From owner-freebsd-security  Thu Sep 27  9:57:38 2001
Delivered-To: freebsd-security@freebsd.org
Received: from www.suntop-cn.com (www.suntop-cn.com [61.140.76.155])
	by hub.freebsd.org (Postfix) with ESMTP id 5359937B428
	for <freebsd-security@FreeBSD.ORG>; Thu, 27 Sep 2001 09:57:33 -0700 (PDT)
Received: from win ([61.144.146.81])
	(authenticated)
	by www.suntop-cn.com (8.11.3/8.11.3) with ESMTP id f8RGvEE24047;
	Fri, 28 Sep 2001 00:57:16 +0800 (CST)
	(envelope-from slack@suntop-cn.com)
Message-ID: <000d01c14775$76997a00$9201a8c0@home.net>
From: "edwin chan" <slack@suntop-cn.com>
To: "Peter Pentchev" <roam@ringlet.net>
Cc: <freebsd-security@FreeBSD.ORG>
References: <000701c1469d$436b4d80$9201a8c0@home.net> <20010926192549.A633@ringworld.oblivion.bg>
Subject: Re: what 's the output mean ? maybe I am under attack ?
Date: Fri, 28 Sep 2001 00:57:09 +0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

I think 998760 data packets retransmitted,but maked as 1014872219bytes.
maybe not a normal output ?

----- Original Message -----
From: "Peter Pentchev" <roam@ringlet.net>
To: "edwin chan" <slack@suntop-cn.com>
Cc: <freebsd-security@FreeBSD.ORG>
Sent: Thursday, September 27, 2001 12:25 AM
Subject: Re: what 's the output mean ? maybe I am under attack ?


> On Wed, Sep 26, 2001 at 11:09:34PM +0800, edwin chan wrote:
> > today, when i run "netstat -p tcp" i found something not normal, is it
mean
> > my box under attack ?
>
> What exactly do you consider to be 'not normal'?
>
> > $ netstat -p tcp
> > tcp:
> >         32949909 packets sent
> >                 26228892 data packets (553570256 bytes)
> >                 998760 data packets (1014872219 bytes) retransmitted
> >                 37 resends initiated by MTU discovery
> >                 5231789 ack-only packets (0 delayed)
> >                 0 URG only packets
> >                 27011 window probe packets
> >                 43314 window update packets
> >                 420146 control packets
> >         22126272 packets received
> >                 15191487 acks (for 455329912 bytes)
> >                 1713060 duplicate acks
> >                 397 acks for unsent data
> >                 4281933 packets (3828576231 bytes) received in-sequence
> >                 114136 completely duplicate packets (22646316 bytes)
> >                 0 old duplicate packets
> >                 541 packets with some dup. data (307470 bytes duped)
> >                 275937 out-of-order packets (110838044 bytes)
> >                 212 packets (54004 bytes) of data after window
> >                 0 window probes
> >                 270521 window update packets
>
> G'luck,
> Peter
>
> --
> This sentence every third, but it still comprehensible.
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message