connection (120 Views)
Reply
Occasional Contributor
2ne1Abcd
Posts: 7
Registered: ‎09-11-2013
Message 1 of 2 (120 Views)

check remote connection

In my Redhat server , I know there are some data is writing to the server , these data is coming from remote server , but I do not know which files ( or in which directory ) is writing , could advise how can I know what  files is updating in my server ? besides , as some data are coming from various remote servers , how could I know which remote server are connected , what service are using to connect these remote server , what data is copied from remote server ?

I only know there are some data is copied from remote servers , but don't where they come from , which files have been updated .

Very thanks

Please use plain text.
Honored Contributor
Matti_Kurkela
Posts: 6,271
Registered: ‎12-02-2001
Message 2 of 2 (115 Views)

Re: check remote connection

So... someone is writing some data to your server, but you don't know where the data is coming from nor where exactly it is being written to?

 

You might start with a command like "netstat -aAinet -p": it will list all the current network connections and listening ports, and the processes associated with them. From that, you should be able to identify the services on your system that the incoming data transfers are using, and the names or IP addresses of the systems connecting to your server.

 

The next step might be to find out what kind of logs these services are writing. If the logged data is insufficient, check the documentation of the service: very often the service can be configured to produce more verbose logs. The logs should be able to tell you which files on your server are being updated, and the usernames used when connecting to your server.

 

Alternatively, you can make network traffic dumps, and then use Wireshark on your workstation to identify the protocols, usernames and filenames. But the network traffic dump files can be huge, and if encrypted protocols are used, finding the necessary encryption keys to decipher the traffic can be difficult or impossible. Working with the logs is probably a better choice.

MK
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation