Re: finding a process that bind a spcific port

To: debian-security@lists.debian.org
Subject: Re: finding a process that bind a spcific port
From: "Milan P. Stanic" <mps@arvanta.net>
Date: Wed, 22 Jan 2014 13:44:48 +0100
Message-id: <[🔎] 20140122124234.GA17016@arvanta.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] B0AA26B538DD4C15884CB658AD15788D@NicoPC>
References: <[🔎] 2609138DAE244D60A6E34186395B27D0@NicoPC> <[🔎] CANHSFsuy3A_bMZwquT=nNN07CFf9h1xxxvQrn2iBZOSaR2OOYg@mail.gmail.com> <[🔎] B0AA26B538DD4C15884CB658AD15788D@NicoPC>

On Wed, 2014-01-22 at 13:37, Nico Angenon wrote:
> the same...no output....

Maybe you can be lucky with: 
ss -ulp

But, if you are really hacked it would be better to shutdown machine,
move disk to clean machine and try some forensic tools.

> -----Message d'origine----- From: Andika Triwidada
> Sent: Wednesday, January 22, 2014 1:33 PM
> To: Nico Angenon
> Cc: debian security
> Subject: Re: finding a process that bind a spcific port
> On Wed, Jan 22, 2014 at 7:20 PM, Nico Angenon <nico@creaweb.fr> wrote:
> >Hello,
> >
> >i think i’ve been hacked on one of my boxes...
> >
> >I try to find with process bind a specific port :
> >
> ># netstat -anpe |grep udp
> >gives me
> >udp        0      0 0.0.0.0:10001           0.0.0.0:*
> >0          5950269     -
> >
> >
> >but
> ># lsof |grep 10001
> >doesn’t show me anything
> 
> lsof -i -n | grep 10001

Reply to:

References:
- finding a process that bind a spcific port
  - From: "Nico Angenon" <nico@creaweb.fr>
- Re: finding a process that bind a spcific port
  - From: Andika Triwidada <andika@gmail.com>
- Re: finding a process that bind a spcific port
  - From: "Nico Angenon" <nico@creaweb.fr>

Prev by Date: Re: finding a process that bind a spcific port
Next by Date: Re: finding a process that bind a spcific port
Previous by thread: Re: finding a process that bind a spcific port
Next by thread: Re: finding a process that bind a spcific port
Index(es):
- Date
- Thread