Re: finding a process that bind a spcific port
On Wed, 2014-01-22 at 13:37, Nico Angenon wrote:
> the same...no output....
Maybe you can be lucky with:
ss -ulp
But, if you are really hacked it would be better to shutdown machine,
move disk to clean machine and try some forensic tools.
> -----Message d'origine----- From: Andika Triwidada
> Sent: Wednesday, January 22, 2014 1:33 PM
> To: Nico Angenon
> Cc: debian security
> Subject: Re: finding a process that bind a spcific port
> On Wed, Jan 22, 2014 at 7:20 PM, Nico Angenon <nico@creaweb.fr> wrote:
> >Hello,
> >
> >i think i’ve been hacked on one of my boxes...
> >
> >I try to find with process bind a specific port :
> >
> ># netstat -anpe |grep udp
> >gives me
> >udp 0 0 0.0.0.0:10001 0.0.0.0:*
> >0 5950269 -
> >
> >
> >but
> ># lsof |grep 10001
> >doesn’t show me anything
>
> lsof -i -n | grep 10001
Reply to: