Date: Wed, 26 Sep 2001 19:25:49 +0300 From: Peter Pentchev <roam@ringlet.net> To: edwin chan <slack@suntop-cn.com> Cc: freebsd-security@freebsd.org Subject: Re: what 's the output mean ? maybe I am under attack ? Message-ID: <20010926192549.A633@ringworld.oblivion.bg> In-Reply-To: <000701c1469d$436b4d80$9201a8c0@home.net>; from slack@suntop-cn.com on Wed, Sep 26, 2001 at 11:09:34PM %2B0800 References: <000701c1469d$436b4d80$9201a8c0@home.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 26, 2001 at 11:09:34PM +0800, edwin chan wrote: > today, when i run "netstat -p tcp" i found something not normal, is it mean > my box under attack ? What exactly do you consider to be 'not normal'? > $ netstat -p tcp > tcp: > 32949909 packets sent > 26228892 data packets (553570256 bytes) > 998760 data packets (1014872219 bytes) retransmitted > 37 resends initiated by MTU discovery > 5231789 ack-only packets (0 delayed) > 0 URG only packets > 27011 window probe packets > 43314 window update packets > 420146 control packets > 22126272 packets received > 15191487 acks (for 455329912 bytes) > 1713060 duplicate acks > 397 acks for unsent data > 4281933 packets (3828576231 bytes) received in-sequence > 114136 completely duplicate packets (22646316 bytes) > 0 old duplicate packets > 541 packets with some dup. data (307470 bytes duped) > 275937 out-of-order packets (110838044 bytes) > 212 packets (54004 bytes) of data after window > 0 window probes > 270521 window update packets G'luck, Peter -- This sentence every third, but it still comprehensible. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010926192549.A633>