20 Nov
2005
20 Nov
'05
07:27
On Saturday 19 November 2005 06:40 pm, Anders Johansson wrote:
Then again, with the complete lack of information in the original mail, for all we know it could be someone trying to log on to a machine he is authorised to use and simply mistyped the IP address. I've done that many times
No. This person was up to something more devious. There was an established connection and data being transfered. I do which KSnuffle were still alive. I would have been able to get a lot more information quickely. When you're dealing with issues in real time, reading the manpage on tcpdump is not an option. I didn't feel like leaving the connection established while I researched how to extract details about it. Steven