what 's the output mean ? maybe I am under attack ?

From: edwin chan (slack@suntop-cn.com)
Date: 09/26/01 

From: "edwin chan" <slack@suntop-cn.com>
To: <freebsd-security@freebsd.org>
Date: Wed, 26 Sep 2001 23:09:34 +0800

today, when i run "netstat -p tcp" i found something not normal, is it mean
my box under attack ?

$ netstat -p tcp
tcp:
        32949909 packets sent
                26228892 data packets (553570256 bytes)
                998760 data packets (1014872219 bytes) retransmitted
                37 resends initiated by MTU discovery
                5231789 ack-only packets (0 delayed)
                0 URG only packets
                27011 window probe packets
                43314 window update packets
                420146 control packets
        22126272 packets received
                15191487 acks (for 455329912 bytes)
                1713060 duplicate acks
                397 acks for unsent data
                4281933 packets (3828576231 bytes) received in-sequence
                114136 completely duplicate packets (22646316 bytes)
                0 old duplicate packets
                541 packets with some dup. data (307470 bytes duped)
                275937 out-of-order packets (110838044 bytes)
                212 packets (54004 bytes) of data after window
                0 window probes
                270521 window update packets

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: "netstat -s"
    ... My 'netstat -s' doesn't mention those at all, nor is it in the some ... RFC's may be useful here (try searching for TCP MIB) ... except there doesn't appear to be any documenould be the right ...
    (comp.os.linux.networking)
  • Re: newbie question - intruders or trojans, or just normal
    ... ZA you wont have too much to worry about unless you surf those warez/hacker ... > ran netstat -an and it reported the following: ... > TCP xxx.168.1.xxx:3823 xxx.112.96.138:80 ESTABLISHED ... Sorry for the newbie question, but I did not want to take the ...
    (comp.security.misc)
  • Re: How mant socket states listed by netstat.
    ... I can confirm that the HP-UX 11.23 manpage for netstat does not list ... associated with TCP endpoints. ... Nor did I seem to see one in the HP-UX ...
    (comp.unix.programmer)
  • Re: epmap security concern
    ... I would say that your computer may be attacking other computers. ... port 135 [try netstat -an] used by blaster and it's variants, ... > have found the following suspicious connections. ... > TCP SERVER01:epmap ...
    (microsoft.public.win2000.security)
  • Re: detecting a closed TCP connection
    ... I don?t have a great deal of experience with TCP so this is just and idea, which I think will work as I have done something similar, under Linux. ... I ran the example Simple Data Server and Client VI?s from the Example finder. ... The second netstat was after I stop the client which in turn kills the server. ... You can see that the netstat commands show the ESTABLISHED status on Port 2055 so this could be your test. ...
    (comp.lang.labview)