Security concerns...
Ever since I started running MRTG on my dad's webserver, I've noticed that he constantly has about 200bytes/sec coming in to it, but nothing going out.
On Monday, that incoming traffic has just about tripled to 725bytes/sec has been that way ever since.
Anyone know how to track incoming traffic and see what service it is going to? The server runs kernel v2.2.17 as well as apache, bind, sendmail, qpopper, and ssh (all stock Debian 2.2). I thought I could try tcpdump, but since I access it remotely, it might just be looping stuff to me.
On Monday, that incoming traffic has just about tripled to 725bytes/sec has been that way ever since.
Anyone know how to track incoming traffic and see what service it is going to? The server runs kernel v2.2.17 as well as apache, bind, sendmail, qpopper, and ssh (all stock Debian 2.2). I thought I could try tcpdump, but since I access it remotely, it might just be looping stuff to me.
