Hope this is in the correct forum..??
Hello everyone!!
I'm trying to figure out what is going on with this network connection to my server.
I ran tcptrack -i eth0 and was looking at the various TCP connections made to the server and they IPs associated with them. This one seems out of place and I have no idea what it could be.
192.168.0.253:55885 <---------- Server 45.56.106.157:443 <------- IDK who or what this is ESTABLISHED 5s 0 B/s
looking up in ARIN it shows it belongs to LINODE's block 45.56.64.0/18 http://whois.arin.net/rest/net/NET-45-56-64-0-1/pft
LINODE provides Linux VPS for rent. https://www.linode.com/
I have no idea what TCP port 55885 is and it looks like its communicating with port 443 (https/SSL/TLS) - SSL VPN maybe??
Does anyone else have that port /IP used on their server. To be safe I changed root's password via ssh. After running the who command it only shows my established sessions for my logins.
Looking at tcptrack there isn't much data being transmitted in the session. I even ran wireshark on another LAN PC and wasn't able to find anything yet...
Please let me know if you have any info on this!!!???!!!
- Heman22union