Skype Spyware - Networking

This is a discussion on Skype Spyware - Networking ; Hi! I just recognized that there is a lot of network-traffic when using skype. I tried to find the reason and found the following: mypc:~ # netstat | grep "^tcp" tcp 0 0 localhost:25872 mtp.tvk.RWTH-Aach:18660 TIME_WAIT tcp 0 0 localhost:25814 ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Skype Spyware

  1. Skype Spyware

    Hi!

    I just recognized that there is a lot of network-traffic when using skype. I
    tried to find the reason and found the following:
    mypc:~ # netstat | grep "^tcp"
    tcp 0 0 localhost:25872 mtp.tvk.RWTH-Aach:18660 TIME_WAIT
    tcp 0 0 localhost:25814 mtp.tvk.RWTH-Aach:18660 TIME_WAIT
    tcp 0 0 localhost:15762 c196174.adsl.hanse:9809 TIME_WAIT
    tcp 0 0 localhost:24403 c-12eee355.016-22:15542 TIME_WAIT
    tcp 0 0 localhost:19649 240.140-136-racle-em2 TIME_WAIT
    tcp 0 0 localhost:18923 c196174.adsl.hanse:9809 TIME_WAIT
    tcp 0 0 localhost:24895 e179012223.adsl.a:https TIME_WAIT
    tcp 0 0 localhost:23321 pc_71_245.smrw.lo:18093 TIME_WAIT
    tcp 0 0 localhost:20589 458pc.wohnheimg.u:64219 TIME_WAIT

    what does this mean? Why do I have connections to pc's (like
    458pc.wohnheimg.u) I never heared about. Is this a security problem inside
    skype?

    How can I find out the complete name of the destination? In netstat it seems
    to be shortened.

    ciao
    Detlef
    --
    Detlef Jockheck


  2. Re: Skype Spyware

    Detlef Jockheck wrote:
    > Hi!
    >
    > I just recognized that there is a lot of network-traffic when using skype. I
    > tried to find the reason and found the following:
    > mypc:~ # netstat | grep "^tcp"
    > tcp 0 0 localhost:25872 mtp.tvk.RWTH-Aach:18660 TIME_WAIT
    > tcp 0 0 localhost:25814 mtp.tvk.RWTH-Aach:18660 TIME_WAIT
    > tcp 0 0 localhost:15762 c196174.adsl.hanse:9809 TIME_WAIT
    > tcp 0 0 localhost:24403 c-12eee355.016-22:15542 TIME_WAIT
    > tcp 0 0 localhost:19649 240.140-136-racle-em2 TIME_WAIT
    > tcp 0 0 localhost:18923 c196174.adsl.hanse:9809 TIME_WAIT
    > tcp 0 0 localhost:24895 e179012223.adsl.a:https TIME_WAIT
    > tcp 0 0 localhost:23321 pc_71_245.smrw.lo:18093 TIME_WAIT
    > tcp 0 0 localhost:20589 458pc.wohnheimg.u:64219 TIME_WAIT
    >
    > what does this mean? Why do I have connections to pc's (like
    > 458pc.wohnheimg.u) I never heared about. Is this a security problem inside
    > skype?


    Skype works by connecting to a lot of computers (other people running
    Skype) at once in order to assure connectivity and to find anyone you're
    trying to call. Conversely, a lot of computers are connecting to you
    for the same reason. Skype is based on Kazaa.

    > How can I find out the complete name of the destination? In netstat it seems
    > to be shortened.


    man host

  3. Re: Skype Spyware

    > How can I find out the complete name of the destination? In netstat it seems
    > to be shortened.


    netstat -n will give you the numeric IPs of machines you are connected
    to. You can then use resolveip to get the names if you need them.
    -B

  4. Re: Skype Spyware

    On Fri, 25 May 2007, in the Usenet newsgroup comp.os.linux.networking, in
    article , Ben Carr wrote:

    >> How can I find out the complete name of the destination? In netstat
    >> it seems to be shortened.

    >
    >netstat -n will give you the numeric IPs of machines you are connected
    >to. You can then use resolveip to get the names if you need them.


    "resolveip" is another whizzy tool to perform DNS lookups. This one
    at least uses normal resolver calls, and will therefore consult the
    host services listed in /etc/nsswitch.conf (meaning that for most, it
    will look at the contents of /etc/hosts in addition to a normal DNS
    lookup). Most people don't have this tool (part of MySQL) installed,
    but can use one of the bind utilities:

    [compton ~]$ whatis dig dnsquery host nslookup
    dig (1) - send domain name query packets to name servers
    dnsquery (1) - query domain name servers using resolver
    host (1) - look up host names using domain server
    nslookup (8) - query Internet name servers interactively
    [compton ~]$

    Where these tools fail is that there are a significant number of
    network administrators who don't feel the need to follow the RFCs
    which _require_ DNS PTR records (RFCs 1034, 2050, 2131 among others)
    or are to incompetent and don't know how to configure their name server
    zone files. Likewise, many residential providers (cable, DSL, dialin)
    use meaningless generic hostnames - usually incorporating the IP address
    as a part of the name - such as c-67-164-209-122.hsd1.ca.comcast.net
    which is 67.164.209.122 (some 0wn3d windoze box in the Sacramento,
    California area), or ool-44c0dcc7.dyn.optonline.net (the 44c0dcc7 is
    hexadecimal for 68.192.220.199 - being used by a spammer in Northeast
    New Jersey). Often, you will find that a tool that queries the RIR
    whois databases is more useful.

    Old guy

+ Reply to Thread