How can I tell who or what is connecting to my FreeNAS server?

Status
Not open for further replies.
N

NASGuy

Cadet
Joined
Apr 2, 2014
Messages
2
About 2 years ago I set up a FreeNAS server for my local media. Today I noticed that there is quite a bit of disk activity that occurs in small bursts at roughly 30 second intervals, which coincides with network activity as indicated by the LEDs flashing on the switch that it's connected to. The problem is, I can't figure out what it's connecting to (or trying to connect to), or what is connecting to it. There should be nothing accessing it at that time of day. My local network is totally wired (no WiFi) and the connection to the Internet is via a router with a firewall that has NO ports open to the FreeNAS server.

My question is, for my own peace of mind is there any way I can tell what is going on, and whether someone or something is trying to connect to the server? And also, does FreeNAS try to connect to the outside world at regular intervals for some reason? Could it perhaps trying to connect to some server that no longer exists, maybe for software updates or something of that nature?

I never configured FreeNAS to do anything unusual, it was a pretty basic install and there is no additional software running on that box, and I pretty much set it up and forgot about it because it has been working so reliably up to this point. But it really bothers me that this is happening and I don't know why.

Thanks,
NASGuy
 
erturne

erturne

Dabbler
Joined
Sep 5, 2013
Messages
19
If you can ssh to your server as root (e.g. using PuTTY) you can use the netstat command to see the active network connections. It isn't much detail, but at least you could see which hosts are connected to your server. The netstat command has a ton of options, but here's where I would start:

Code:
[root@freenas] ~# netstat -n -f inet -p tcp
Active Internet connections
Proto Recv-Q Send-Q Local Address          Foreign Address        (state)
tcp4      0      0 127.0.0.1.9042        127.0.0.1.56593        TIME_WAIT
tcp4      0      0 192.168.1.2.443        192.168.1.7.40205      ESTABLISHED
tcp4      0      0 192.168.1.2.22        192.168.1.7.45229      ESTABLISHED
tcp4      0      0 192.168.1.2.445        192.168.1.7.34800      ESTABLISHED


In the example above I entered "netstat -n -f inet -p tcp" on the command line and it listed the IP addresses. You can ignore 127.0.0.1 because it's the server itself (called the localhost address). My server's address is 192.168.1.2 which you can see in the "Local Address" column. Under the "Foreign Address" column you can see my laptop, which has an address of 192.168.1.7.

I'm not sure this would show anything being accessed through a jailed plugin (e.g. tinyDLNA). A more comprehensive solution would be to run a packet sniffer on another computer on your network (e.g. your laptop). I run Linux on my laptop and have had good results capturing packets with the tcpdump command and analyzing them with Wireshark. I'm not sure what they have for Windows or Macintosh.
 
fracai

fracai

Guru
Joined
Aug 22, 2012
Messages
1,212
tcpdump and wireshark are both available for Mac. I have mine installed through MacPorts, though they should also be available through Fink (Homebrew has Wireshark, but doesn't seem to have tcpdump; maybe a different package name?).

I'm sure Wireshark and some analog for tcpdump are available for Windows as well.
 
N

NASGuy

Cadet
Joined
Apr 2, 2014
Messages
2
erturne said:
If you can ssh to your server as root (e.g. using PuTTY) you can use the netstat command to see the active network connections. It isn't much detail, but at least you could see which hosts are connected to your server. The netstat command has a ton of options, but here's where I would start:

Code:
[root@freenas] ~# netstat -n -f inet -p tcp
Active Internet connections
Proto Recv-Q Send-Q Local Address          Foreign Address        (state)
tcp4      0      0 127.0.0.1.9042        127.0.0.1.56593        TIME_WAIT
tcp4      0      0 192.168.1.2.443        192.168.1.7.40205      ESTABLISHED
tcp4      0      0 192.168.1.2.22        192.168.1.7.45229      ESTABLISHED
tcp4      0      0 192.168.1.2.445        192.168.1.7.34800      ESTABLISHED


In the example above I entered "netstat -n -f inet -p tcp" on the command line and it listed the IP addresses. You can ignore 127.0.0.1 because it's the server itself (called the localhost address). My server's address is 192.168.1.2 which you can see in the "Local Address" column. Under the "Foreign Address" column you can see my laptop, which has an address of 192.168.1.7.

I'm not sure this would show anything being accessed through a jailed plugin (e.g. tinyDLNA). A more comprehensive solution would be to run a packet sniffer on another computer on your network (e.g. your laptop). I run Linux on my laptop and have had good results capturing packets with the tcpdump command and analyzing them with Wireshark. I'm not sure what they have for Windows or Macintosh.
Click to expand...

Thanks so much this is exactly what I was looking for.

NASGuy
 
Status
Not open for further replies.

Similar threads

K
  • Locked
Connecting Windows By iSCSI
Replies
1
Views
5K
Kekerusey
K
D
  • Locked
Multiple users connecting to FreeNAS
Replies
3
Views
1K
BigDave
BigDave
LennySh
Can FreeNAS tell me if I need more RAM?
Replies
2
Views
960
jgreco
jgreco
B
  • Locked
Unable to load Web GUI
Replies
3
Views
3K
charlyGREEN
charlyGREEN
U
  • Locked
Freenas with Graphite/Grafana/Influxdb
Replies
1
Views
4K
uokrol
U
Top