I have a web server running on Debian 6.0.4 in a computer outside my university, but the web URL is blocked by my university, the security group of the university said because it was scanning computers inside university.
I could not find any applications in my web server are doing scanning, especially I want to know which IP addresses it is trying to contact to. Is there any simple way to check which applications in my web server are scanning and which IP addresses of the remote machines that my web server is trying to contact to?
Could you please check you localhost logs I guess there you can easily find out what ever IP address are trying to fetch the URLs hosted by your server.
Kindly let me know if this helps.
Hi hce,
a packet sniffer like tcpdump can tell you what IP addresses your machine is trying to connect to. I do not think that you'll be able to figure out what application is doing the scans (at least not with tcpdump) but it may give you a starting point for further investigations.